yaledws.co.uk
HTML metadata
Technology
Third-party hosts loaded (2)
- gw-assets.assaabloy.com×6
- www.yalehome.com×1
DNS records live
- NS
-
- dns1.cscdns.net
- dns2.cscdns.net
- MX
-
- 0 yaledws-co-uk.mail.protection.outlook.com
- TXT
-
Xrsgkyt2Sp//RR10RQ65DqjCQ/bRBluTG7Ci/XxHiLFGK9CzSvx7eUEMrzHg+ZarPYUin2o78BhfQCuhK7H4xw==
Email authentication strong
- SPF
-
v=spf1 ip4:141.81.167.228 include:spf.protection.outlook.com ip4:35.214.212.238 ip4:35.214.183.81 ip4:35.214.208.81 ip4:35.214.213.218 -allstrict (-all) - DMARC
-
v=DMARC1; p=reject; rua=mailto:c617a603d59c866@rep.dmarcanalyzer.com; ruf=mailto:c617a603d59c866@for.dmarcanalyzer.com; pct=100; fo=1policy: reject (enforced) - DKIM
-
- selector2:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyw6AuErWLnhyUNvAQY6GPlT35epFvrW2ARMBL40IhWSZzI8U+KIZtGM2Wup1R8vvrPV8BVGUlEgf+K…
selectors probed - selector2:
Certificate (current)
R12
Expires in 39 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- permissions-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- weak frame protection
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN, SAMEORIGIN- permissions-policy
geolocation=(), midi=(), sync-xhr=(*), microphone=(), camera=(), magnetometer=(self), gyroscope=(self), accelerometer=(self), fullscreen=(self "https://www.youtube-nocookie.com"), payment=()- x-content-type-options
nosniff- content-security-policy
default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports;- strict-transport-security
max-age=31557600