principality.co.uk

HTML metadata

Title: Mortgages and Savings Made Simple | Principality
Description: Wales' largest building society, specialists in savings and mortgages for over 160 years. Become a member today.
Language: en
Canonical: https://www.principality.co.uk/

Open Graph

url: https://www.principality.co.uk/

Technology

CDN: Azure Front Door

Fonts

Adobe Fonts

Third-party hosts loaded (3)

cdn-assets-dynamic.frontify.com×12
media.ffycdn.net×5
use.typekit.net×1

Social

Registration

Registrar

Virgin Media Business Ltd

Created

1996-03-15

Expires

2027-03-15 298 days left

Updated

2026-03-02

Name servers

ns1-08.azure-dns.com.
ns2-08.azure-dns.net.
ns3-08.azure-dns.org.
ns4-08.azure-dns.info.

DNS records live

NS

ns1-08.azure-dns.com
ns2-08.azure-dns.net
ns3-08.azure-dns.org
ns4-08.azure-dns.info

MX

5 principality-co-uk.mail.protection.outlook.com

TXT

Show 13 TXT records

cddSn0PhNUiGvuorLiM2TlBbfFa9PPmnd0RHoZ0bU2WN
xxD1yiRtqW1qX739LRZYaLn9I2dTSrQG/gOhaPQpydPR5i0TShceyGKIEds3krqQhHRoc/g3muGxedmJEX2FWA==
70a9a7766bb847deb765ec79ce651a58
access-domain-verification=380ad6b9f9f4f79c410bfa53f46a2ff83fed53711fe664330f72f7efa1a7da89
vmware-cloud-verification-83887519-6c22-4cc7-9212-1151e5cfc6d0
appspace-domain-verification=0cec1a267ba398026d89ba0cfac9cbdffaae6d5eeab8a20e534113791e4a9763
_1nqusbadehy9c6uoh5oxqywfmrhzpfs
qtscvruqruql8la2d2fo2nqvv9
ndp73b9k62m224aof3p7oc675o
yNeL9gTXnIDVhaq0q+Xi6Z3dq1g96w91agJffSvL+2qYdYLmE1AyHSkhe67Cll2HyiAVH/ZQbeYXIxxT9NEuuQ==
remarkable-domain-verification=54b816bf-713e-408e-bbfe-5d9b28296680
aee8da12-d1e2-4eb9-b257-fecccac4343b
2smsverify=SwgpoeraM0qpvXyLeUZ/Fg

Verified for

Apple
Atlassian
CloudHealth
HashiCorp
Miro
OneTrust

Email authentication partial

SPF: v=spf1 include:msgfocus.com include:nw010.com include:spf.protection.outlook.com ip4:62.254.240.134 ip4:62.254.240.132 ip4:31.222.185.65 ip4:62.254.240.168 ip4:82.16.27.66 ip4:82.16.27.70 -all
strict (-all)
DMARC: v=DMARC1; p=none; rua=mailto:dmarc_agg@vali.email;
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

GeoTrust TLS RSA CA G1

from 2026-03-11 to 2026-09-12

Expires in 114 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://www.principality.co.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), camera=(), geolocation=(*), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-content-type-options: nosniff
content-security-policy: default-src 'self';font-src 'self' data: *.typekit.net fonts.gstatic.com;form-action 'self' www.facebook.com principality.qualtrics.com https://service.principality.co.uk;frame-ancestors 'self' cms-admin.principality.dev *.principality.co.uk admin.pbs.local *.positive.co.uk;frame-src 'self' *.googletagmanager.com *.cookiebot.com *.facebook.com *.google.com td.doubleclick.net principality.qualtrics.com hpi-1.principality.co.uk hpi-2.principality.co.uk https://*.qualtrics.com https://service.principality.co.uk https://*.figma.com https://*.axshare.com https://accounts.axure.com;img-src 'self' data: blob: https: cdn-assets-dynamic.frontify.com *.googletagmanager.com www.facebook.com *.contentsquare.net https://*.qualtrics.com;manifest-src 'self';child-src blob:;media-src 'self' *.frontify.com media.ffycdn.net;connect-src 'self' data: pagead2.googlesyndication.com consentcdn.cookiebot.com www.gstatic.com region1.google-analytics.com www.google-analytics.com maps.googleapis.com www.googleta
strict-transport-security: max-age=31536000; includeSubDomains