practiceplan.co.uk

HTML metadata

Title: Leading Provider of Practice Branded Dental Plans | Practice Plan
Description: We're the UK's leading provider of practice-branded dental membership plans to help you leave NHS dentistry or switch providers. Get in touch.
Language: en-GB
Canonical: https://www.practiceplan.co.uk/

Open Graph

url: https://www.practiceplan.co.uk/
title: Leading Provider of Practice Branded Dental Plans | Practice Plan
locale: en_GB
site name: Practice Plan
description: We're the UK's leading provider of practice-branded dental membership plans to help you leave NHS dentistry or switch providers. Get in touch.

Technology

CDN: Cloudflare
CMS: WordPress

Analytics

Google Tag Manager

Social widgets

Vimeo Embed

Third-party hosts loaded (6)

challenges.cloudflare.com×2
player.vimeo.com×2
gmpg.org×1
registry.blockmarktech.com×1
www.googletagmanager.com×1
www.securitymetrics.com×1

Social

Contact

Email

info@practiceplan.co.uk

Phone

01691684120

Address

Cambrian Works, Gobowen Road, SY11 1HS, Oswestry, Shropshire, UK

Registration

Registrar

123-Reg Limited t/a 123-reg

Created

1999-05-10

Expires

2027-05-10 355 days left

Updated

2025-05-11

Name servers

ns10.dnsmadeeasy.com.
ns11.dnsmadeeasy.com.
ns12.dnsmadeeasy.com.
ns13.dnsmadeeasy.com.
ns14.dnsmadeeasy.com.
ns15.dnsmadeeasy.com.

DNS records live

NS

ns10.dnsmadeeasy.com
ns11.dnsmadeeasy.com
ns12.dnsmadeeasy.com
ns13.dnsmadeeasy.com
ns14.dnsmadeeasy.com
ns15.dnsmadeeasy.com

MX

10 eu-smtp-inbound-1.mimecast.com
10 eu-smtp-inbound-2.mimecast.com

TXT

Show 12 TXT records

workplace-domain-verification=Y4R0q1iLoVxKWrN7slZIJsQ8H1w3w7
0ed1fe018a3b44066b28164ae49561e8d69c91f2d2
globalsign-domain-verification=V8Nb7WK9VKaSO4hJjAkP-o0znA9Cx8i2CB8wZeYlok
l7amuu9etoa1f29sga0q92vf6m
MS=ms31989585
1kAQGUSZ68OQnJISX93gSF2Yk8AvwlpdfskjCuD6X40=
MS=ms53662879
apple-domain-verification=QNKbbzlN5ranyoHR
globalsign-domain-verification=-27BSK0di2hfQxQtmTQY3Cspab4hOZC_-OYnJGQegw
globalsign-domain-verification=HBczrKppYLR-lIWm79mMg9MCp5BMZzybNx9bviFx0l
globalsign-domain-verification=1bdCXaqWoUVLAJFPxzz-xSY6U9Qfj-BISPrDZAGvFa
mandrill_verify.5dSPSPC6FKrIfPkhpecqPw

Email authentication strong

SPF

v=spf1 include:eu._netblocks.mimecast.com ip4:81.145.168.64/26 ip4:89.238.159.48/28 ip4:193.115.195.64/27 ip4:89.238.154.96/28 include:spf.messagelabs.com include:spf.protection.outlook.com include:servers.mcsv.net include:spf.mailjet.com -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

GlobalSign RSA OV SSL CA 2018

from 2025-06-02 to 2026-07-04

Expires in 46 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.practiceplan.co.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.doubleclick.net *.bing.net *.vimeo.com ; script-src 'self' 'unsafe-inline' https://challenges.cloudflare.com *.cloudflare.com *.facebook.net *.bing.com *.bing.net *.clarity.ms *.onetrust.com *.azureedge.net www.googletagmanager.com www.google.com www.google-analytics.com googleads.g.doubleclick.net *.doubleclick.net www.gstatic.com www.googleadservices.com maps.googleapis.com www.google.com *.vimeocdn.com maps.googleapis.com *.googleapis.com static.hotjar.com *.hotjar.com *.flippingbook.com *.cloudfront.net *.vimeo.com ; style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com *.vimeocdn.com static.hotjar.com *.doubleclick.net *.bing.net *.vimeo.com ; font-src 'self' data: fast.fonts.net fonts.gstatic.com static.hotjar.com *.doubleclick.net *.bing.net *.vimeo.com ; img-src 'self' data: *.facebook.com *.bing.com *.bing.net *.onetrust.com *.clarity.ms *.podbean.com maps.googleapis.com maps.gstatic.com www.google-analytics.com ssl.google-analytics.com secu
strict-transport-security: max-age=63072000; includeSubDomains; preload

Links to (7)

Linked from (1)

sunny-smiles.co.uk×2