indexo.dev

merseycares.org

.org crawl

First seen 2026-04-20 · Last seen 2026-05-19 · ok HTTP/1.1 200 5872 ms crawled 2026-05-19

GB · 45.157.40.163 · AS61323 Ans Academy Limited

Reputation 100/100

Classifying

HTML metadata

Title
Home :: Mersey Care Charity
Description
We exist to improve the mental and physical health of our communities by funding innovative projects and developments that can support an even better care for patients and service users.
Language
en
Generator
Concrete CMS
Canonical
https://www.merseycares.org/

Technology

Server
Apache
CMS
Joomla
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (4)

  • cdnjs.cloudflare.com×2
  • fonts.googleapis.com×2
  • translate.google.com×1
  • www.googletagmanager.com×1

Social

Contact

Address
st Charity, Charity Registration no 11915

Registration

Registrar
Tucows Domains Inc.
Created
2023-06-15
Expires
2027-06-15 391 days left
Updated
2025-06-14
Name servers
  • ns0.ukfast.net
  • ns1.ukfast.net

DNS records live

NS
  • ns0.ukfast.net
  • ns1.ukfast.net
MX
  • 0 merseycares-org.mail.protection.outlook.com

Email authentication strong

SPF
v=spf1 include:spf.protection.outlook.com +mx +a +ip4:45.157.40.163 ~all
softfail (~all)
DMARC
v=DMARC1; p=reject; pct=100; fo=1; ri=3600; rua=mailto:8a03a367@inbox.ondmarc.com;
policy: reject (enforced)
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoOtnkpm9Z/BuhWcrdQNS6o6U0IwaIyPeGn5zLcSVk1QFJ/TkhL8pBVhyBsl5boWMKDoULt/idy0xp…
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA2B0cDEwG80KUI6MgnRj3J3tEvutgoTySDPLJenFfFPE15gl6Ey5dg5qYuPMuqG7u1v0qMFhcArS9…
selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2025-09-12 to 2026-09-17
Expires in 120 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.merseycares.org/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'self' https://*.nhs.uk; frame-src 'self' https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://nhs.us17.list-manage.com/subscribe/post-json https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://*.mailchimp.com https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellch
strict-transport-security
max-age=31536000

Links to (9)

Linked from (1)