huwsgray.co.uk

HTML metadata

Title: Huws Gray | Your Local Builders Merchant
Description: Supplying building materials to trade and DIY customers from over 250 locations across England, Scotland and Wales. Visit your local branch today.
Language: en
Canonical: https://www.huwsgray.co.uk/

Open Graph

url: https://www.huwsgray.co.uk/
title: Huws Gray | Your Local Builders Merchant
site name: Main Website
description: Supplying building materials to trade and DIY customers from over 250 locations across England, Scotland and Wales. Visit your local branch today.

Technology

CDN: Cloudflare
CMS: Gatsby

Analytics

Google Tag Manager

Third-party hosts loaded (4)

www.googletagmanager.com×3
widget.trustpilot.com×2
maps.googleapis.com×1
unpkg.com×1

Social

Contact

Phone

01248719208

Registration

Registrar

GoDaddy.com, LLC.

Created

2005-02-18

Expires

2027-02-18 273 days left

Updated

2026-02-23

Name servers

coen.ns.cloudflare.com.
hattie.ns.cloudflare.com.

DNS records live

NS

coen.ns.cloudflare.com
hattie.ns.cloudflare.com

MX

1 huwsgray-co-uk.mail.protection.outlook.com

TXT

access-domain-verification=fdac145542100a57d9aad8ae9945897491f47cd41bf744fbd1f34211247ea8a4
monday-com-verification=43oI-IEPHtokNEOGx_zV51J6E36dawnHwyjp8WLio4I
SHIvAQfpD8Myiw53uT6AD4c3+JbigIPXyUdA+OKA+OffsqBsey/68fMkPBVC9CE3HqWl83qJ9t3lflr01WLGgA==

Verified for

Apple
Atlassian
Cisco
DocuSign
GlobalSign
Google
Microsoft 365

Email authentication strong

SPF

v=spf1 include:spf.protection.outlook.com include:o365.crossware.co.nz include:mailgun.org include:_spf.huwsgray.co.uk include:merspf.meritec.co.uk -all

strict (-all)

DMARC

v=DMARC1; p=reject; pct=100

policy: reject (enforced)

DKIM

Show 4 DKIM selectors

selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRvg9cZmD+er6J5vCUMpZ75xqXN+p+9voU49BYLEBxC1LTHPx54/EojM3QDBFPvAqXLLaKO0oLJ3PJGsGz64…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5Mpp5ejvgkU1QqxvaTmnxxqN5GkeexbzwtSU2LVd8dlBn7FQT8cxzYx1f+S9WcnGitQ0z0Y16Vp3jqAMA…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP5D/prkfLx/thJ/+3f8sPolt+esGFB9KRcYyAiAeb+8cyt9OwiZIyLo71OdWum3CESsstN1jSwf6fhHxbOe7xY0…

selectors probed

Certificate (current)

E8

from 2026-04-23 to 2026-07-22

Expires in 62 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.huwsgray.co.uk/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options
referrer-policy

findings

weak frame protection
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
strict-transport-security: max-age=15638400
content-security-policy-report-only: font-src www.paypalobjects.com fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com fonts.googleapis.com *.googleapis.com data: *.globalpay.com https://fonts.gstatic.com https://*.gstatic.com https://*.realexpayments.com https://*.prommt.com https://*.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.gpwebpay.com *.gpe.cz *.globalpay-ecommerce.com https://*.securesuite.co.uk https://securesuite.co.uk https://*.realexpayments.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcomm