tsb.co.uk
HTML metadata
Technology
- Server
- Apache
Third-party hosts loaded (4)
- assets.sitescdn.net×3
- d21y75miwcfqoq.cloudfront.net×1
- js-cdn.dynatrace.com×1
- rum.hlx.page×1
Registration
- Registrar
- CSC Corporate Domains, Inc
- Created
- 1995-08-05
- Expires
- 2026-08-05 77 days left
- Updated
- 2025-08-02
- Name servers
-
- a1-1.akam.net.
- a11-67.akam.net.
- a18-64.akam.net.
- a20-66.akam.net.
- a22-67.akam.net.
- a7-66.akam.net.
DNS records live
- NS
-
- a1-1.akam.net
- a11-67.akam.net
- a18-64.akam.net
- a20-66.akam.net
- a22-67.akam.net
- a7-66.akam.net
- MX
-
- 10 tsb-co-uk.mail.protection.outlook.com
- TXT
-
Show 10 TXT records
671699863-7547125apple-domain-verification=xQGnQ2FjOTu7mhpRMS=ms51144294Dynatrace-site-verification=0822d43e-1fa6-4595-a748-058f2029d2b0__o6jt69ri5k3ugek7lhsrck1t1lgoogle-site-verification=vbna0QOgDdnO8ccWzzxIaiRCqpLT0cl1YGYsmLZBfEYadobe-sign-verification=4aa3d12e844d766211ceed1a5799d41cadobe-idp-site-verification=bcf00a2d42ecb6d4ae1a146688ae6afb79b7825f20b6a733a46ca1e214a4a7c1docker-verification=5e4cbe1b-d3f1-4a0c-8970-3a4a4412251aatlassian-domain-verification=e6vR4FBEnunFRwN4zYARBd4XM4sWaaNNM1LmZD/skZce8b2yHGpcLSn/vWp97fBl_github-challenge-TSB-Bank.tsb.co.uk=828cab01d9
Email authentication strong
- SPF
-
v=spf1 a:mx1.hc4794.c3s2.iphmx.com include:spf.protection.outlook.com a:mr-out.tsb.co.uk a:mx1.bancsabadell.c3s2.iphmx.com a:mx1.hc31-11.eu.iphmx.com ip4:209.61.151.232 ip4:209.61.151.245 ip4:35.189.87.117 -allstrict (-all) - DMARC
-
v=DMARC1;p=reject;pct=100;rua=mailto:dmarc@tsb.co.uk;fo=1;policy: reject (enforced) - DKIM
-
- selector1:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiLrRzn5uq4nlJRui/f0TTTz2idhicVLS6apGOzHp708gkXgGOE0xUI+lnyo/2jpDTx1/U3rMdMce5… - selector2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzhoE0QfGcD2Wu3U4lGC6IsGHJfkHXQ5tDd25mz9yYwDTnGPtsqHkPPFaKpmBSnmm+Nx6qgXzMs3V8…
selectors probed - selector1:
Certificate (current)
DigiCert EV RSA CA G2
Expires in 35 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP uses wildcard sources
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- permissions-policy
geolocation=(),midi=(),accelerometer=(),gyroscope=(),magnetometer=(),payment=(),camera=(),microphone=(),usb=(),hid=()- x-content-type-options
nosniff- content-security-policy
default-src 'self' blob: data: https://bat.bing.com https://bat.bing.net https://report.c1101.gbqofs.io https://console.c1101.glassboxdigital.io https://static3.avast.com https://gstatic.mopinion.com https://*.lpsnmedia.net https://*.inbenta.io; connect-src 'self' https://bat.bing.com https://bat.bing.net https://report.c1101.gbqofs.io https://console.c1101.glassboxdigital.io https://*.pdst.fm https://*.googlesyndication.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://safespaces.azurewebsites.net https://safespaces.azurewebsites.net/Home/IsAlive https://*.googleapis.com https://*.contentsquare.net https://adservice.google.com https://bat.bing.com https://*.mopinion.com https://fonts.googleapis.com https://tealium.hs.llnwd.net https://translate.googleapis.com https://www.google.com wss://lo.msg.liveperson.net https://*.clicktale.net https://*.akstat.io https://*.akamaihd.net https://*.doubleclick.net https://*.omtrdc.net htt- strict-transport-security
max-age=31536000 ; includeSubDomains ; preload