indexo.dev

oxleas.nhs.uk

.uk crawl

First seen 2026-05-28 · Last seen 2026-06-01 · ok HTTP/1.1 200 637 ms crawled 2026-05-30

GB · 51.11.17.108 · AS8075 Microsoft Corporation

Reputation 100/100

Classifying

HTML metadata

Title
Oxleas NHS Foundation Trust | Oxleas NHS Foundation Trust
Description
We provide care for people of all ages in a variety of locations across the London Boroughs of Bexley, Bromley, Greenwich, Kent and the South West of England...
Language
en
Generator
VerseOne CMS v5
Canonical
https://oxleas.nhs.uk/

Open Graph

url
https://oxleas.nhs.uk/
title
Home
locale
en_gb
site name
Oxleas NHS Foundation Trust
description
We provide care for people of all ages in a variety of locations across the London Boroughs of Bexley, Bromley, Greenwich, Kent and the South West of England...

Technology

CMS
Drupal
Stack
Java

Third-party hosts loaded (2)

  • cdn.gtranslate.net×1
  • www.cqc.org.uk×1

Social

DNS records live

NS
  • ns1.nhs.uk
  • ns2.nhs.uk
  • ns3.nhs.uk
  • ns4.nhs.uk
Verified for
  • GlobalSign

Email authentication no MX

SPF
v=spf1 include:_spf.nhs.net -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-04-30 to 2026-07-29
Expires in 54 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://oxleas.nhs.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
  • weak content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
DENY, SAMEORIGIN
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self' region1.analytics.google.com *.trac.jobs *.doubleclick.net *.googleapis.com *.google-analytics.com *.elfsight.com *.vimeo.com; script-src 'self' *.gtranslate.net cdn.gtranslate.net *.trac.jobs *.googletagmanager.com *.google.com *.gstatic.com *.ytimg.com *.google.com *.googleapis.com *.google-analytics.com *.twitter.com *.youtube.com *.cqc.org.uk *.elfsight.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.trac.jobs *.googleapis.com *.twitter.com *.googleapis.com *.cqc.org.uk *.gstatic.com 'unsafe-inline'; img-src * data:; media-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com; frame-src 'self' *.pagetiger.com vimeo.com player.vimeo.com *.vimeo.com *.vimeocdn.com *.ci.vimeows.com *.youtube.com *.youtube-nocookie.com *.twitter.com *.google.com 'unsafe-inline'; form-action
strict-transport-security
max-age=31536000

Links to (6)

Linked from (2)