lloydsbankfoundation.org.uk

HTML metadata

Title: Home
Language: en
Canonical: https://www.lloydsbankfoundation.org.uk

Open Graph

url: https://www.lloydsbankfoundation.org.uk
title: Lloyds Bank Foundation
description: We partner with small and local charities, people and communities across England and Wales working towards a more just and compassionate society.

Technology

CDN: Cloudflare

Analytics

Google Tag Manager

Cookie consent

Cookiebot

Third-party hosts loaded (2)

consent.cookiebot.com×1
www.googletagmanager.com×1

Social

Contact

Email

Phone

03704111223

Registration

Registrar

GoDaddy.com, LLC.

Created

2013-11-28

Expires

2028-11-28 922 days left

Updated

2025-11-29

Name servers

ns41.domaincontrol.com.
ns42.domaincontrol.com.

DNS records live

NS

ns41.domaincontrol.com
ns42.domaincontrol.com

MX

10 mx1-eu1.ppe-hosted.com
20 mx2-eu1.ppe-hosted.com

TXT

pardot752183=00e7bdfa5bc1892b71255cb41fc6f63070a480d5044d6f765f1e077593392ec5
access-domain-verification=3cd6b074f19776b913b517022d978507439eff06f90e5652dbd173542aa0d4c9
nordpass-domain-verification=34f351e4c5220fdba417be85b4532894467af99e1331c9f9859521bce19381da

Verified for

Ahrefs
Google

Email authentication strong

SPF

v=spf1 include:spf.protection.outlook.com a:dispatch-eu.ppe-hosted.com include:servers.mcsv.net include:amazonses.com include:_spf.salesforce.com include:spf1.formassembly.com include:spf2.accessacloud.com include:_spf.createsend.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:DMARC@lloydsbankfoundation.org.uk; ruf=mailto:DHarrison@lloydsbankfoundation.org.uk;fo=1

policy: reject (enforced)

DKIM

default: v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCowb2ET5HQ2BdUCeqdvzZ+FFHqdet2D3E4g7Zna6xlCTs1MygAlovcY4FIjmXPx0NcUxdwy21IFOcAbcu6xwkQ5gEst…
selector2: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCi6cphNQT8cvjy2tg9TyuafJfnNjJprMk9eyVBPs5KXhehGUV5kswpEqiIyYtDh5jVhMBNBjm/arJtBHcvTw…
k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…

selectors probed

Certificate (current)

WE1

from 2026-03-28 to 2026-06-26

Expires in 36 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.lloydsbankfoundation.org.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, unload=*, window-placement=*, vertical-scroll=*
x-content-type-options: nosniff
content-security-policy: default-src * img-src data: 'unsafe-inline' 'unsafe-eval'
strict-transport-security: max-age=2592000