firstdirect.com
HTML metadata
Technology
- CDN
- Amazon CloudFront
- Server
- Apache
Third-party hosts loaded (1)
- rum.hlx.page×1
Social
Registration
- Registrar
- MarkMonitor Inc.
- Created
- 1995-07-30
- Expires
- 2026-07-29 58 days left
- Updated
- 2024-06-27
- Name servers
-
- ns20.hsbc.net
- ns20.hsbc.uk
- ns21.hsbc.net
- ns21.hsbc.uk
- ns3.hsbc.com
- ns6.hsbc.com
DNS records live
- NS
-
- ns20.hsbc.net
- ns20.hsbc.uk
- ns21.hsbc.net
- ns21.hsbc.uk
- ns3.hsbc.com
- ns6.hsbc.com
- MX
-
- 10 mxa-00299f02.gslb.pphosted.com
- 10 mxb-00299f02.gslb.pphosted.com
- TXT
-
work-accounts-domain-verification=zBdtOLLvwrLmQiY5sbMpPJxwrfJVUR5700a0f161c3ee56b1cdb45f8ff0d606QuoVadis=f38c5c78-0555-4292-b6ad-553ee1236b5c
- Verified for
-
- Adobe
- Cisco Webex
- MongoDB
- Pendo
Email authentication strong
- SPF
-
v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ip4:193.108.76.55 ip4:91.214.7.40 ip4:89.187.121.128/26 include:spf-00299f02.pphosted.com include:_spf.digitallook.com include:sendgrid.net include:spf.cesmail.hsbc.co.uk ~allsoftfail (~all) - DMARC
-
v=DMARC1; p=reject; fo=1; ri=3600; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.compolicy: reject (enforced) - DKIM
- no key found at common selectors
Certificate (current)
DigiCert EV RSA CA G2
Expires in 168 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae rum.hlx.page aax-eu.amazon-adsystem.com bat.bing.com s.amazon-adsystem.com *.amazon-adsystem.com lo.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com lptag.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com *.mcmprod.hsbc.co.uk ssl.google-analytics.com www.firstdirect.com t.contentsquare.net app.contentsquare.com tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.twitter.com t.co *.walkme.com *.omguk.com *.adsr- strict-transport-security
max-age=31536000; includeSubdomains