barrowcadbury.org.uk

HTML metadata

Title: Home - Barrow Cadbury Trust
Description: Learn how our work creates long term structural change. Get news and our latest publications. Find links to our work on criminal and economic justice, migration, social investment, and the poverty premium, speaking truth to power.
Language: en-GB
Generator: WordPress 6.9.4
Canonical: https://barrowcadbury.org.uk/

Open Graph

url: https://barrowcadbury.org.uk/
title: Home - Barrow Cadbury Trust
locale: en_GB
site name: Barrow Cadbury Trust
description: Learn how our work creates long term structural change. Get news and our latest publications. Find links to our work on criminal and economic justice, migration, social investment, and the poverty premium, speaking truth to power.

Technology

CDN: Cloudflare
CMS: WordPress

Third-party hosts loaded (2)

www.google.com×2
gmpg.org×1

Social

Contact

Phone

020 7632 9060

Address

Registration

Registrar

Namecheap, Inc.

Created

2002-05-15

Expires

2027-05-15 359 days left

Updated

2026-04-15

Name servers

chan.ns.cloudflare.com.
damon.ns.cloudflare.com.

DNS records live

NS

chan.ns.cloudflare.com
damon.ns.cloudflare.com

MX

1 barrowcadbury-org-uk.mail.protection.outlook.com

TXT

hj-ownership=3KkayqzsjRKH3Bpk)
V=spf1 ip4:212.74.2.108 include:spf.protection.outlook.com include:sharepointonline.com include:_spf.salesforce.com include:sendgrid.net include:servers.mcsv.net -all

Verified for

Apple
Google

Email authentication partial

SPF

V=spf1 ip4:212.74.2.108 include:spf.protection.outlook.com include:sharepointonline.com include:_spf.salesforce.com include:sendgrid.net include:servers.mcsv.net -all

strict (-all)

DMARC

v=DMARC1; p=none; pct=100; rua=mailto:re+pbm8adttavr@dmarc.postmarkapp.com; sp=none; aspf=r;

policy: none (monitoring only) · sp=none

DKIM

k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjZ4DZRk+cpwGVzEHVBsbPOSHoeaZI+40LaD7zJVaFA2/CUTLEsehlKMSDm4OXfkLgH2GT4WDTEMmZixRQ…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBkrVXKX5ubrnmyG9B/I/D7AAsslpVZ7Vetjc1ETQzKl/3yXGlIvMvmCpbGTkVFNf3W6OPsONl8um3HOhBgZ4Ego…

selectors probed

Certificate (current)

WE1

from 2026-04-04 to 2026-07-03

Expires in 43 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://barrowcadbury.org.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: connect-src 'self' *.google-analytics.com www.google-analytics.com *.analytics.google.com barrowcadbury.org.uk *.barrowcadbury.org.uk *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src 'self' data: barrowcadbury.org.uk *.barrowcadbury.org.uk; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com *.doubleclick.net; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com *.vimeocdn.com *.ytimg.com *.twitter.com *.youtube.com barrowcadbury.org.uk *.barrowcadbury.org.uk *.doubleclick.net; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.yo
strict-transport-security: max-age=31536000; includeSubDomains