bedsonline.com

HTML metadata

Title

Your 360º travel partner | Bedsonline

Language

en

Canonical

https://discover.bedsonline.com/en-na/

Translations

de-df
en-au
en-df
en-en
en-gcc
en-in
en-na
en-us
es-es
es-la
es-mx
fr-df
fr-fr
gr-df
id-df
it-it
jp-jp
ko-df
nl-df
pt-br
pt-df
th-df
tr-df
zh-cn

Technology

CDN: Amazon CloudFront
Server: AmazonS3
CMS: Next.js

Third-party hosts loaded (3)

cdn.hotelbeds.com×22
discover-bedsonline.gta-travel.cn×1
maps.googleapis.com×1

Social

Registration

Registrar

EuroDNS S.A.

Created

1999-02-26

Expires

2027-02-26 283 days left

Updated

2025-08-11

Name servers

ns-1053.awsdns-03.org
ns-1667.awsdns-16.co.uk
ns-287.awsdns-35.com
ns-882.awsdns-46.net

DNS records live

NS

ns-1053.awsdns-03.org
ns-1667.awsdns-16.co.uk
ns-287.awsdns-35.com
ns-882.awsdns-46.net

MX

0 bedsonline-com.mail.protection.outlook.com

TXT

Show 12 TXT records

drift-domain-verification=5738ddc6ad4949e58d1d7242da8c27ea4e01f2f2570afe7191e87d673f256be6
facebook-domain-verification=esu24a0mmuoqdewvgm47tqwlob2l03
globalsign-domain-verification=8F414656DF63E68EAD83570F19AF3447
globalsign-domain-verification=AF055F0C1014A4CD8E3600A3F0D7729B
globalsign-domain-verification=H27Sf4xWzLLD5u9KfdGXV-Nq_dIsvnHXJpcUHLU6La
google-site-verification=VtdSnmsDXwfYC1WmD427_egmmoSvD1CBnSXklFmOacg
miro-verification=ea9d6daa669b4baec10a3216b5e3cdb52f66df2d
v=spf1 mx ip4:18.197.237.85 ip4:18.192.171.83 ip4:3.75.123.210 ip4:3.121.252.143 include:spf.protection.outlook.com include:app.sgizmo.com include:amazonses.com -all
LHlsKHU+7MHO3vt4blc+Lmcc3qN27tCGfE++3G3Y3lE=
SFMC-_ITu2VWEIIxyOVbzt0Iug6DKmeOYa_aNps6YBKV1
_globalsign-domain-verification=TWZDz9romcZgS8ijN4rDUq5gWzt5e-ZYqnqRutYDKj
docusign=c1969a9e-7312-43af-9336-7fdaee54e622

Certificate (current)

Amazon RSA 2048 M02

from 2025-07-27 to 2026-08-26

Expires in 99 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://discover.bedsonline.com/en-na/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(self)
x-content-type-options: nosniff
content-security-policy: default-src 'self'; font-src 'self' data: https://*.hotelbeds.com https://*.gstatic.com https://*.landbot.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ubembed.com https://*.facebook.net https://*.amazonaws.com https://*.googletagmanager.com https://*.cookiebot.com https://*.cloudflare.com https://*.googleapis.com https://*.hotelbeds.com https://*.gta-travel.cn https://*.hbxgroup.com https://*.landbot.io https://*.hotjar.com https://*.doubleclick.net https://*.appcues.com https://*.google-analytics.com; img-src 'self' data: https://www.googleadservices.com https://*.googletagmanager.com https://www.facebook.com https://*.google.es https://*.google.com https://s.zkcdn.net https://*.dacast.com https://*.cookiebot.com https://*.googleapis.com https://*.vzaar.com https://*.hotelbeds.com https://*.hbxgroup.com https://*.google-analytics.com https://connect.facebook.net https://pagead2.googlesyndication.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.
strict-transport-security: max-age=31536000; includeSubDomains; preload

Links to (3)

Linked from (2)

abtot.com×2
hbxgroup.com×2