indexo.dev

pennon-group.co.uk

.uk crawl

First seen 2026-04-28 · Last seen 2026-05-18 · ok HTTP/1.1 200 5462 ms crawled 2026-05-05

IE · 52.17.152.5 · AS16509 Amazon.com, Inc.

Reputation 75/100 wrong cert

Classifying

HTML metadata

Title
Pennon Group PLC
Description
Pennon Group Plc is an environmental utility infrastructure company at the top end of the FTSE 250 which owns South West Water Limited.
Language
en
Generator
Drupal 7 (http://drupal.org)
Canonical
https://www.pennon-group.co.uk/

Technology

CDN
Cloudflare
CMS
Drupal
Analytics
  • Cloudflare Insights
  • Google Tag Manager
Cookie consent
  • OneTrust

Third-party hosts loaded (6)

  • agencydatacreative.com×2
  • cdn.cookielaw.org×1
  • irs.tools.investis.com×1
  • otp.tools.investis.com×1
  • static.cloudflareinsights.com×1
  • www.googletagmanager.com×1

Social

Contact

Phone

Registration

Registrar
Ionos SE
Created
1998-06-02
Expires
2026-06-02 12 days left
Updated
2025-06-01
Name servers
  • ns1-06.azure-dns.com.
  • ns2-06.azure-dns.net.
  • ns3-06.azure-dns.org.
  • ns4-06.azure-dns.info.

DNS records live

NS
  • ns1-06.azure-dns.com
  • ns2-06.azure-dns.net
  • ns3-06.azure-dns.org
  • ns4-06.azure-dns.info
MX
  • 10 pennongroup-co-uk01e.mail.protection.outlook.com
TXT
Show 4 TXT records
  • dell-technologies-domain-verification=pennon-group.co.uk_1135e98f-012a-4751-99af-ab1cda944d2c_1722156266
  • 647b3a16714adf769c85aa51f6b8c8d7
  • v=spf1 ip4:194.72.48.162 ip4:80.194.73.226 ip4:54.229.2.165 ip4:52.30.130.201 include:spf.protection.outlook.com include:eu.mailgun.org include:nw010.com include:_spf.salesforce.com ~all
  • T2IHUyl9WQ+0t2ZNODNocpK6wAwJqIJWDSvEVCIMQiIASe/FOVLdkno1aEq4Chu2begauVDnt4ME/wQNgoH5Hg==
Verified for
  • Cisco
  • Microsoft 365
  • OneTrust

Certificate (current) wrong cert

GlobalSign RSA OV SSL CA 2018
from 2025-11-15 to 2026-12-17
Expires in 210 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.pennon-group.co.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak content type protection
  • missing Permissions Policy
Header values
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self' *.sharethis.com bcp.crwdcntrl.net *.google-analytics.com *.myidx.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com otp.tools.investis.com cdn.cookielaw.org *.sharethis.com ajax.googleapis.com connect.facebook.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com static.cloudflareinsights.com *.myidx.cloud agencydatacreative.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.sharethis.com fonts.googleapis.com *.googletagmanager.com *.myidx.cloud; img-src 'self' 'unsafe-inline' *.sharethis.com *.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org *.myidx.cloud www.googletagmanager.com; media-src 'self' *.myidx.cloud; frame-src 'self' *.sharethis.com secure.flife.de www.facebook.com otp.tools.investis.com maps.google.co.uk www.google.com irs.tools.investis.com *.myidx.cloud www.youtube.com; font-src 'self' 'unsafe-inline'; connect-src 'self' cdn.cookielaw.org www.google-analytics.
strict-transport-security
max-age=15552000; includeSubDomains; preload

Links to (7)

Linked from (1)