indexo.dev

bwhhotels.it

.it crawl

First seen 2026-05-27 · Last seen 2026-05-31 · ok HTTP/1.1 200 447 ms crawled 2026-05-30

IT · 89.46.106.68 · AS31034 Aruba S.p.A.

Reputation 100/100

Classifying

HTML metadata

Title
BWH Hotels Italy & South-East Europe – C'è un mondo nuovo per gli albergatori italiani
Language
it-IT
Generator
WordPress 6.9.4
Canonical
https://www.bwhhotels.it/
Translations
  • it
Feeds

Technology

CDN
Cloudflare
CMS
WordPress 6.9.4
jQuery
1.12.4 known XSS (<3.5)
Analytics
  • Cloudflare Insights
  • Google Tag Manager

Third-party hosts loaded (4)

  • bnr.elmobot.eu×1
  • gmpg.org×1
  • static.cloudflareinsights.com×1
  • www.googletagmanager.com×1

Contact

Phone

DNS records live

NS
  • dns.technorail.com
  • dns2.technorail.com
  • dns3.arubadns.net
  • dns4.arubadns.cz
MX
  • 1 bwhhotels-it.mail.protection.outlook.com
TXT
  • mandrill_verify.5Cn0xcLpNFgqS3834Q1kxQ
Verified for
  • Apple
  • Microsoft 365

Email authentication strong

SPF
v=spf1 include:spf.protection.outlook.com include:spf.tmes.trendmicro.eu -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:webmaster@bwhhotels.it; ruf=mailto:webmaster@bwhhotes.it; fo=1
policy: reject (enforced)
DKIM
  • selector1: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEj5MJ+ewADzqqRGGbH7a/8Q3HVtU1KDNX7BRyk+mDYEWeZwAjotJEMhTV4CuHHKp7q6sC3IP752ZV…
  • selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOqkQZirTzqqd0uXsJtOtpzrDf8MEGxgOWuG9S9VlMjYZbo9m8qKNKIR0HjY0lh7nJEVlX5oq9tLGZ…
selectors probed

Certificate (current)

Actalis Domain Validation Server CA G3
from 2026-01-08 to 2027-02-08
Expires in 252 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.bwhhotels.it/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
camera=(), microphone=(), geolocation=(self), usb=()
x-content-type-options
nosniff
content-security-policy
default-src https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.accessibit.com https://joblink.allibo.com; script-src 'self' 'unsafe-inline' https://kit.fontawesome.com https://code.jquery.com/ https://www.google-analytics.com https://bnr.elmobot.eu https://www.googletagmanager.com https://cdn.accessibit.com https://static.cloudflareinsights.com https://joblink.allibo.com; worker-src 'self' blob:; connect-src 'self' https://ws.accessibit.com wss://ws.accessibit.com https://audit.accessibit.com https://joblink.allibo.com https://*.google-analytics.com https://cns.elmobot.eu https://*.fontawesome.com; img-src 'self' data:;
strict-transport-security
max-age=15552000; includeSubDomains

Links to (6)

Linked from (4)