esurv.co.uk
esurv.co.uk
HTML metadata
Technology
- CDN
- Cloudflare
- CMS
- WordPress 6.9.4
- jQuery
- 3.7.1
- Analytics
-
- Google Tag Manager
Third-party hosts loaded (7)
- js-eu1.hs-scripts.com×2
- maps.googleapis.com×2
- cdn-cookieyes.com×1
- challenges.cloudflare.com×1
- dev.visualwebsiteoptimizer.com×1
- widget.trustpilot.com×1
- www.googletagmanager.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- albert.ns.cloudflare.com
- georgia.ns.cloudflare.com
- MX
-
- 10 eu-smtp-inbound-1.mimecast.com
- 10 eu-smtp-inbound-2.mimecast.com
- TXT
-
Show 4 TXT records
81algocid0mqeue2qvhh3pn190KHQu+uAZ+/e14twf1eLHcikYFn3hF+7COpihhe7lMyGExFn25labv8XaNi3ziHNuuEorGQaLmO3UbhMxKec+5w==access-domain-verification=9617eacd4a9285282e2d2f77423dc0ea9b2cdb293bdd242fa8fa14168223d275detectify-verification=a061eab85967c0ec0d1443cc04e1d750
- Verified for
-
- Microsoft 365
- OpenAI
Email authentication strong
- SPF
-
v=spf1 include:145841027.spf10.hubspotemail.net redirect=32toywnw._spf._d.mim.ecno all qualifier - DMARC
-
v=DMARC1; p=reject; rua=mailto:e9eb88ca2d38387@rep.dmarcanalyzer.com; ruf=mailto:e9eb88ca2d38387@for.dmarcanalyzer.com; aspf=r; adkim=r; fo=1;policy: reject (enforced) - DKIM
-
- k2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA… - s1:
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sJZ90UcXA7tH2fYQgaxjN1n3Db+OV9mt6HipNX5d0pB8cIYl91AJUc6eMNqydLQll5z9VAjLVhaOjda9y… - s2:
k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt/j4j9gJ0RjqkDh8c1AYdkhHa6u63MlROyYyg49puyfBQf1l/ZBHyoNQPWnVmgOzdrv32tIkxL0j1fcg79J55sh…
selectors probed - k2:
Certificate (current)
WE1
Expires in 40 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- cross-origin-opener-policy
- cross-origin-embedder-policy
- cross-origin-resource-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
picture-in-picture=(self), accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' *.esurv.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' challenges.cloudflare.com *.hsforms.net *.hubspot.com js.hubspot.com js.hsforms.net static.hsappstatic.net *.hsadspixel.net *.cloudflare.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net www.esurv.co.uk esurv.us12.list-manage.com s3.amazonaws.com widget.trustpilot.com script.hotjar.com snap.licdn.com static.hotjar.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com https://connect.facebook.net *.cookieyes.com cdn-cookieyes.com consent.cookiebot.com consentcdn.cookiebot.com edge.marker.io cdn.pushcrew.com *.visualwebsiteoptimizer.com app.vwo.com https://dev.visualwebsiteoptimizer.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://maps.googleapis.com *.anyflip.com https://js-eu1.hs-scripts.com; style-src 'self' 'unsafe-inline' app.vwo.com cdn-images.mailchimp.com www.googletagmanager.com assets.juic- strict-transport-security
max-age=31536000; includeSubDomains- cross-origin-opener-policy
unsafe-none- cross-origin-embedder-policy
unsafe-none; report-to="default"- cross-origin-resource-policy
cross-origin