midlandheart.org.uk

HTML metadata

Title: Housing Association - Midland Heart
Description: We're a Midlands housing association, providing quality affordable homes across the Midlands.
Language: en-GB
Canonical: https://www.midlandheart.org.uk/

Open Graph

url: https://www.midlandheart.org.uk/
title: Home
description: We're a Midlands housing association, providing quality affordable homes across the Midlands.

Technology

Analytics

Google Tag Manager

Ads

Meta Pixel

Cookie consent

OneTrust

Third-party hosts loaded (4)

cdn.cookielaw.org×1
connect.facebook.net×1
widget.trustpilot.com×1
www.googletagmanager.com×1

Social

Contact

Phone

03456020540

Registration

Registrar

GoDaddy.com, LLC.

Created

2006-02-09

Expires

2027-02-09 264 days left

Updated

2026-02-10

Name servers

ns1.g02.cfdns.net.
ns2.g02.cfdns.biz.
ns3.g02.cfdns.info.
ns4.g02.cfdns.co.uk.

DNS records live

NS

ns1.g02.cfdns.net
ns2.g02.cfdns.biz
ns3.g02.cfdns.info
ns4.g02.cfdns.co.uk

MX

10 eu-smtp-inbound-1.mimecast.com
20 eu-smtp-inbound-2.mimecast.com

TXT

OCFROZSRINXP01XVU531OQ62N3IBGZ9MVZOH27SA
YEwAB12VHTciS0gfpY7/I3D+HkORxyiQdxPZ1E2D/pj95IUlt46WUv5iAIKcIXY2vy22tyRIqO3HMS+9kF+DLg==

Verified for

DocuSign
Google
Microsoft 365
Miro

Email authentication strong

SPF

v=spf1 include:mailcontrol.com include:spf.protection.outlook.com include:_spf.elasticemail.com include:online-send.com include:click-send.net include:amazonses.com include:docebosaas.com include:_spf.psm.knowbe4.com ip4:80.193.211.115 ip4:80.6.91.150 ip4:195.88.236.22 ip4:212.139.195.38 ip4:88.151.216.67 include:eu._netblocks.mimecast.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine

policy: quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYfLR7jT9DdQrO2cIFagaBpkLgksrQaAMP8whCsJmNKLLs6ONPWs5Xu6IQ2RcOlSgiJvqrpzNZ5a0snmyvuj…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLvzjFtjqebZxH7HbC+dZ+Qr+4EaJa6+EKEkQxB/ijO57e9ptzoxQcvf8d5+Vbk36+FZglDlNn843M73x4…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03wfaNg98HT45+zlYRjcU1MFE7Foyd6+E+39sNMfv6kuzeG38avruPx9vCWH/3t38n2190gX2jKaOmBxhp…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2026-03-19 to 2026-10-04

Expires in 136 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.midlandheart.org.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
weak content type protection
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, sameorigin
x-content-type-options: nosniff, nosniff
content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.googleapis.com *.googletagmanager.com *.browsealoud.com *.google-analytics.com *.facebook.net https://cdn.cookielaw.org https://widget.trustpilot.com https://*.google.com; connect-src 'self' *.cloudflareinsights.com *.botframework.com wss://*.botframework.com *.browsealoud.com *.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com https://cdn.cookielaw.org https://widget.trustpilot.com https://geolocation.onetrust.com https://api-cdn.euw2.pure.cloud https://stats.g.doubleclick.net https://api.euw2.pure.cloud wss://webmessaging.euw2.pure.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: static.cloudflareinsights.com *.google.com *.googleapis.com *.google-analytics.com *.browsealoud.com *.googletagmanager.com *.facebook.net https://cdn.cookielaw.org https://widget.trustpilot.com https://cdnjs.cloudflare.com https://apps.euw2.pure.cloud https://api-cdn.euw2.pure.cloud https://w
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains