vistry.co.uk

HTML metadata

Title: Vistry
Description: Vistry Group builds more UK homes than anyone else, responsibly creating quality mixed-tenure communities people love with parks, schools, and more.
Language: en
Canonical: https://www.vistry.co.uk/

Open Graph

url: https://www.vistry.co.uk/
title: Home
site name: Vistry Group

Technology

CDN: Cloudflare
CMS: Joomla

Analytics

Google Tag Manager

Fonts

Adobe Fonts

Social widgets

Vimeo Embed

Third-party hosts loaded (10)

cdn.jsdelivr.net×10
assets.investisdigital.com×4
cdn.amcharts.com×4
otp.tools.investis.com×3
use.typekit.net×3
viz.tools.investis.com×3
irs.tools.investis.com×2
www.googletagmanager.com×2
player.vimeo.com×1
www.youtube.com×1

Social

Registration

Registrar

Tucows Inc t/a Tucows

Created

2019-12-01

Expires

2026-12-01 195 days left

Updated

2025-11-30

Name servers

ns1.hover.com.
ns2.hover.com.

DNS records live

NS

ns1.hover.com
ns2.hover.com

MX

0 vistry-co-uk.mail.protection.outlook.com

TXT

Show 11 TXT records

Foxit-domain-verification=f35897797de30eae1aa2967b760bc089
_globalsign-domain-verification=R1rQpFp0kZSbT0Ax2iuE63ExwYoQMxmvVU25cG63aT
knowbe4-site-verification=6bd9e4cd2b5f7721938b7c9d3b39718e
MS=ms14055408
6f7t62nldkvre994kp0ho7sjql
hfcrhp5en5c54a149m5shrj8o4
teamviewer-sso-verification=d848e1fba0594c1a8cf9699b8d5a3bd2
access-domain-verification=c2c11081d96f86ace758f7d8f82656a553a42eaf8d270f0510730778cb90e08d
twilio-domain-verification=91f9fd31d5aeb6221d2bc396de3395eb
ottbfgd0id1d3kpcf7chueifrf
apple-domain-verification=jQPgD5waVkKGvgcb

Email authentication strong

SPF

v=spf1 include:spf.protection.outlook.com include:u17751130.wl131.sendgrid.net a:bovis.uksouth.cloudapp.azure.com ip4:89.105.104.80/27 ip4:20.49.197.15 include:wappmail.com include:0b1b72a2-spf.mta.getcheckrecipient.com -all

strict (-all)

DMARC

v=DMARC1;p=quarantine;sp=quarantine;fo=1;rua=mailto:dmarc_agg@vali.email;ruf=mailto:postmaster@vistry.co.uk

policy: quarantine · sp=quarantine

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrwfYNTBSKC6C1xpvpaHQJu+f8SKwwcIU0NS/uDxX/n5lzarw+7Vour+hcZH4VWqMn0N1iVI0hu5pF5+wz8h…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyA0F2j4NPg9sjsiO38GummPHr/0T+Q5yz0MMdw4i2VNTn8LjKhaaxZpbFOrfRZK/54RfAQcPwL+Y79D44b…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmCK1wiMvcWHhS7salGY1yj/KpP82vNF8K4q/SKARUn6wQIL8N3uA+RKbYmgv0uuofDIk8lAPG/a+wX9bFh0oHgI…

selectors probed

Certificate (current)

GlobalSign GCC R3 DV TLS CA 2020

from 2025-11-14 to 2026-12-16

Expires in 210 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.vistry.co.uk/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src *.myidx.cloud 'self' ajax.googleapis.com assets.investisdigital.com fonts.googleapis.com use.typekit.net otp.tools.investis.com google-analytics.com code.highcharts.com viz.tools.investis.com edge.api.brightcove.com *.brightcovecdn.com; script-src *.myidx.cloud 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.lfeeder.com static.cloudflareinsights.com cdn.amcharts.com unpkg.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net api.reciteme.com ajax.googleapis.com connect.facebook.net player.vimeo.com www.youtube.com cdn.jsdelivr.net code.jquery.com otp.tools.investis.com use.typekit.net google-analytics.com www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com code.highcharts.com viz.tools.investis.com cdnjs.cloudflare.com *.investisdigital.com *.invdcloud-is.co.uk otp.tools.investis.com; style-src *.myidx.cloud 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net unpkg.com *.zscaler.net *.zscalerone.net *.zscalertwo.n
strict-transport-security: max-age=15552000; includeSubDomains; preload