veterans-railcard.co.uk

HTML metadata

Title: Veterans Railcard | Discount | National Rail
Description: A Veterans Railcard costs just £35 and it'll save you 1/3 on rail fares throughout Great Britain for a whole year. Don't miss out - Buy Now.
Language: en
Canonical: https://www.veterans-railcard.co.uk/

Open Graph

url: https://www.veterans-railcard.co.uk/
title: Veterans Railcard | Discount | National Rail - Veterans Railcard
locale: en_GB
site name: Veterans Railcard
description: A Veterans Railcard costs just £35 and it'll save you 1/3 on rail fares throughout Great Britain for a whole year. Don't miss out - Buy Now.

Technology

CDN: Amazon CloudFront
Server: Apache

Analytics

Google Tag Manager

Ads

Meta Pixel

Fonts

Google Fonts

Third-party hosts loaded (7)

www.googletagmanager.com×3
connect.facebook.net×2
dev.visualwebsiteoptimizer.com×2
fonts.googleapis.com×2
ajax.googleapis.com×1
c.webtrends-optimize.com×1
fonts.gstatic.com×1

Social

Contact

Phone

0808 1914 218

Registration

Registrar

Mesh Digital Limited t/a Domainbox

Created

2020-01-22

Expires

2028-01-22 611 days left

Updated

2026-01-05

Name servers

erin.ns.cloudflare.com.
jason.ns.cloudflare.com.

DNS records live

NS

erin.ns.cloudflare.com
jason.ns.cloudflare.com

TXT

Show 4 TXT records

6c2bshnqdf4zkmjn1722nbvj9kkyygdy
_b39h58x06kw2fxqahp540tth8g3rp4j
q243cck56338k3c9hzxbt764x8qkj6bk
t02xr5sl8s89dz3hncbkhks9qz55lb5t

Email authentication no MX

SPF: v=spf1 include:spf.mailjet.com ?all
neutral (?all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

Amazon RSA 2048 M01

from 2025-10-18 to 2026-11-16

Expires in 179 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://www.veterans-railcard.co.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(self "https://www.youtube.com"), autoplay=(self "https://www.youtube.com"), camera=(), cross-origin-isolated=(self), display-capture=(), encrypted-media=(self "https://www.youtube.com"), fullscreen=(self "https://www.youtube.com"), geolocation=(), gyroscope=(self "https://www.youtube.com"), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self "https://www.youtube.com"), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; trusted-types * 'allow-duplicates'; connect-src 'self' https://*.uniqodo.com https://pat.webtrends-optimize.com https://bded8a3c6ae-1-1053047382554.us-central1.run.app https://2c-1138a2e087744ef69e662051fe044c44.ecs.us-west-1.on.aws https://analytics-ipv6.tiktokw.us https://www.facebook.com https://vc.hotjar.io https://firehose.eu-west-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://adservice.google.com https://analytics.tiktok.com https://ad.doubleclick.net https://js.smct.io https://bat.bing.com https://tagapi.brandswap.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://api.clicktripz.com https://www.clicktripz.com https://metrics.hotjar.io https://privacyportal-eu.onetrust.com https://pagead2.googlesyndication.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://region1.google-analytics.com http://ots.webtrends-optimize.com ws:; frame-src 'self' htt
strict-transport-security: max-age=31536000; includeSubDomains; preload