indexo.dev

castletrust.co.uk

.uk crawl

First seen 2026-04-22 · Last seen 2026-05-17 · ok HTTP/1.1 200 5971 ms crawled 2026-05-16

GB · 74.177.126.80 · AS8075 Microsoft Corporation

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Savings and Property - we'll help you achieve your goals
Description
Welcome to Castle Trust Bank. If you're looking for an ISA or Savings account, or investing in Property, we're here to help you every step of the way.
Language
en-GB
Generator
Site Kit by Google 1.177.0
Canonical
https://www.castletrust.co.uk/
Feeds

Open Graph

url
https://www.castletrust.co.uk/
title
Savings and Property - we'll help you achieve your goals
locale
en_GB
site name
Castle Trust Bank
description
Welcome to Castle Trust Bank. If you're looking for an ISA or Savings account, or investing in Property, we're here to help you every step of the way.
updated time
2026-01-07T16:39:10+00:00

Technology

Server
nginx
CMS
WordPress
Analytics
  • Google Tag Manager
Third-party hosts loaded (7)
  • www.googletagmanager.com×3
  • cdn-cookieyes.com×2
  • cdn.elementor.com×2
  • cdnjs.cloudflare.com×2
  • widgets.tree-nation.com×2
  • gmpg.org×1
  • widget.trustpilot.com×1

Contact

Phone
Address
st Capital plc, a company incorporated in England and Wales with company number 07454

Registration

Registrar
GoDaddy.com, LLC.
Created
2011-01-12
Expires
2028-01-12 601 days left
Updated
2026-01-13
Name servers
  • ns-1161.awsdns-17.org.
  • ns-1817.awsdns-35.co.uk.
  • ns-451.awsdns-56.com.
  • ns-517.awsdns-00.net.

DNS records live

NS
  • ns-1161.awsdns-17.org
  • ns-1817.awsdns-35.co.uk
  • ns-451.awsdns-56.com
  • ns-517.awsdns-00.net
MX
  • 10 eu-smtp-inbound-1.mimecast.com
  • 10 eu-smtp-inbound-2.mimecast.com
TXT
  • access-domain-verification=825d3c57a93076e5e00b9a1ab6a0ae0a49b8d88edc7fa3b174efd383504e6b62
  • 84aa966895c97212b85d44d93499380e
Verified for
  • Anthropic
  • Apple
  • Atlassian
  • Dynatrace
  • Google
  • Google Workspace
  • Microsoft 365

Email authentication partial

SPF
v=spf1 include:_spf.google.com ip4:208.73.7.100 ip4:208.73.7.101 ip4:208.73.7.102 ip4:208.73.7.103 ip4:208.73.7.104 ip4:167.89.92.8 include:eu._netblocks.mimecast.com include:spf.mandrillapp.com include:_spf.salesforce.com ~all
softfail (~all)
DMARC
v=DMARC1; p=none; rua=mailto:03f7fd50e933952@rep.dmarcanalyzer.com; ruf=mailto:03f7fd50e933952@for.dmarcanalyzer.com; fo=1;
policy: none (monitoring only)
DKIM
  • google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuXE0I2oq5B/lURdDXPHP/cRsQNUr8Y6PlT86bnvItfLXBNL01ibWKCC+6CYG0Gm7W2Jy6ZniWg2bIQV48eg…
selectors probed

Certificate (current)

Go Daddy Secure Certificate Authority - G2
from 2026-02-04 to 2027-03-08
Expires in 292 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.castletrust.co.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: widget.trustpilot.com cdn-cookieyes.com cdnjs.cloudflare.com widgets.tree-nation.com log.cookieyes.com cdn.elementor.com googletagmanager.com www.googletagmanager.com google-analytics.com stats.g.doubleclick.net analytics.google.com trustpilot.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.elementor.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; img-src 'self' data: https: secure.gravatar.com; connect-src 'self' log.cookieyes.com cdn-cookieyes.com cdn.elementor.com widget.trustpilot.com *.google.com *.googletagmanager.com *.analytics.google.com region1.analytics.google.com www.google.com google-analytics.com stats.g.doubleclick.net analytics.google.com; frame-src 'self' widget.trustpilot.com widgets.tree-nation.com www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests;
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin

Links to (6)

Linked from (2)