bandmretail.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-06 · ok HTTP/1.1 200 2853 ms crawled 2026-05-06

IE · 52.17.152.5 · AS16509 Amazon.com, Inc.

Reputation 72/100 wrong cert dmarc monitor-only

Classifying

HTML metadata

Title: Home l B&M Stores
Description: B&M - the UK’s leading variety goods value retailer, providing customers with a limited assortment of the best selling items across a range of Grocery and General Merchandise categories, all at value prices.
Language: en
Canonical: https://www.bandmretail.com/

Open Graph

url: https://www.bandmretail.com/
title: Home

Technology

CDN: Cloudflare

Analytics

Google Tag Manager

Fonts

Adobe Fonts
Google Fonts

Third-party hosts loaded (11)

assets.investisdigital.com×2
cdn.jsdelivr.net×2
code.jquery.com×2
use.typekit.net×2
www.7-groupoperation.com×2
www.googletagmanager.com×2
cdnjs.cloudflare.com×1
fonts.googleapis.com×1
irs.tools.investis.com×1
otp.tools.investis.com×1
www.youtube.com×1

Social

Registration

Registrar

Tucows Domains Inc.

Created

2011-12-15

Expires

2027-12-15 574 days left

Updated

2025-10-16

Name servers

ns0.ukfast.net
ns1.ukfast.net

DNS records live

NS

ns0.ukfast.net
ns1.ukfast.net

MX

10 mx1.hc1743-78.c3s2.iphmx.com
10 mx2.hc1743-78.c3s2.iphmx.com

TXT

hibp-verify=dweb_z94af6cktr3o404wvfulovqf
MS=ms26825058
v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzVBW+m/xMxVnBNFw7DXFoS2fIBkkX21aQClQLCpGYXOYfi4AkqOfbGKstTChcEx40jaN7cQqB8m3rD7Dy9RepuzUfGUuE9WUqF2nPxV3FkJzTVUpE8cZNhi+G2IJ5vX3j7b99U621pEpBGBaIZapMhIsvCyNhiOgSKyq8+c0c+QIDAQAB

Email authentication strong

SPF: v=spf1 include:eu._netblocks.mimecast.com include:servers.mcsv.net exists:%{i}.spf.hc1743-78.c3s2.iphmx.com -all
strict (-all)
DMARC: v=DMARC1; p=none; fo=1; ri=3600; rua=mailto:b-m@rua.agari.com; ruf=mailto:b-m@ruf.agari.com
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current) wrong cert

GlobalSign RSA OV SSL CA 2018

from 2025-11-15 to 2026-12-17

Expires in 212 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.bandmretail.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(),ambient-light-sensor=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), gyroscope=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src *.myidx.cloud 'self' *.analytics.google.com *.google.com *.google-analytics.com ajax.googleapis.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com static.cloudflareinsights.com *.brightcovecdn.com; img-src *.myidx.cloud 'self' 'unsafe-inline' * data: www.w3.org; frame-src *.myidx.cloud 'self' td.doubleclick.net viz.tools.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net static.cloudflareinsights.com *.zscalerthree.net *.zscloud.net *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com ir.connectidfeed.com www.youtube.com *.vimeo.com; frame-ancestors 'self' connectidfeed.com *.connectidfeed.com ir.connectidfeed.com https: http:; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net use.typekit.net *.typekit.net google-analytics.c
strict-transport-security: max-age=15552000; includeSubDomains; preload

Links to (5)

Linked from (1)

bmstores.co.uk×2