headway.org.uk

.uk crawl

First seen 2026-04-13 · Last seen 2026-05-09 · ok HTTP/1.1 200 5035 ms crawled 2026-05-05

GB · 194.164.124.214 · AS8560 IONOS SE

Reputation 100/100

Classifying

HTML metadata

Title: Headway - the brain injury association | Headway
Description: Headway is the UK-wide charity that works to improve life after brain injury by providing vital support and information services.
Language: en

Open Graph

url: https://www.headway.org.uk/
title: Headway - the brain injury association
description: Headway is the UK-wide charity that works to improve life after brain injury by providing vital support and information services.

Technology

Analytics

Google Tag Manager

Cookie consent

OneTrust

Social widgets

Twitter Widget

Third-party hosts loaded (6)

cdn.cookielaw.org×2
assets.pinterest.com×1
maxcdn.bootstrapcdn.com×1
platform.twitter.com×1
www.googletagmanager.com×1
www.headwayinmemory.org.uk×1

Social

Contact

Email

Phone

Registration

Registrar

GoDaddy.com, LLC.

Created

1998-07-17

Expires

2026-07-17 59 days left

Updated

2025-07-18

Name servers

ns75.domaincontrol.com.
ns76.domaincontrol.com.

DNS records live

NS

ns75.domaincontrol.com
ns76.domaincontrol.com

MX

10 headway-org-uk.mail.protection.outlook.com

TXT

Show 9 TXT records

canva-site-verification=VRhZf0M6Bgot3Szbek7ltw
_gsyh9des7ag5mxydw48qacbandknh0h
_6ssaacvos66yvixdfqg8yoja0yphr0q
_l7l328scbj0byo8511chq5y7ffs6vmw
google-site-verification=H5BXM4FNFaI-jf4SgIRdsMGKeNpG0YLkqBNLKmF0Qy4
MS=ms40705466
v=spf1 redirect=_syuyvxan7.sdmarc.net
MS=ms10596777
00D24000000Hzrw=1TBP600000000EX

Certificate (current)

RapidSSL TLS RSA CA G1

from 2025-11-03 to 2026-11-03

Expires in 168 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.headway.org.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
weak frame protection
missing Permissions Policy

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: report-uri https://mmchubb1.report-uri.com/r/d/csp/enforce; report-to https://mmchubb1.report-uri.com/r/d/csp/enforce; default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.tfaforms.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://apis.google.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://ajax.googleapis.com https://connect.facebook.net https://platform.twitter.com https://assets.pinterest.com https://script.crazyegg.com https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://hosted.paysafe.com https://api.paysafe.com https://www.paysafe.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://writer.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://hostedfieldsstag.cardinalcommerce.com https://geostag.cardinalcommerce.com https://0eafstag.cardinalcommerce.com ht
strict-transport-security: max-age=31536000; includeSubDomains