bdl.co

HTML metadata

Title

BDL | Home

Description

Home

Language

en-GB

Generator

SEOmatic

Canonical

https://www.bdl.co/

Translations

en-gb

Feeds

News RSS Feed RSS

Open Graph

url: https://www.bdl.co/
title: Home
locale: en_GB
site name: BDL
description: Home

Technology

CDN: Cloudflare

Analytics

Google Analytics
Google Tag Manager

Third-party hosts loaded (4)

careys-group.transforms.svdcdn.com×29
www.careys.co×4
www.googletagmanager.com×3
www.google-analytics.com×2

Social

Contact

Phone

02089000221

Address

Carey House, Great Central Way, HA9 0HR, Wembley, Middlesex, United Kingdom

DNS records live

NS

ns23.domaincontrol.com
ns24.domaincontrol.com

MX

0 eu-smtp-inbound-1.mimecast.com
0 eu-smtp-inbound-2.mimecast.com

TXT

Show 6 TXT records

autodesk-domain-verification=-cuYnf5o0cowzSjnbG1r
autodesk-domain-verification=6RWz-sTFtTYyFNTg6QaS
knowbe4-site-verification=631573eb6f80d9b9c10cbc9b7cf3c4a9
v=verifydomain MS=6811414
0ed1fe018a79beba4fde304c4d903c8d44e18d51b8
apple-domain-verification=9RKqsab9sWaDF1Rz

Email authentication strong

SPF: v=spf1 include:_u.bdl.co._spf.smart.ondmarc.com ~all
softfail (~all)
DMARC: v=DMARC1; p=reject; pct=100; sp=reject; rua=mailto:a03c684c@inbox.ondmarc.com; ruf=mailto:a03c684c@inbox.ondmarc.com; adkim=r; aspf=r; fo=1; rf=afrf; ri=3600
policy: reject (enforced) · sp=reject
DKIM: no key found at common selectors

Certificate (current)

E8

from 2026-04-04 to 2026-07-03

Expires in 44 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.bdl.co/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
permissions-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: no-referrer-when-downgrade
permissions-policy: accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), document-domain=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), usb=(), web-share=(self), xr-spatial-tracking=(), autoplay=(self "https://www.youtube.com" "https://www.youtube-nocookie.com" "https://player.vimeo.com"), encrypted-media=(self "https://www.youtube.com" "https://www.youtube-nocookie.com" "https://player.vimeo.com"), fullscreen=(self "https://www.youtube.com" "https://www.youtube-nocookie.com" "https://player.vimeo.com"), picture-in-picture=(self "https://www.youtube.com" "https://www.youtube-nocookie.com" "https://player.vimeo.com")
x-content-type-options: nosniff
content-security-policy: default-src 'self'; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://consentcdn.cookiebot.com https://formspree.io https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://www.careys.co; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.craft.cloud https://consent.cookiebot.com https://consentcdn.cookiebot.com https://player.vimeo.com https://cdn.jsdelivr.net 'sha256-yKluCNycFSWJl7HDW5vRU7/FgSDp7FPN0lFQSUqFLqw=' https://www.careys.co; style-src 'self' 'unsafe-hashes' https://cdn.craft.cloud https://fonts.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 'unsafe-inline' https://www.careys.co; font-src 'self' https://cdn.craft.cloud https://fonts.gstatic.com https://cdn.jsdelivr.net data: https://www.careys.co; img-src 'self' data: https: blob: https://www.google-
strict-transport-security: max-age=2592000

Links to (5)

Linked from (1)

careys.co×1