lithia.co.uk

HTML metadata

Title: Lithia UK - One of the UK's Leading Automotive Retailers
Description: Lithia UK is one of the world's leading automotive retailers. Find out more about our business, our brands and our financial results.
Language: en
Canonical: https://www.lithia.co.uk/

Open Graph

url: https://www.lithia.co.uk/
title: Lithia UK - One of the UK's Leading Automotive Retailers
description: Lithia UK is one of the world's leading automotive retailers. Find out more about our business, our brands and our financial results.

Technology

CDN: Azure Front Door
Stack: ASP.NET

Analytics

Google Analytics
Google Tag Manager

Third-party hosts loaded (2)

www.googletagmanager.com×3
www.google-analytics.com×1

Social

Contact

Phone

01623 725200

DNS records live

NS

ns1.markmonitor.com
ns2.markmonitor.com
ns3.markmonitor.com
ns4.markmonitor.com
ns5.markmonitor.com
ns6.markmonitor.com
ns7.markmonitor.com

MX

10 de-smtp-inbound-1.mimecast.com
10 de-smtp-inbound-2.mimecast.com

TXT

Show 5 TXT records

_3acusfzwst2aom1r7cu6w4y69gwak2w
_fke2erv0xdflufczmc7azqvav0nx8po
_rg88e38o3dtopgb48ld3n0v5n4kkyxd
0ed1fe018ada1ca80294e840f481428a68de3a6746
TQD982AGUO

Verified for

Apple
Google
Microsoft 365
OneTrust
Smartsheet

Email authentication partial

SPF

v=spf1 include:l7j088wj9n.powerspf.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:rl6624mtjy@rua.powerdmarc.com,mailto:5cfe57095970140@rep.dmarcanalyzer.com; ruf=mailto:rl6624mtjy@ruf.powerdmarc.com,mailto:5cfe57095970140@for.dmarcanalyzer.com; fo=1;

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD8uPF7FSRrM0ipqdc1XaIOiaZMuEcw5494HQTlTMDqeM22D2LoGyBXdrl8yDzQQZi0NYgE9AC97l3…

selectors probed

Certificate (current)

GeoTrust TLS RSA CA G1

from 2026-02-24 to 2026-08-25

Expires in 96 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.lithia.co.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(), midi=(), sync-xhr=(self "https://ir.tools.investis.com"), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(), payment=()
x-content-type-options: nosniff
content-security-policy: default-src * 'self' data: 'unsafe-inline'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net *.google.com *.virtualearth.net *.bing.com *.googleapis.com *.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com code.jquery.com *.facebook.net *.instagram.com analytics.tiktok.com *.abtasty.com secure.quantserve.com rules.quantcount.com quantcast.mgr.consensu.org cmp.quantcast.com cmp.inmobi.com *.trustpilot.com *.googleadservices.com komito.net bat.bing.com *.clarity.ms *.contentsquare.net googleads.g.doubleclick.net *.google-analytics.com static.ads-twitter.com analytics.twitter.com *.adalyser.com use.fontawesome.com snap.licdn.com px.ads.linkedin.com *.playbuzz.com *.seez.dev *.seez.tech *.seez.dk *.seez.co *.ex.co *.infinity-tracking.net *.infinity-tracking.com p.teads.tv go.affec.tv *.permutive.com *.adnxs.com *.monitor.azure.com *.applicationinsights.io *.vo.msecnd.net *.ingest.sentry.io *.pinimg.com *.pinterest.com *.youtube.com *.ytimg.com *.liveperson.n
strict-transport-security: max-age=2592000
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-origin

Links to (9)

Linked from (1)

stevehodginsplumbing.co.uk×1