indexo.dev

justgroupplc.co.uk

.uk crawl

First seen 2026-04-22 · Last seen 2026-05-20 · ok HTTP/1.1 200 10224 ms crawled 2026-05-16

IE · 52.17.142.199 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

sector finance type homepage

HTML metadata

Title
Just Group
Description
Just Group is a specialist UK financial services group focusing on attractive segments of the UK retirement income market.
Language
en
Canonical
https://www.justgroupplc.co.uk/

Open Graph

url
https://www.justgroupplc.co.uk/
title
Home

Technology

CDN
Cloudflare
Analytics
  • Cloudflare Insights
  • Google Tag Manager
Third-party hosts loaded (10)
  • cdn.jsdelivr.net×4
  • cdnjs.cloudflare.com×3
  • code.jquery.com×3
  • otp.tools.investis.com×3
  • viz.tools.investis.com×3
  • www.youtube.com×3
  • assets.investisdigital.com×2
  • secure.leadforensics.com×2
  • www.googletagmanager.com×2
  • static.cloudflareinsights.com×1

Social

Registration

Registrar
Tucows Inc t/a Tucows
Created
2017-02-16
Expires
2027-02-16 271 days left
Updated
2026-01-18
Name servers
  • ns0.clara.net.
  • ns1.clara.net.
  • ns2.clara.net.

DNS records live

NS
  • ns0.clara.net
  • ns1.clara.net
  • ns2.clara.net
MX
  • 10 eu-smtp-inbound-1.mimecast.com
  • 10 eu-smtp-inbound-2.mimecast.com
TXT
Show 4 TXT records
  • _3krrk3jldavr1ossdsu6o638a7clgg2
  • yj8xywykvsq3f2m86k0s7xt3g6ptgy4h
  • _5ulhl83zn5mp5ay5ka7vflbkyzofkth
  • 420l5j9vfgg0bx15l178hp6115kc7tr1
Verified for
  • Microsoft 365

Email authentication weak

SPF
v=spf1 include:_netblocks.mimecast.com include:spf.protection.outlook.com include:_netblocks.eloqua.com ip4:212.20.235.202 ip4:212.20.235.149 ip4:89.206.151.161 ip4:89.206.151.164 ip4:212.49.216.110 ip4:83.138.170.255 -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

GlobalSign GCC R3 DV TLS CA 2020
from 2025-10-27 to 2026-11-28
Expires in 192 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.justgroupplc.co.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), camera=(), geolocation=self, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
default-src *.myidx.cloud 'self' api.reciteme.com ajax.googleapis.com assets.investisdigital.com fonts.googleapis.com use.typekit.net google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com viz.tools.investis.com; img-src *.myidx.cloud 'self' 'unsafe-inline' * data: www.w3.org viz.tools.investis.com cf-images.eu-west-1.prod.boltdns.net *.brightcove.com; frame-src *.myidx.cloud 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net adfs.justretirement.com viz.tools.investis.com *.google.com irs.tools.investis.com otp.tools.investis.com connectidfeed.com *.connectidfeed.com www.youtube.com *.vimeo.com viz.tools.investis.com; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com google-analytics.com fonts.googleapis.com viz.tools.investis.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investisdigital.com
strict-transport-security
max-age=15552000; includeSubDomains; preload

Links to (6)

Linked from (7)