indexo.dev

sportandrecreation.org.uk

.uk crawl

First seen 2026-04-22 · Last seen 2026-05-19 · ok HTTP/1.1 200 1416 ms crawled 2026-05-16

GB · 62.100.206.235 · AS12488 Krystal Hosting Ltd

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Sport and Recreation Alliance
Description
The independent Voice of Grassroots Sport and Recreation. We strongly believe in the transformational power of sport and recreation to positively shape lives and help drive societal and economic growth.
Language
en

Open Graph

url
https://sportandrecreation.org.uk/
title
Sport and Recreation Alliance
description
The independent Voice of Grassroots Sport and Recreation. We strongly believe in the transformational power of sport and recreation to positively shape lives and help drive societal and economic growth.

Technology

Server
Apache
Analytics
  • Google Tag Manager
Fonts
  • Adobe Fonts

Third-party hosts loaded (6)

  • sportandrecreationalliance.sport80.com×212
  • cc.cdn.civiccomputing.com×1
  • cdn.userway.org×1
  • code.jquery.com×1
  • use.typekit.net×1
  • www.googletagmanager.com×1

Social

Registration

Registrar
Zen Internet Limited
Created
2010-06-21
Expires
2027-06-21 396 days left
Updated
2025-10-21
Name servers
  • ns0.zen.co.uk.
  • ns1.zen.co.uk.

DNS records live

NS
  • ns0.zen.co.uk
  • ns1.zen.co.uk
MX
  • 10 sportandrecreation-org-uk.mail.protection.outlook.com
Verified for
  • GlobalSign

Email authentication partial

SPF
v=spf1 a mx include:spfuk.rocketseed.com include:spf.messageexchange.com include:spf.protection.outlook.com include:spf.mandrillapp.com ~all
softfail (~all)
DMARC
v=DMARC1; p=none
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-04-12 to 2026-07-11
Expires in 52 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://sportandrecreation.org.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
'deny'
x-content-type-options
nosniff
content-security-policy
default-src *; img-src data: *; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://www.google.com https://www.gstatic.com https://fonts.gstatic.com https://ig.instant-tokens.com https://maps.googleapis.com https://maps.gstatic.com https://p.typekit.net https://use.typekit.net https://code.jquery.com https://fonts.googleapis.com https://maps.googleapis.com https://schema.org https://unpkg.com/swup@3 https://unpkg.com/imagesloaded@5/imagesloaded.pkgd.min.js https://e.infogram.com https://cdn.userway.org https://e.infogram.com/js/dist/embed-loader-min.js https://cc.cdn.civiccomputing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://www.google.com https://www.gstatic.com https://fonts.gstatic.com https://ig.instant-tokens.com https://maps.googleapis.co
strict-transport-security
max-age=31536000; includeSubDomains

Links to (9)

Linked from (10)