heddle.co.uk

.uk crawl

First seen 2026-04-14 · Last seen 2026-05-08 · ok HTTP/1.1 200 4525 ms crawled 2026-05-08

GB · 157.96.37.78 · AS31727 Node4 Limited

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: Heddle Construction | Orkney's Civil Engineering and Crane Hire Specialists
Description: Heddle Construction are the contractors of choice for the construction, renewable energy and oil & gas industries in Orkney.
Language: en-gb
Canonical: https://www.heddle.co.uk/

Open Graph

url: https://www.heddle.co.uk/
title: Heddle Construction | Orkney's Civil Engineering and Crane Hire Specialists
site name: Heddle Construction
description: Heddle Construction are the contractors of choice for the construction, renewable energy and oil & gas industries in Orkney.

Technology

Server: Apache
CMS: Joomla

Analytics

Google Tag Manager

Fonts

Font Awesome
Google Fonts

Third-party hosts loaded (4)

cdnjs.cloudflare.com×3
fonts.googleapis.com×1
use.fontawesome.com×1
www.googletagmanager.com×1

Social

Registration

Registrar

GoDaddy.com, LLC.

Created

1999-03-18

Expires

2027-03-18 302 days left

Updated

2026-03-19

Name servers

ns1.bdm.microsoftonline.com.
ns2.bdm.microsoftonline.com.
ns3.bdm.microsoftonline.com.
ns4.bdm.microsoftonline.com.

DNS records live

NS

ns1.bdm.microsoftonline.com
ns2.bdm.microsoftonline.com
ns3.bdm.microsoftonline.com
ns4.bdm.microsoftonline.com

MX

0 heddle-co-uk.mail.protection.outlook.com

TXT

mscid=bPErEv6UEkMuYX7nyfe5p4E0/0F4gRV7F42cOvTIQ9S8G3xjD4gQACD6CdncW6T/QprOIKLt8iSba0zui8AZog==

Email authentication weak

SPF: v=spf1 ip4:109.156.190.218 include:spf.protection.outlook.com ~all
softfail (~all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-05-01 to 2026-07-30

Expires in 72 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.heddle.co.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' cdnjs.cloudflare.com *.google.com *.gstatic.com *.googleapis.com www.google-analytics.com www.googletagmanager.com *.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com use.fontawesome.com; img-src 'self' data: https:; connect-src 'self' https:; font-src 'self' data: https:; object-src 'self'; media-src 'self' data: www.youtube.com vimeo.com; manifest-src 'self'; frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com player.vimeo.com w.soundcloud.com; form-action 'self'; base-uri 'self'; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://nbcom.report-uri.com/r/d/csp/enforce
strict-transport-security: max-age=31536000;
cross-origin-opener-policy: same-origin

Links to (3)

Linked from (1)

orkney2025.com×2