indexo.dev

hiscoxgroup.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-19 · ok HTTP/1.1 200 370 ms crawled 2026-05-08

US · 104.16.62.54 · AS13335 Cloudflare, Inc.

Reputation 92/100 no dmarc policy

sector finance type homepage

HTML metadata

Title
Hiscox Ltd | International Insurance Group
Description
Hiscox is a diversified international insurance group with a powerful brand, strong balance sheet and plenty of room to grow. Listed on the London stock exchange and headquartered in Bermuda.
Language
en
Generator
Drupal 10 (https://www.drupal.org)
Canonical
https://www.hiscoxgroup.com/

Technology

CDN
Cloudflare
CMS
Drupal
Analytics
  • Cloudflare Insights
  • Google Tag Manager
Social widgets
  • YouTube Embed

Third-party hosts loaded (3)

  • www.youtube.com×2
  • static.cloudflareinsights.com×1
  • www.googletagmanager.com×1

Social

Contact

Address
4th Floor Wessex House, 45 Reid Street, Hamilton HM12, Bermuda

Registration

Registrar
CSC Corporate Domains, Inc.
Created
2013-02-01
Expires
2027-02-01 257 days left
Updated
2026-01-28
Name servers
  • ns1.netnames.net
  • ns2.netnames.net
  • ns5.netnames.net
  • ns6.netnames.net

DNS records live

NS
  • ns1.netnames.net
  • ns2.netnames.net
  • ns5.netnames.net
  • ns6.netnames.net
MX
  • 10 relay1.netnames.net
  • 20 relay2.netnames.net
TXT
  • _w2polbmug9lsgfrmcadomr682hdvi83
  • vfgzjyphbccds2bbmrrkrmyjwp30bmrx
  • TeBeCK1WWjRDye+Ladc1L9wCNUNBcYgakCQgtCPbJ/Y=

Email authentication weak

SPF
not published
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1
from 2025-05-15 to 2026-06-05
Expires in 16 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.hiscoxgroup.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
ALLOW-FROM https://www.hiscoxgroup.com
permissions-policy
accelerometer=(),ambient-light-sensor=(),attribution-reporting=(),autoplay=(),bluetooth=(),browsing-topics=(),camera=(),compute-pressure=(),cross-origin-isolated=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=(),local-fonts=(),magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),publickey-credentials-create=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),speaker-selection=(),storage-access=(),usb=(),web-share=(),window-management=(),xr-spatial-tracking=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; style-src * 'unsafe-inline'; img-src * 'self' data: https:; media-src *; frame-src *; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com *.hiscoxgroup.com; child-src *; font-src * data:; connect-src *; report-uri /report-csp-violation
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin

Links to (11)

Linked from (8)