guysandstthomas.nhs.uk

.uk crawl

First seen 2026-04-17 · Last seen 2026-05-19 · ok HTTP/1.1 200 2353 ms crawled 2026-05-12

IE · 52.211.85.12 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Home | Guy's and St Thomas' NHS Foundation Trust
Description: We are one of the UK's leading providers of hospital and community-based healthcare, research and education. From our 5 main hospitals – Guy's Hospital, St Thomas' Hospital, Evelina London Children's Hospital, Royal Brompton Hospital and Harefield Hospital, and in the community in Lambeth and Southwark, we provide a full range of lifelong, general and specialist care.
Language: en-GB
Generator: Drupal 10 (https://www.drupal.org)
Canonical: https://www.guysandstthomas.nhs.uk/

Open Graph

url: https://www.guysandstthomas.nhs.uk/home
title: Home
site name: Guy's and St Thomas' NHS Foundation Trust
description: We are one of the UK's leading providers of hospital and community-based healthcare, research and education. From our 5 main hospitals – Guy's Hospital, St Thomas' Hospital, Evelina London Children's Hospital, Royal Brompton Hospital and Harefield Hospital, and in the community in Lambeth and Southwark, we provide a full range of lifelong, general and specialist care.

Technology

CDN: Cloudflare
CMS: Drupal

Fonts

Google Fonts

Third-party hosts loaded (2)

cdn.jsdelivr.net×1
fonts.googleapis.com×1

Social

Contact

Phone

Address

St Thomas' HospitalWestminster Bridge RoadLondon SE1 7EHPhone:020 7188

DNS records live

NS

ns1.nhs.uk
ns2.nhs.uk
ns3.nhs.uk
ns4.nhs.uk

MX

50 mail.nhs.uk

TXT

pexip-portal-domain-verification=fc360c4d-0af0-4456-88a4-d8d2c74c93ac
pexip-portal-domain-verification=value1,fc360c4d-0af0-4456-88a4-d8d2c74c93ac

Email authentication strong

SPF: v=spf1 include:_spf.nhs.net ~all
softfail (~all)
DMARC: v=DMARC1; p=quarantine; rua=mailto:dmarcreports@gstt.nhs.uk; ruf=mailto:dmarcforensics@gstt.nhs.uk;
policy: quarantine
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-04-14 to 2026-07-13

Expires in 53 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.guysandstthomas.nhs.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-eval' *.hotjar.com guysandstthomas.shorthandstories.com *.trac.jobs www.google.com www.gstatic.com *.googletagmanager.com *.shorthand.com unpkg.com cdnjs.cloudflare.com *.webspellchecker.net *.visualwebsiteoptimizer.com *.cloudflare.com *.jsdelivr.net *.contentsquare.net *.teams.cdn.office.net; script-src-elem 'self' 'unsafe-inline' *.hotjar.com guysandstthomas.shorthandstories.com *.trac.jobs www.google.com www.gstatic.com *.googletagmanager.com *.shorthand.com unpkg.com cdnjs.cloudflare.com *.webspellchecker.net *.visualwebsiteoptimizer.com *.cloudflare.com *.jsdelivr.net *.contentsquare.net *.teams.cdn.office.net www.connect.facebook.net; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.webspellchecker.net www.gstatic.com; img-src 'self' https://www.guysandstthomas.nhs.uk data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.gstatic.com *.ytimg.co
strict-transport-security: max-age=31536000; includeSubDomains; preload

Links to (9)

Linked from (8)