fric.org.uk

.uk crawl

First seen 2026-04-20 · Last seen 2026-05-13 · ok HTTP/1.1 200 1023 ms crawled 2026-05-13

US · 104.21.40.241 · AS13335 Cloudflare, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title

Protecting what matters - Fire & Rescue Indemnity Company

Description

Protecting what matters- Fire & Rescue Indemnity Company -

Language

Generator

TYPO3 CMS

Canonical

https://www.fric.org.uk/

Feeds

News (RSS 2.0) RSS
Events (RSS 2.0) RSS

Technology

CDN: Cloudflare

Analytics

Google Tag Manager

Third-party hosts loaded (2)

www.googletagmanager.com×3
www.google.com×1

Registration

Registrar

GoDaddy.com, LLC.

Created

2015-05-26

Expires

2031-05-26 1833 days left

Updated

2026-03-02

Name servers

eve.ns.cloudflare.com.
ian.ns.cloudflare.com.

DNS records live

NS

eve.ns.cloudflare.com
ian.ns.cloudflare.com

MX

10 eu-smtp-inbound-1.mimecast.com
10 eu-smtp-inbound-2.mimecast.com

TXT

Show 5 TXT records

2c22lpkdtigt6q5r69ndhlqvdn
MS=ms25622287
MS=ms72942847
a7cv0mihkka6o9llpg078fpvrh
kv6ii442oc4upk3b2t1pj6cs3c

Email authentication weak

SPF

v=spf1 a ip4:5.79.62.167 include:_netblocks.mimecast.com include:spf.protection.outlook.com include:spf.smtp2go.com -all

strict (-all)

DMARC

not published

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJF2Hkgbf1DxbJPIKIrsWB+XgaenxunO1xF1I9FAkDqzOc73VrPzhPyz0RpuOZdmasEIDdUJgeuKicPEjJ9/…

selectors probed

Certificate (current)

WE1

from 2026-04-25 to 2026-07-24

Expires in 66 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.fric.org.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' https: data: blob: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.vimeo.com cdn.jsdelivr.net wyncommunications.com *.spotify.com *.cookiebot.com ; img-src 'self' data: *.googletagmanager.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.co.uk *.ytimg.com *.vimeo.com *.cookiebot.com ; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.google.com *.doubleclick.net *.googletagmanager.com wyncommunications.com *.spotify.com *.cookiebot.com ; connect-src 'self' https: data: blob: wss: *.googletagmanager.com *.google-analytics.com ; font-src 'self' https: data: blob: wss: *.gstatic.com ; worker-src 'self' blob:; upgrade-insecure-requests;
strict-transport-security: max-age=31536000