uclh.nhs.uk

.uk crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 10645 ms crawled 2026-05-19

US · 104.20.3.231 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Home : University College London Hospitals NHS Foundation Trust
Description: UCLH provides first-class acute and specialist services in six hospitals in central London. Our mission is to deliver top-quality patient care, excellent education and world-class research.
Language: en
Generator: concrete5
Canonical: https://www.uclh.nhs.uk/

Open Graph

url: https://www.uclh.nhs.uk/
title: Home : University College London Hospitals NHS Foundation Trust
locale: en_GB
site name: University College London Hospitals NHS Foundation Trust
description: UCLH provides first-class acute and specialist services in six hospitals in central London. Our mission is to deliver top-quality patient care, excellent education and world-class research.

Technology

CDN: Cloudflare
CMS: Joomla

Analytics

Google Tag Manager

Third-party hosts loaded (3)

translate.google.com×1
www.cqc.org.uk×1
www.googletagmanager.com×1

Social

DNS records live

NS

ns1.nhs.uk
ns2.nhs.uk
ns3.nhs.uk
ns4.nhs.uk

MX

50 mail.nhs.uk

TXT

_32acfcm8udmq42qisa3lz274p4ps7qi

Verified for

Microsoft 365

Email authentication partial

SPF

v=spf1 ip4:185.220.61.90 include:_spf.nhs.net include:outboundmail.blackbaud.net ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:uclh.dmarc@nhs.net

policy: none (monitoring only)

DKIM

mail: v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm73Qy7gHsS4xYemIi+AB8jx1U4cS+OzYIxEiI/qBYejb2wsShO3SrSM5YS6l3me2FgWd…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2025-12-16 to 2026-12-19

Expires in 212 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.uclh.nhs.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-src 'self' https://app.powerbi.com/ https://studio.eu.screencloud.com/ https://screencloud.com/ https://*.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js *.webspellchecker.net/ https://w.soundcloud.com/ *.adobe.com/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' https://cdn.jsdelivr.net https://staticnew-prod.topdoctors.co.uk 'unsafe-inline' 'unsafe-eval' https://studio.eu.screencloud.com/ https://screencloud.com/ https://cdn.tickettailor.com/js/widgets/min/widget.js *.tickettailor.com https://new.express.adobe.com/webpage/static/embed/embed.js https://moneypennychat.appspot.com/chatjs/ https://www.doctify.com/ *.webspellchecker.net/ https://widget.surveymonkey.com/ *.adobe.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com *.googleapis.com *.gstatic.com *.
strict-transport-security: max-age=31536000