indexo.dev

curo-group.co.uk

.uk crawl

First seen 2026-05-03 · Last seen 2026-05-09 · ok HTTP/1.1 200 1659 ms crawled 2026-05-09

GB · 194.168.11.244 · AS5089 Virgin Media

Reputation 100/100

Classifying

HTML metadata

Title
Curo - a housing association and house-builder based in Bath
Description
A housing association and house-builder based in Bath, Curo provides great homes and high quality care and support services across the West of England. With over 25,000 customers, Curo manages more than 13,000 homes and is building hundreds of new homes every year.
Language
en-gb

Open Graph

title
Curo - a housing association and house-builder based in Bath
description
A housing association and house-builder based in Bath, Curo provides great homes and high quality care and support services across the West of England. With over 25,000 customers, Curo manages more than 13,000 homes and is building hundreds of new homes every year.

Technology

Analytics
  • Google Tag Manager
Ads
  • Meta Pixel
Cookie consent
  • OneTrust
Fonts
  • Google Fonts
Social widgets
  • Twitter Widget
Third-party hosts loaded (11)
  • cdn-ukwest.onetrust.com×4
  • fonts.googleapis.com×4
  • cdn.jsdelivr.net×3
  • fonts.gstatic.com×2
  • app.socialsignin.net×1
  • connect.facebook.net×1
  • platform.twitter.com×1
  • surveydynamix.com×1
  • www.browsealoud.com×1
  • www.facebook.com×1
  • www.googletagmanager.com×1

Social

DNS records live

NS
  • ns0.ukfast.net
  • ns1.ukfast.net
MX
  • 10 eu-smtp-inbound-1.mimecast.com
  • 10 eu-smtp-inbound-2.mimecast.com
TXT
Show 6 TXT records
  • autodesk-domain-verification=o6Kv1VjA3JxYD32LCuQ6
  • 5d5148ddfafa463ab0da789e84ba8343
  • mandrill_verify.iASdPd7Z5JI4KSwg2FOGwg
  • +1oUJizOntyv3H0e5zLRCWaJQJFVfbw10WKRKFCGN13IBZYbu6U15AfGLR+oOvJJPDl0NdKjiuO4Aw5Gi0G8Tw==
  • Foxit-domain-verification=07c46752716aa805982907c0bb20c1f8
  • MxkxvWVxou77O1UQR_1k
Verified for
  • Adobe
  • Apple
  • Cisco
  • DocuSign
  • Google
  • Meta
  • Microsoft 365
  • OneTrust
  • Zoom

Email authentication strong

SPF
v=spf1 include:eu._netblocks.mimecast.com include:spf.mandrillapp.com include:servers.mcsv.net ip4:78.109.167.113 ip4:45.131.139.6 ip4:51.11.186.221 include:spf.mailjet.com include:_spf.tacklephishing.com ~all
softfail (~all)
DMARC
v=DMARC1; p=reject; pct=100; fo=1; rua=mailto:0be9eaa3@mxtoolbox.dmarc-report.com; ruf=mailto:0be9eaa3@forensics.dmarc-report.com
policy: reject (enforced)
DKIM
Show 4 DKIM selectors
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9zBQlwREljnIEpN6U/wXktM8WUnoblmbxxK4YDnDx2dP9i/BXf5auPY5Ok4rbWkpMoY9CZMMi22wK…
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MGoxty9RDsh1BN3QGckJBt33hMQg0XkGLvgT/pEqXABN7lcyW9ZXWH809Tf1hVc13S3g2XqmgkW4Ls7fI…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtC5ph+OtsQYJjMLv95vBHkQsdD1XSTW1nB5Kw5HbJcHI9x9BOUovdu5wlyna4o04VK0yiNfoVnVa3zhNaX+20Le…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA OV R36
from 2025-11-24 to 2026-12-25
Expires in 218 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.curo-group.co.uk/

present
  • strict-transport-security
  • content-security-policy-report-only
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • missing Content Security Policy
  • missing frame protection
  • weak content type protection
Header values
referrer-policy
strict-origin-when-cross-origin, strict-origin-when-cross-origin
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options
nosniff, nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-security-policy-report-only
default-src 'self'; script-src 'nonce-a8jCUfMgVfyPoAQk8edRvrAfecBIc/J5WlfRyVfuzjO6jZpz95PMNOfA+c9co6ndSpT2tLTg4BuNtZE2335KxN93uCzVjuQv0sE3Fa1cMf/DhZ4kogldZFn0Pn9dr6NCz3ZBf3UNxADELUPbUsYpWbsj9LEBvitVXNKzvQEigug=' 'self' 'unsafe-inline' 'strict-dynamic' https: 'sha256-aEDmoObzmjNv962J42VzD3ELW5yetlhKLnYGA32/4aU=' https://platform.twitter.com https://connect.facebook.net https://www.browsealoud.com https://apps.mypurecloud.ie https://app.socialsignin.net https://kit.fontawesome.com 'report-sample'; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn-ukwest.onetrust.com https://connect.facebook.net https://js.monitor.azure.com https://surveydynamix.com https://app.socialsignin.net https://platform.twitter.com https://platform.linkedin.com https://www.google.com https://www.gstatic.com https://www.linkedin.com https://plus.browsealoud.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://*.my

Links to (4)

Linked from (1)