breakthrought1d.org.uk

HTML metadata

Title: Breakthrough T1D UK | Type 1 Diabetes Research
Description: Join us in our mission to discover better treatments, expand access, and work towards a cure for type 1 diabetes.
Language: en-GB
Canonical: https://breakthrought1d.org.uk/

Open Graph

url: https://breakthrought1d.org.uk/
title: Breakthrough T1D UK | Type 1 Diabetes Research
locale: en_GB
site name: Breakthrough T1D UK
description: Join us in our mission to discover better treatments, expand access, and work towards a cure for type 1 diabetes.

Technology

CDN: Cloudflare
CMS: WordPress

Analytics

Google Tag Manager

Third-party hosts loaded (2)

www.googletagmanager.com×2
gmpg.org×1

Social

Contact

Email

Phone

Address

Registration

Registrar

GoDaddy Corporate Domains LLC

Created

2023-10-17

Expires

2026-10-17 149 days left

Updated

2025-09-22

Name servers

charles.ns.cloudflare.com.
tori.ns.cloudflare.com.

DNS records live

NS

charles.ns.cloudflare.com
tori.ns.cloudflare.com

MX

0 breakthrought1d-org-uk.mail.protection.outlook.com

TXT

COyN3DEzcheXLyhCoYrHjndgQoeYlRnb

Verified for

Google
Meta
Microsoft 365

Email authentication strong

SPF

v=spf1 ip4:78.129.243.16 ip4:185.249.37.218 ip4:82.69.67.92 ip4:176.110.108.102 include:spf.protection.outlook.com include:spf-uk.emailsignatures365.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine;

policy: quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jIEOOomf8wug0uml5HZCa892XOe2q2qTzgJMQSWL5PvH3XK5i4pgd0sffQ3V3LpI77bVstz/4rAgm…

selectors probed

Certificate (current)

WE1

from 2026-04-04 to 2026-07-03

Expires in 44 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://breakthrought1d.org.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),fullscreen=(self "https://www.youtube.com"),payment=(),picture-in-picture=(self "https://www.youtube.com")
x-content-type-options: nosniff
content-security-policy: connect-src 'self' stats.g.doubleclick.net *.stats.g.doubleclick.net googlesyndication.com *.googlesyndication.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com metrics.breakthrought1d.org.uk google.com *.google.com cookiebot.com *.cookiebot.com googleads.g.doubleclick.net maps.googleapis.com google-analytics.com *.google-analytics.com *.analytics.google.com cloudflare.com *.cloudflare.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com google.co.uk *.google.co.uk *.googleadservices.com *.googletagmanager.com *.clarity.ms api.ideal-postcodes.co.uk; default-src 'self' 'unsafe-inline' googletagmanager.com *.googletagmanager.com; font-src 'self' data: gstatic.com *.gstatic.com fonts.gstatic.com *.fonts.gstatic.com; frame-src 'self' data: google.com *.google.com twitter.com *.twitter.com googletagmanager.com *.googletagmanager.com vimeo.com *.vimeo.com youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com cloudflare.com *.cloudflare.com doubleclick.net *.doubl
strict-transport-security: max-age=31536000

Links to (6)

Linked from (1)

slginvolvement.org.uk×2