scot.nhs.uk

.uk crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 1063 ms crawled 2026-05-04

GB · 20.0.114.104 · AS8075 Microsoft Corporation

Reputation 100/100

Classifying

Technology

Server: rocket

DNS records live

NS

ns1.scot.nhs.uk
ns2.scot.nhs.uk

MX

50 mail.nhs.uk

TXT

Show 14 TXT records

AOv3WTqfXbIcuNTQ0bDKkIep6
p3x4f0tp3f7mzxzdpm47m2m8vbdfb6gh
24yjz1h9sk6w79l5m8zkf2gljfjjw8xc
gk5w6bd906sjdvr8n0n2g0fsj9bwk8hm
MS=ms97985027
vq23nldpj09hjd7kbrdg3gnsjq
vrgdma6702ks3okel9vmb0h7fu
qepkm9k9768b8rn1dh69bf59pm
r6f7zy0nm0zq7tx76g94gsc8m80c118n
0dtgr91ffdfmy8mphxgn0xsskp9p0v3k
2hrpfl5q93g5p531ofea2361tv
y9dlczqczj3f2kxthny2089b3pvxxjl7
hc2r6l0xxnq0qxh8s1dx6cm3p4ml9cw3
6l38r5bh9mthd3pbpvyz7xw03wpzv78j

Certificate (current)

from 2026-05-03 to 2026-08-01

Expires in 73 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.scot.nhs.uk/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-content-type-options
referrer-policy
permissions-policy

findings

CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: no-referrer-when-downgrade, strict-origin-when-cross-origin
permissions-policy: camera=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),usb=(); report-to=perm-endpoint
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report
strict-transport-security: max-age=63072000
content-security-policy-report-only: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report

Technology

DNS records live

Certificate (current)

HTTP security headers

Linked from (12)