railcard.co.uk

.uk crawl

First seen 2026-04-12 · Last seen 2026-05-19 · ok HTTP/1.1 200 2422 ms crawled 2026-05-04

US · 3.173.161.21 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Railcards | Digital Railcard and Prices
Description: Official retailer of Railcards by National Rail. With a Railcard you can save up to 1/3 off rail travel. There is a Railcard for everyone.
Language: en
Canonical: https://www.railcard.co.uk/

Open Graph

url: https://www.railcard.co.uk/
title: Railcards | Digital Railcard and Prices - Railcard
locale: en_GB
site name: Railcard
description: Official retailer of Railcards by National Rail. With a Railcard you can save up to 1/3 off rail travel. There is a Railcard for everyone.

Technology

CDN: Amazon CloudFront
Server: Apache

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (3)

c.webtrends-optimize.com×1
fonts.googleapis.com×1
www.googletagmanager.com×1

Social

Contact

Address: National Railcards, PO Box 8626, Swadlincote, UK

Registration

Registrar

Mesh Digital Limited t/a Domainbox

Created

1999-07-11

Expires

2027-07-11 416 days left

Updated

2025-06-18

Name servers

hattie.ns.cloudflare.com.
kobe.ns.cloudflare.com.

DNS records live

NS

hattie.ns.cloudflare.com
kobe.ns.cloudflare.com

MX

10 mx1.emailsrvr.com
20 mx2.emailsrvr.com

TXT

2mpxxqwvks21pty3t6l903w80cm4vrvp
v=spf1 include:emailsrvr.com ~all

Verified for

Meta

Certificate (current)

Amazon RSA 2048 M01

from 2026-01-25 to 2027-02-23

Expires in 278 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://www.railcard.co.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(self "https://www.youtube.com"), autoplay=(self "https://www.youtube.com"), camera=(), cross-origin-isolated=(self), display-capture=(), encrypted-media=(self "https://www.youtube.com"), fullscreen=(self "https://www.youtube.com"), geolocation=(), gyroscope=(self "https://www.youtube.com"), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self "https://www.youtube.com"), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.uniqodo.io *.uqd.io *.promotionx.io *.uniqodo.com; trusted-types * 'allow-duplicates'; connect-src 'self' *.uniqodo.io *.uqd.io *.promotionx.io *.uniqodo.com https://pat.webtrends-optimize.com https://analytics-ipv6.tiktokw.us https://intent.ly https://collect.webtrends-optimize.com https://pixel.quantserve.com https://www.googletagmanager.com https://www.zenaps.com https://tagapi.brandswap.com https://www.facebook.com https://firehose.eu-west-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://adservice.google.com https://analytics.tiktok.com https://ad.doubleclick.net https://js.smct.io https://bat.bing.com https://tagapi.brandswap.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://api.clicktripz.com https://www.clicktripz.com https://privacyportal-eu.onetrust.com https://pagead2.googlesyndication.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://region1.goo
strict-transport-security: max-age=31536000; includeSubDomains; preload

Links to (12)

Linked from (11)