headfirstbristol.co.uk

.uk crawl

First seen 2026-04-25 · Last seen 2026-05-19 · ok HTTP/1.1 200 3074 ms crawled 2026-05-19

US · 172.67.197.83 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

sector entertainment type homepage

HTML metadata

Title: Headfirst Bristol — What's On In Bristol
Description: Buy tickets for gigs, nightlife & live music events in Bristol from our complete what's on guide. Our event listings include every band, concert and concert in Bristol.

Open Graph

title: Headfirst Bristol
site name: Headfirst Bristol
description: All Bristol's gigs, clubnights and electronic music. Staff picks, event recommendations & online ticket shop.

Technology

CDN: Cloudflare

Analytics

Cloudflare Insights
Google Tag Manager

Social widgets

YouTube Embed

Third-party hosts loaded (3)

static.cloudflareinsights.com×2
www.googletagmanager.com×1
www.youtube.com×1

Registration

Registrar

123-Reg Limited t/a 123-reg

Created

2009-05-05

Expires

2027-05-05 349 days left

Updated

2026-05-06

Name servers

ajay.ns.cloudflare.com.
bingo.ns.cloudflare.com.

DNS records live

NS

ajay.ns.cloudflare.com
bingo.ns.cloudflare.com

MX

Show 8 MX records

10 aspmx.l.google.com
20 alt1.aspmx.l.google.com
20 alt2.aspmx.l.google.com
30 aspmx2.googlemail.com
30 aspmx3.googlemail.com
30 aspmx4.googlemail.com
30 aspmx5.googlemail.com
40 aspmx5.googlemail.com

Verified for

Google
Meta

Email authentication partial

SPF: v=spf1 include:_spf.google.com include:eu.mailgun.org ~all
softfail (~all)
DMARC: v=DMARC1; p=none; rua=mailto:0e0d3e7092a84c5e8130e31b979d8a7f@dmarc-reports.cloudflare.net
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

WE1

from 2026-04-05 to 2026-07-04

Expires in 44 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.headfirstbristol.co.uk/

present

content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: script-src 'self' https://js.stripe.com https://*.google.com https://*.gstatic.com https://use.typekit.net https://*.googletagmanager.com https://maps.googleapis.com https://cdn.jsdelivr.net https://www.headfirstbristol.co.uk/ https://hdfst.uk/ https://headfirstbackup.co.uk/ https://www.headfirstbristol.co.uk 'nonce-doUa23tAQud7gVnO8SnBA' 'nonce-xGLZWIvyJu4AWVngCoOfJA'; style-src 'self' https://www.headfirstbristol.co.uk/ https://hdfst.uk/ https://headfirstbackup.co.uk/ https://unpkg.com https://cdn.jsdelivr.net https://www.headfirstbristol.co.uk 'nonce-j1xpHfhDRppqGsBMfK2rsQ' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; font-src 'self' https://www.headfirstbristol.co.uk/ https://hdfst.uk/ https://use.typekit.net https://fonts.gstatic.com; base-uri 'self'; object-src 'none'; connect-src 'self' https://www.headfirstbristol.co.uk/ https://hdfst.uk/ https://headfirstbackup.co.uk/ https://*.stripe.com https://*.google.com https://www.googletagmanager.com

Links to (2)

bristol.ac.uk×2
bristolbeacon.org×2