hallmarkchristmascruise.com

HTML metadata

Title

Hallmark Christmas Cruise - October 23-27, 2026

Description

Set sail into the heart of the holidays aboard the Hallmark Christmas Cruise. Join your favorite Hallmark stars on the beautiful Norwegian Joy as we ...

Language

en-US

Canonical

https://www.hallmarkchristmascruise.com

Feeds

Hallmark Christmas Cruise » Feed RSS

Open Graph

url: https://www.hallmarkchristmascruise.com
title: Hallmark Christmas Cruise - October 23-27, 2026
locale: en_US
site name: Hallmark Christmas Cruise
description: Set sail into the heart of the holidays aboard the Hallmark Christmas Cruise. Join your favorite Hallmark stars on the beautiful Norwegian Joy as we ...

Technology

Server: Apache

Analytics

Google Tag Manager

Fonts

Adobe Fonts

Social widgets

Vimeo Embed

Third-party hosts loaded (7)

cdn1.sixthman.net×12
www.googletagmanager.com×3
use.typekit.net×2
cdn.datasteam.io×1
hightouch.com×1
p.typekit.net×1
player.vimeo.com×1

Social

Contact

Phone

//1-877-764-2552

Address

Registration

Registrar

DNC Holdings, Inc.

Created

2024-10-10

Expires

2026-10-10 142 days left

Updated

2025-08-26

Name servers

ns-1080.awsdns-07.org
ns-1778.awsdns-30.co.uk
ns-469.awsdns-58.com
ns-784.awsdns-34.net

DNS records live

NS

ns-1080.awsdns-07.org
ns-1778.awsdns-30.co.uk
ns-469.awsdns-58.com
ns-784.awsdns-34.net

Verified for

Google

Email authentication no MX

SPF: not published
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

Amazon RSA 2048 M02

from 2025-08-22 to 2026-09-21

Expires in 123 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.hallmarkchristmascruise.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' sixthman.net *.sixthman.net cdn.sixthman.net cdn1.sixthman.net tradablebits.com *.amazonaws.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.cloudflare.com cdn1.sixthman.net cdn.sixthman.net d2z4nov6ck0fcb.cloudfront.net s3.amazonaws.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com ssl.gstatic.com googletagmanager.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.hightouch-events.com *.byspotify.com mm-uxrv.com *.youtube.com *.ytimg.com *.vimeocdn.com *.groovehq.com *.datasteam.io *.audrte.com pippio.com *.demdex.net *.adsrvr.org *.lijit.com *.openx.net *.adnxs.com *.rlcdn.com *.media6degrees.com *.turn.com *.liadm.com *.aisiteanalytics.com *.linkedin.com *.rtactivate.com adadvisor.net ask-assets.com *.dtstmio.com *.agkn.com *.wp.com *.slack-edge.com *.pusher.com *.pusherapp.com ucarecdn.com xenoapp.com *.gravatar.com *.facebook.com *.facebook.net *.twimg.com *.twitter.com *.adroll.com *.doubleclick.net *.spot
strict-transport-security: max-age=16070400; includeSubDomains