nea.org.uk

HTML metadata

Title

National Energy Action (NEA) - the UK's leading fuel poverty charity

Description

Fuel Poverty | National Energy Action (NEA) works across England, Wales and Northern Ireland to eradicate fuel poverty and raise awareness.

Language

en-GB

Generator

Site Kit by Google 1.176.0

Canonical

https://www.nea.org.uk

Feeds

Open Graph

url: https://www.nea.org.uk
title: Home Page
locale: en_GB
site name: National Energy Action (NEA)
description: Fuel Poverty | National Energy Action (NEA) works across England, Wales and Northern Ireland to eradicate fuel poverty and raise awareness.

Technology

Server: Apache
CMS: WordPress

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (11)

cdn.jsdelivr.net×3
cdnjs.cloudflare.com×2
fonts.googleapis.com×2
kit.fontawesome.com×2
maps.googleapis.com×2
platform-api.sharethis.com×2
unpkg.com×2
www.googletagmanager.com×2
cookie-cdn.cookiepro.com×1
gmpg.org×1
www.facebook.com×1

Social

Registration

Registrar

Zen Internet Limited

Created

1995-12-16

Expires

2027-12-16 576 days left

Updated

2025-12-25

Name servers

ns0.zen.co.uk.
ns1.zen.co.uk.

DNS records live

NS

ns0.zen.co.uk
ns1.zen.co.uk

MX

5 nea-org-uk.mail.protection.outlook.com

TXT

Show 6 TXT records

google-site-verification=cTIuod8D0GII07mkAeepBwxurAY-FACTc7RrwPvHqlc
canva-site-verification=H3XayxA91aAmwvDiV1FzRw
amazonses:gpJUdZFuTZS+L1VcwG9Fkie5kAcBHXYmDVUQLK1iC0Q=
_globalsign-domain-verification=vLHIrs5p2ljig2J09pezt4l6EQKzPpune-BN9e-AJi
brevo-code:97b29cf1074ad8ceab94d1ec0598cbd7
sophos-domain-verification=c7837927554a539b72d5fd5efda740e3cddf5b49b423501578b72db3635bbb3c

Email authentication partial

SPF

v=spf1 +a ip4:31.121.33.150 ip4:23.253.183.218 ip4:35.197.255.227 ip4:153.92.248.82 ip4:5.44.25.144 ip4:153.92.248.82 ip4:192.254.125.237 include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com,mailto:dmarc@nea.org.uk

policy: none (monitoring only)

DKIM

k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…

selectors probed

Certificate (current)

E7

from 2026-04-03 to 2026-07-02

Expires in 44 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://www.nea.org.uk/

present

content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
permissions-policy: geolocation=(), midi=(),sync-xhr=(self),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests; default-src 'self' https://noop.style https://consentcdn.cookiebot.com; img-src https: assets.braintreegateway.com checkout.paypal.com data:; object-src 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-1.11.3.min.js *.fontawesome.com https://yoast.com/ https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com *.google.com https://google.com https://*.ggpht.com *.googleusercontent.com https://*.googletagmanager.com https://*.sharethis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://code.tidio.co https://widget-v4.tidiochat.com https://connect.facebook.net https://googleads.g.doubleclick.net https://api.reciteme.com/ https://*.cookiepro.com https://static.beaconproducts.co.uk https://code.jquery.com/* https://*.stripe.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com c.paypal.com blob:; script-src 'self' 'unsafe-inli