indexo.dev

dchs.nhs.uk

.uk crawl

First seen 2026-06-02 · Last seen 2026-06-02 · ok HTTP/1.1 200 983 ms crawled 2026-06-02

GB · 185.220.61.225 · AS61323 Ans Academy Limited

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Home :: Derbyshire Community Health Services
Language
en
Generator
concrete5 - 8.5.1
Canonical
https://dchs.nhs.uk/

Technology

Server
Apache
CMS
Drupal 8.5.1

Third-party hosts loaded (4)

  • cdnjs.cloudflare.com×4
  • translate.google.com×1
  • www.browsealoud.com×1
  • www.cqc.org.uk×1

Social

DNS records live

NS
  • ns1.nhs.uk
  • ns2.nhs.uk
  • ns3.nhs.uk
  • ns4.nhs.uk
MX
  • 10 eu-smtp-inbound-1.mimecast.com
  • 10 eu-smtp-inbound-2.mimecast.com
TXT
  • g7e70nesaqkv9sb61mo77hmnb9.dchs.nhs.uk
  • ulp2pf4c7husd99bc200595ig2
Verified for
  • Microsoft 365

Email authentication weak

SPF
not published
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2025-11-19 to 2026-11-29
Expires in 177 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://dchs.nhs.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN, SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self' *.google-analytics.com https://*.google.com https://feeds.trac.jobs/ *.googleapis.com/; frame-src 'self' https://challenges.cloudflare.com/ https://online.fliphtml5.com/ https://forms.office.com/ https://vimeo.com http://www.derbyshirehealthjobs.com/ https://www.derbyshirehealthjobs.com/ https://fliphtml5.com/ *.addthis.com *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com/ https://*.reciteme.com/ *.browsealoud.com/ https://*.google.com *.googletagmanager.com https://feeds.trac.jobs/ *.addthis.com *.moatads.com *.addthisedge.com https://www.cqc.org.uk/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ *.google.com/ *.googleapis.com *.gstatic.com https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.googletagmanager.com/ https://www.google-analytics.com/ https://apis.google.com https://wikisum.texthe
strict-transport-security
max-age=31536000

Links to (9)

Linked from (1)