indexo.dev

iow.nhs.uk

.uk crawl

First seen 2026-04-26 · Last seen 2026-05-19 · ok HTTP/1.1 200 1559 ms crawled 2026-05-19

GB · 45.145.100.93 · AS61323 Ans Academy Limited

Reputation 100/100

Classifying

HTML metadata

Title
Home :: Isle of Wight NHS Trust
Language
en
Generator
Concrete CMS
Canonical
https://www.iow.nhs.uk/

Open Graph

url
https://www.iow.nhs.uk/
title
Home :: Isle of Wight NHS Trust
locale
en_GB
site name
Isle of Wight NHS Trust

Technology

Server
Apache
CMS
Drupal

Third-party hosts loaded (3)

  • cdnjs.cloudflare.com×2
  • translate.google.com×1
  • www.cqc.org.uk×1

Social

DNS records live

NS
  • ns1.nhs.uk
  • ns2.nhs.uk
  • ns3.nhs.uk
  • ns4.nhs.uk
Verified for
  • Microsoft 365

Email authentication no MX

SPF
v=spf1 +mx +a +ip4:45.145.100.93 ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine
policy: quarantine
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQPG7jF00rxcbIozz+maCT2U/4g8kc0HrLVm7929t33iOmMs02bUXOhnsOnqVjLafjBGUr5O/3A6il…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2026-03-23 to 2026-10-08
Expires in 140 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.iow.nhs.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'self' https://api.reciteme.com https://*.nhs.uk; frame-src 'self' https://my.matterport.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.reciteme.com https://static.mailerlite.com/ https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://api.reciteme.com https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net;
strict-transport-security
max-age=31536000

Links to (7)

Linked from (2)