canddid.nhs.uk
HTML metadata
Technology
- Server
- Apache
- CMS
- Joomla
- Analytics
-
- Google Tag Manager
- Fonts
-
- Adobe Fonts
Third-party hosts loaded (4)
- www.cwp.nhs.uk×9
- use.typekit.net×3
- translate.google.com×1
- www.googletagmanager.com×1
Social
DNS records
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
Sectigo Public Server Authentication CA DV R36
Expires in 39 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self'; frame-src 'self' https://hubofhope.co.uk/ https://www.youtube-nocookie.com https://*.rlets.com https://www.canva.com/ https://open.spotify.com https://forms.office.com/ https://*.forms.office.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://www.youtube-nocookie.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hubofhope.co.uk/ https://cdn.rlets.com/ https://*.nhs.uk https://*.ipify.org https://*.icanhazip.com https://*.getaddress.io https://*.limbic.ai https://*.mixpanel.com https://*.sentry.io https://cdn-access.limbic.ai/limbic-bot.live.min.js https://*.googletagmanager.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*- strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000