stannah.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-15 · ok HTTP/1.1 200 674 ms crawled 2026-05-06

GB · 20.0.237.148 · AS8075 Microsoft Corporation

Reputation 100/100

Classifying

HTML metadata

Language: en-GB

Technology

CDN: Azure Front Door

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Registration

Registrar

CSC Corporate Domains, Inc.

Created

1996-07-31

Expires

2026-07-30 71 days left

Updated

2025-07-26

Name servers

ns1.netnames.net
ns2.netnames.net
ns5.netnames.net
ns6.netnames.net

DNS records live

NS

ns1.netnames.net
ns2.netnames.net
ns5.netnames.net
ns6.netnames.net

MX

0 eu-smtp-inbound-1.mimecast.com
0 eu-smtp-inbound-2.mimecast.com

TXT

Show 13 TXT records

facebook-domain-verification=dtnazrhpo9lgk61o8yuu1iet35u2dd
google-site-verification=WM9yW-tJWxTs65Hp-tcjsiDHsAowhf6Rxo9qI9U_Yek
google-site-verification=lUAKLpS9tetBhTdHBKR_ynn7GN443rEtRq5yYIgetdg
mailerlite-domain-verification=36ded9217fa3ea3555d3607bcb5128cdeff83fc7
cisco-ci-domain-verification=6507b6da0f6c814425ab3073d6f1663b5c824b18b8ecd3e4df391759230b076c
MS=ms57026238
ha1i9r7k7l14qr5e807709l01
39hkmsji7obu4691p93hqc6v00
c8pvqlljlh79g9qengfm1d53i9
giphhi1fb6c283pf23amethls3
qf8tkvo9jsvfpfijsjclbvodnd
0ed1fe018a3073ce6319864a6aa150864cf976ed92
miro-verification=76350923f366bf47ac3e46690f003b32de962600

Email authentication strong

SPF

v=spf1 include:spf.ashdowntech.com include:eu._netblocks.mimecast.com ip4:217.33.2.240 ip4:217.33.2.241 include:2103714.spf02.hubspotemail.net include:_spf.elasticemail.com include:_spf.mlsend.com -all

strict (-all)

DMARC

v=DMARC1; p=reject;

policy: reject (enforced)

DKIM

k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

Go Daddy Secure Certificate Authority - G2

from 2025-08-11 to 2026-09-12

Expires in 116 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.stannah.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' http: https: https://partner.stannah.com/; style-src 'unsafe-inline' 'self' blob: https: 'unsafe-inline' https://partner.stannah.com/; img-src app.optimizely.com cdn.optimizely.com data: http: https:; object-src 'none'; base-uri 'self'; child-src 'self'; font-src *.rcrsv.io *.formstack.com 'self' fonts.gstatic.com; frame-src 'self' https: *.hsforms.com app.hubspot.com widget.trustpilot.com *.kaptcha.com *.cardinalcommerce.com *.bluesnap.com *.hotjar.com *.fls.doubleclick.net *.optimizely.com app.optimizely.com cdn.optimizely.com a5590338467790848.cdn.optimizely.com a5590338467790848.cdn-pci.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com *.rcrsv.io m-prodeu.rcrsv.io *.twilio.com *.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.cardinalcommerce.com ;connect-src 'self' wss: https: *.optimizely.com *.rcrsv.io *.twilio.com; worker-src 'self'
strict-transport-security: max-age=31536000

Links to (1)

enable-javascript.com×2