nwlondonicb.nhs.uk

.uk crawl

First seen 2026-04-17 · Last seen 2026-05-12 · ok HTTP/1.1 200 3320 ms crawled 2026-05-12

GB · 185.220.62.117 · AS61323 Ans Academy Limited

Reputation 100/100

Classifying

HTML metadata

Title: Home page: NHS North West London (NHS NW London) and North West London Integrated Care System (NW London ICS).
Description: Home page: NHS North West London (NHS NW London) and North West London Integrated Care System (NW London ICS).
Language: en
Generator: concrete5 - 8.5.2
Canonical: https://www.nwlondonicb.nhs.uk/

Technology

Server: Apache
CMS: Joomla

Analytics

Google Tag Manager

Third-party hosts loaded (4)

translate.googleapis.com×2
www.googletagmanager.com×2
www.gstatic.com×2
translate.google.com×1

Social

DNS records live

NS

ns1.nhs.uk
ns2.nhs.uk
ns3.nhs.uk
ns4.nhs.uk

Email authentication no MX

SPF: not published
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2026-04-16 to 2026-11-01

Expires in 164 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.nwlondonicb.nhs.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-src 'self' https://www.buzzsprout.com/ https://leedsth.mydeclarations.co.uk/reports/GroupReport *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.buzzsprout.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ https://www.googletagmanager.com/ *.google.com *.googleapis.com *.gstatic.com *.cqc.org.uk ; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.co
strict-transport-security: max-age=31536000

Links to (7)

Linked from (1)

transformationpartners.nhs.uk×2