indexo.dev

bfl-places.co.uk

.uk crawl

First seen 2026-04-14 · Last seen 2026-05-15 · ok HTTP/1.1 200 2750 ms crawled 2026-05-07

GB · 134.213.6.232 · AS15395 Rackspace Ltd.

Reputation 100/100

Classifying

HTML metadata

Title
Bromford Flagship LiveWest
Description
Bromford Flagship LiveWest
Language
en
Canonical
https://www.bfl-places.co.uk/

Open Graph

url
https://www.bfl-places.co.uk/
title
Bromford Flagship LiveWest
description
Bromford Flagship LiveWest

Technology

Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×2

Registration

Registrar
Gandi
Created
2025-11-07
Expires
2026-11-07 171 days left
Updated
2026-01-16
Name servers
  • ns-1248.awsdns-28.org.
  • ns-1598.awsdns-07.co.uk.
  • ns-440.awsdns-55.com.
  • ns-973.awsdns-57.net.

DNS records live

NS
  • ns-1248.awsdns-28.org
  • ns-1598.awsdns-07.co.uk
  • ns-440.awsdns-55.com
  • ns-973.awsdns-57.net
TXT
  • google-site-verification=XvxA1ey-XOGPbQIZOO90ZKL3fEGfEpaOuGd2k4tzj6M

Email authentication no MX

SPF
not published
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-04-29 to 2026-07-28
Expires in 69 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.bfl-places.co.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=self, ambient-light-sensor=self, autoplay=self, camera=(), encrypted-media=self, fullscreen=*, geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), sync-xhr=(), usb=(), vr=(), iframe=self
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://*.omappapi.com https://*.crazyegg.com; script-src 'self' 'unsafe-inline' https://www.youtube.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://go.Flagshipplc.com https://www.googletagmanager.com https://tagmanager.google.com https://snap.licdn.com https://munchkin.marketo.net https://a.omappapi.com/app/ https://api.livechatinc.com https://cdn.livechatinc.com https://app.termly.io https://cdn.shareaholic.net https://m9m6e2w5.stackpathcdn.com https://partner.shareaholic.com https://app.termly.io https://z.omappapi.com/ https://widget.manychat.com https://www.google.com https://script.crazyegg.com/ https://www.shareaholic.com https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__en_gb.js https://www.gstatic.com https://www.coursecheck.com/ https://www.google-analytics.com/ https://cdn.openshareweb.com https://livechat.cloudcontact.io https://app-fg-makeap
strict-transport-security
max-age=63072000; includeSubDomains

Links to (4)

Linked from (2)