headandshoulders.co.uk

.uk crawl

First seen 2026-04-16 · Last seen 2026-05-18 · ok HTTP/1.1 200 3022 ms crawled 2026-05-11

NL · 51.124.55.164 · AS8075 Microsoft Corporation

Reputation 100/100

sector beauty type homepage

HTML metadata

Title

Head & Shoulders | UK’s #1 Anti-Dandruff Shampoo

Description

Discover Head & Shoulders, the UK’s #1 anti-dandruff shampoo. Explore our range of shampoos, conditioners, and treatments for 100% flake-free hair.

Language

en-gb

Canonical

https://www.headandshoulders.co.uk/en-gb/

Translations

en ×2

Open Graph

url: https://www.headandshoulders.co.uk/en-gb/
title: Head & Shoulders | UK’s #1 Anti-Dandruff Shampoo
description: Discover Head & Shoulders, the UK’s #1 anti-dandruff shampoo. Explore our range of shampoos, conditioners, and treatments for 100% flake-free hair.

Technology

CDN: Azure Front Door
CMS: Next.js

Analytics

Google Tag Manager

Third-party hosts loaded (3)

images.ctfassets.net×51
www.googletagmanager.com×2
headandshoulders.com×1

Social

Registration

Registrar

CSC Corporate Domains, Inc

Created

1999-12-16

Expires

2026-12-16 209 days left

Updated

2025-12-12

Name servers

ns1-08.azure-dns.com.
ns2-08.azure-dns.net.
ns3-08.azure-dns.org.
ns4-08.azure-dns.info.

DNS records live

NS

ns1-08.azure-dns.com
ns2-08.azure-dns.net
ns3-08.azure-dns.org
ns4-08.azure-dns.info

TXT

8865-784A-7A82-7C87-5152-2034-D545-B4DB
sny1fxyc3mmxkg2gbxypcn7vhzmpq3cn

Verified for

Google

Email authentication no MX

SPF: not published
DMARC: v=DMARC1; p=none; fo=1; ri=3600; rua=mailto:procter-gamble@rua.dmp.cisco.com; ruf=mailto:procter-gamble@ruf.dmp.cisco.com
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA OV R40

from 2026-01-28 to 2027-02-28

Expires in 283 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.headandshoulders.co.uk/en-gb/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: base-uri 'self'; font-src 'self' https: data:; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com https://*.google.com www.google-analytics.com https://*.pricespider.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net
strict-transport-security: max-age=31536000; includeSubDomains; preload

Links to (7)

Linked from (2)

ballerleague.uk×2
herbalessences.co.uk×1