hsjintelligence.co.uk

HTML metadata

Title: NHS Strategic Insights & Market Intelligence for Suppliers | HSJ Intelligence
Language: en
Generator: Drupal 11 (https://www.drupal.org)

Technology

Server: nginx
CMS: Drupal

Analytics

Google Tag Manager

Social widgets

YouTube Embed

Third-party hosts loaded (7)

cdn.jsdelivr.net×2
code.jquery.com×2
go.hsjinformation.co.uk×2
cdnjs.cloudflare.com×1
d3e6tmgg461bic.cloudfront.net×1
www.googletagmanager.com×1
www.youtube.com×1

DNS records live

NS

ns1.lexsynergy.net
ns2.lexsynergy.us
ns3.lexsynergy.info

MX

10 eu-smtp-inbound-1.mimecast.com
10 eu-smtp-inbound-2.mimecast.com

TXT

Show 9 TXT records

MS=ms24492443
MS=ms40391892
mtjd7hqfgq500xkz3q4zmwl17zh8qplm
MS=ms39550135
_7ux3gnrn0zzp3h9ckchepvmgbavoeuf
0ed1fe018abae1c114989d479382d2f5209da2585d
0ed1fe018ac0022bbf06354029bc1288a31a91422b
google-site-verification=jFWJDndW4GOyu6YE78e3ty3xRH9gIoIrT8K1HQnc7Qc
nt82c3jy3w743kwk41r6ylnmvchvy5rz

Email authentication strong

SPF

v=spf1 include:eu._netblocks.mimecast.com include:_spf.salesforce.com include:mktomail.com include:sendgrid.net include:eu.mailgun.org include:madgexjb.com ip4:192.0.2.0/24 ip4:198.51.100.123 ip4:213.131.182.34 mx include:spf.protection.outlook.com ip4:52.210.120.91 ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; fo=1:d:s; rua=mailto:dmarc@hsjinformation.uriports.com; ruf=mailto:dmarc@hsjinformation.uriports.com

policy: quarantine

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TpXv4PUg72UNNdOO3QePVLEzv7d+MZ5U4Ja1grEig1ano7Os6IrH9yvmCKD/ZhySsi0e1wC4yXxunpORs…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+tZxxWqHS32CldmAxPDIf4o06QgpU9NWVRYvp155w+lohj0SwQsIHteQn3OvrBP36jbpQAKCmRdN8uUKRSaxWO+…

selectors probed

Certificate (current)

R13

from 2026-03-12 to 2026-06-10

Expires in 22 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.hsjintelligence.co.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.heapanalytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://*.g.doubleclick.net https://www.gstatic.com https://*.cookie-script.com https://static.hotjar.com https://script.hotjar.com https://*.hotjar.com https://snap.licdn.com https://munchkin.marketo.net https://munchkin.marketo.com https://*.marketo.net https://*.marketo.com https://www.youtube.com https://maps.googleapis.com https://public.flourish.studio https://code.highcharts.com https://unpkg.com https://cdn.eu.pendo.io https://*.newrelic.com https://bat.bing.com https://*.pingdom.net https://connect.facebook.net https://*.getsitecontrol.com https://*.tableau.com https://*.hsjintelligence.co.uk https://*.sejda.com https://*.hsjinformation.co.uk https://*.contentsquare.net; object-s
strict-transport-security: max-age=300

Links to (1)

hsj.co.uk×1

Linked from (1)

hsj.co.uk×1