nbt.nhs.uk

.uk crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 6657 ms crawled 2026-05-19

GB · 151.243.216.13 · AS215638 Cilix Limited

Reputation 100/100

Classifying

HTML metadata

Title: North Bristol NHS Trust | North Bristol NHS Trust
Language: en
Generator: Drupal 11 (https://www.drupal.org)
Canonical: https://www.nbt.nhs.uk/

Technology

Server: nginx
CMS: Drupal

Analytics

Google Tag Manager

Fonts

Font Awesome
Google Fonts

Third-party hosts loaded (5)

use.fontawesome.com×2
fonts.googleapis.com×1
managemycookies.com×1
www.cqc.org.uk×1
www.googletagmanager.com×1

Social

Contact

Phone

01179505050

Address

Trust HeadquartersSouthmead HospitalSouthmead RoadWestbury-on-TrymBristol BS10 5NB0117 9505050

DNS records live

NS

ns1.nhs.uk
ns2.nhs.uk
ns3.nhs.uk
ns4.nhs.uk

MX

0 nbt-nhs-uk.mail.protection.outlook.com

TXT

Show 4 TXT records

V5/Vj7shPRJUQWvQFq1Fjd2e/gTRMkji77WHDwNgJssE5Z4cSewPFLfRFLdyLT2PejprNL/TjZuuzRNAZjfMKQ==
MS=ms45599839
apple-domain-verification=ZbaHc42tExWKblA4
MS=E4E4C586B023EEE5EABE40707ED314E74847AE74

Email authentication strong

SPF

v=spf1 a ip4:109.74.199.90 ip4:82.33.244.243 ip4:82.33.244.244 ip4:62.253.26.249 ip4:62.253.26.251 include:_spf.elasticemail.com include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:dmarc-rua@nbt.nhs.uk,mailto:8YTT5XRF9ge@dmarc-rua.mailcheck.service.ncsc.gov.uk;

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIDCd0FWW515FrJNjz+mo0anSsHov2QJLyeR9u/MQSj7GAJxW2ul2z0y5dJ2OooJHlvwq2cl7k/tYY…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LQFjBdEfymWZ8WvsE6IiUxBrJAPELhI8WxrIvGnFRk85AfmL5DVS9thTm7emw1J6HGYnruWjRa7aM…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2025-11-17 to 2026-12-19

Expires in 213 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.nbt.nhs.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
weak content type protection
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff, nosniff
content-security-policy: frame-ancestors 'self', default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.tourdash.com translate.google.com *.govdelivery.com *.trac.jobs www.google.com www.youtube.com use.fontawesome.com www.cqc.org.uk cdn.gtranslate.net www.googletagmanager.com cdn-cookieyes.com *.cookieyes.com *.gstatic.com googleads.g.doubleclick.net static.doubleclick.net *.googleapis.com i.ytimg.com yt3.ggpht.com play.google.com *.google-analytics.com; frame-ancestors 'self'
strict-transport-security: max-age=21600000

Links to (7)

Linked from (1)

bnssghealthiertogether.org.uk×4