indexo.dev

bahrain.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-12 · ok HTTP/1.1 200 1145 ms crawled 2026-05-07

IE · 54.171.87.122 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Visit Bahrain | An Unforgettable Journey | Official Tourism Website
Description
Bahrain Tourism & Exhibitions Authority's official website homepage.
Language
en-US

Open Graph

title
Visit Bahrain | An Unforgettable Journey | Official Tourism Website
description
Bahrain Tourism & Exhibitions Authority's official website homepage.

Technology

Server
Kestrel
Analytics
  • Google Tag Manager
Ads
  • Google Ads (DoubleClick)
Fonts
  • Google Fonts
Third-party hosts loaded (14)
  • tourismbh.com×58
  • cdnjs.cloudflare.com×7
  • cdn.jsdelivr.net×3
  • www.google.com×2
  • www.googletagmanager.com×2
  • ad.doubleclick.net×1
  • cdn.userway.org×1
  • elfsightcdn.com×1
  • fonts.googleapis.com×1
  • insight.adsrvr.org×1
  • js.adsrvr.org×1
  • maps.googleapis.com×1
  • platform-api.sharethis.com×1
  • www.facebook.com×1

Social

Contact

Address
st Updated: May 07 2026

Registration

Registrar
Network Solutions, LLC
Created
1994-11-21
Expires
2034-11-20 3105 days left
Updated
2025-02-28
Name servers
  • ns-1208.awsdns-23.org
  • ns-1958.awsdns-52.co.uk
  • ns-443.awsdns-55.com
  • ns-860.awsdns-43.net

DNS records live

NS
  • ns-1208.awsdns-23.org
  • ns-1958.awsdns-52.co.uk
  • ns-443.awsdns-55.com
  • ns-860.awsdns-43.net
MX
  • 0 bahrain-com.mail.protection.outlook.com
Verified for
  • Google
  • Microsoft 365

Email authentication partial

SPF
v=spf1 include:spf.protection.outlook.com -all
strict (-all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

Sectigo RSA Domain Validation Secure Server CA
from 2025-02-27 to 2026-03-31
Expired 51 days ago

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.bahrain.com/

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
Header values
referrer-policy
no-referrer-when-downgrade
x-frame-options
SameOrigin
permissions-policy
accelerometer=(), camera=(), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: https: js.adsrvr.org use.typekit.net api.mapbox.com analytics.tiktok.com connect.facebook.net www.facebook.com www.google.com www.youtube.com cse.google.com maps.googleapis.com googleapis.com cdn.syndication.twimg.com t.sharethis.com platform.twitter.com www.googletagmanager.com www.google-analytics.com syndication.twitter.com s7.addthis.com v1.addthisedge.com cdn.userway.org code.jquery.com m.addthis.com universe-static.elfsightcdn.com elfsightcdn.com unpkg.com use.fontawesome.com ajax.googleapis.com z.moatads.com maps.googleapis.com cdnjs.cloudflare.com www.gstatic.com www.use.typekit.net data: p.typekit.net googleads.g.doubleclick.net www.googleadservices.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com js.adsrvr.org blob: analytics.tiktok.com connect.facebook.net www.facebook.com p.typekit.net api.mapbox.com code.jquery.com www.youtube.com universe-static.elfsightcdn.com elfsightcdn.com unpkg.com maps.googleapis.com googleapis.com cse.goog

Links to (6)

Linked from (1)