nhft.nhs.uk

.uk crawl

First seen 2026-05-08 · Last seen 2026-05-15 · ok HTTP/1.1 200 2391 ms crawled 2026-05-15

GB · 51.11.17.100 · AS8075 Microsoft Corporation

Reputation 100/100

sector health type homepage

HTML metadata

Title: Home | NHFT
Description: NHS community and mental healthcare provider, CQC rated outstanding.
Language: en
Generator: VerseOne CMS v5
Canonical: https://www.nhft.nhs.uk/

Open Graph

url: https://www.nhft.nhs.uk/
title: Home
locale: en_gb
site name: NHFT
description: NHS community and mental healthcare provider, CQC rated outstanding.

Technology

Analytics

Google Tag Manager

Fonts

Adobe Fonts

Third-party hosts loaded (4)

cdn.gtranslate.net×1
cdn.jsdelivr.net×1
use.typekit.net×1
www.googletagmanager.com×1

Social

DNS records live

NS

ns1.nhs.uk
ns2.nhs.uk
ns3.nhs.uk
ns4.nhs.uk

MX

0 nhft-nhs-uk.mail.protection.outlook.com

TXT

pji0kO5iCVkdKzjpmUDClgYo4ZQMJZ8WwgCL96nIpuDX08eGlJAPTnTiPje16C2s9nVG4+NvVVx9PimROlDpdA==
pm89v49u7dm5h7orgf92h6653e

Email authentication strong

SPF

v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/48 include:spfd.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:8MytVVhFjq6@dmarc-rua.mailcheck.service.ncsc.gov.uk

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEjA9SmJWjmPl4Z42wJpNAIz344y6gjfRKHPZ4aDY2lWZqMgg6HZvwevyV3Ee4fxL2I3ig5PaOgv2w…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10hqIAiRqwXxI3mcGhlfIg8++e8WHQIALctF37g0EPSHeiTA3fsTEZMoaMDqc+VV2oB32M9946oAJG…

selectors probed

Certificate (current)

Go Daddy Secure Certificate Authority - G2

from 2025-11-27 to 2026-12-29

Expires in 222 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.nhft.nhs.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: DENY, SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src auth.accessangel.app *.googleapis.com *.google-analytics.com *.mikle.com *.twimg.com https://boothco.vbth.app https://vimeo.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com *.trac.jobs *.doubleclick.net nhft.vocoll.com nhft0-19.vocoll.com *.googleapis.com speechstreamv3-webservices-8.texthelp.com babm.texthelp.com *.browsealoud.com www.google-analytics.com *.speechstream.net stats.g.doublick.net cdn.jsdeliver.net 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.vocoll.com *.googletagmanager.com *.google-analytics.com https://cdn.jsdelivr.net/npm/@handsfree/ *.googleapis.com *.gtranslate.net cdn.jsdelivr.net player.vimeo.com *.mikle.com *.twimg.com maps.googleapis.com translate-pa.googleapis.com *.trac.jobs connect.facebook.net nhft.vocoll.com nhft0-19.vocoll.com *.speechstream.net wikisum.texthelp.com www.google.com www.gstatic.com *.ytimg.com translate.google.com *.google.com *.googletagmanager.com translate.googleapis.com platform.twitter.com
strict-transport-security: max-age=31536000

Links to (6)

Linked from (1)

synergy-east.org.uk×1