healthcareimprovementscotland.scot

.scot user

First seen 2026-05-17 · Last seen 2026-05-17 · ok HTTP/1.1 200 448 ms crawled 2026-05-17

GB · 20.0.114.104 · AS8075 Microsoft Corporation

Reputation 94/100 dmarc monitor-only

sector government type homepage

HTML metadata

Title

Healthcare Improvement Scotland

Language

en-GB

Generator

WordPress 6.9.4

Canonical

https://www.healthcareimprovementscotland.scot/

Feeds

Technology

Server: rocket
CMS: WordPress

Fonts

Google Fonts

Third-party hosts loaded (4)

www.healthcareimprovementscotland.scot×44
fonts.googleapis.com×2
maps.googleapis.com×2
gmpg.org×1

Social

Registration

Registrar

CSC Corporate Domains

Created

2023-08-25

Expires

2026-08-25 96 days left

Updated

2025-07-14

Name servers

dns1.cscdns.net
dns2.cscdns.net

DNS records live

NS

dns1.cscdns.net
dns2.cscdns.net

MX

10 mx1.improvmx.com
20 mx2.improvmx.com

Verified for

Google

Email authentication partial

SPF

v=spf1 include:spf.improvmx.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

from 2026-04-22 to 2026-07-21

Expires in 61 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.healthcareimprovementscotland.scot/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-content-type-options
referrer-policy
permissions-policy

findings

CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: strict-origin-when-cross-origin
permissions-policy: camera=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),usb=(); report-to=perm-endpoint
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report
strict-transport-security: max-age=63072000; includeSubDomains
content-security-policy-report-only: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report