indexo.dev

mercia.co.uk

.uk crawl

First seen 2026-05-12 · Last seen 2026-05-18 · ok HTTP/1.1 200 2648 ms crawled 2026-05-18

US · 141.193.213.10 · AS209242 Cloudflare London, LLC

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title
Home - Mercia
Description
Mercia Asset Management provides equity and debt to UK businesses with growth ambition. We are your investment partners from scale-up to exit.
Language
en-GB
Canonical
https://www.mercia.co.uk/
Feeds

Open Graph

url
https://www.mercia.co.uk/
title
Home - Mercia
locale
en_GB
site name
Mercia
description
Mercia Asset Management provides equity and debt to UK businesses with growth ambition. We are your investment partners from scale-up to exit.

Technology

CDN
Cloudflare
CMS
WordPress
Fonts
  • Adobe Fonts
  • Google Fonts
Third-party hosts loaded (8)
  • fonts.googleapis.com×2
  • js.hs-scripts.com×2
  • static.addtoany.com×2
  • cdn.jsdelivr.net×1
  • fonts.gstatic.com×1
  • gmpg.org×1
  • kit.fontawesome.com×1
  • use.typekit.net×1

Social

DNS records live

NS
  • george.ns.cloudflare.com
  • gwen.ns.cloudflare.com
MX
  • 10 mx01.hornetsecurity.com
  • 20 mx02.hornetsecurity.com
  • 30 mx03.hornetsecurity.com
  • 40 mx04.hornetsecurity.com
TXT
  • amazonses:kO5wQRfVwunznRZLwLDHAY65TNbPdFBzsi0gUtbj8jI=
Verified for
  • Apple
  • Microsoft 365

Email authentication strong

SPF
v=spf1 include:spf.hornetsecurity.com include:spf.protection.outlook.com include:authsmtp.com include:kallidus-suite.com include:spfhost.messageprovider.com include:eu._netblocks.mimecast.com include:6485783.spf04.hubspotemail.net -all
strict (-all)
DMARC
v=DMARC1; p=quarantine; rua=mailto:noreply_DMARC@mercia.co.uk; ruf=mailto:noreply_DMARC@mercia.co.uk; fo=1:d:s; adkim=s; aspf=s;ri=86400
policy: quarantine
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjBxbFEVbgf1SNHJvNXM3q81DySc9D6A4qiK6pNui/6ndyu6SwjRoW+y+5E0xTJVxUS+d+2Bnge0IiDLtp7S…
selectors probed

Certificate (current)

WE1
from 2026-05-14 to 2026-08-12
Expires in 84 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 35/100 Checked live page: https://www.mercia.co.uk/

present
  • permissions-policy
findings
  • missing HSTS
  • missing Content Security Policy
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
Header values
permissions-policy
private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"), private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")

Links to (7)

Linked from (1)