heritage-holidays.com

.com crawl

First seen 2026-05-04 · Last seen 2026-05-11 · ok HTTP/1.1 200 8472 ms crawled 2026-05-11

US · 54.189.34.167 · AS16509 Amazon.com, Inc.

Reputation 100/100

sector travel type homepage

HTML metadata

Title: Heritage Holidays| Countryside Holiday Cottages, City Breaks, and Seaside Retreats Scotland
Description: Heritage Holidays host a range of beautiful self-catering holiday homes across Scotland, including cosy countryside cottages with hot tubs, seaside holiday homes and dog-friendly stays. Book direct with Heritage Holidays for the best price!
Language: en
Canonical: https://www.heritage-holidays.com/

Open Graph

url: https://www.heritage-holidays.com/
title: Heritage Holidays| Countryside Holiday Cottages, City Breaks, and Seaside Retreats Scotland
locale: en
description: Heritage Holidays host a range of beautiful self-catering holiday homes across Scotland, including cosy countryside cottages with hot tubs, seaside holiday homes and dog-friendly stays. Book direct with Heritage Holidays for the best price!

Technology

Server: nginx
CMS: Next.js

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (7)

bookingenginecdn.hostaway.com×37
static-production-nextjs.hostaway.eu×24
fonts.googleapis.com×3
hostaway-platform.s3.us-west-2.amazonaws.com×2
www.googletagmanager.com×2
bookingenginecdn-2.hostaway.com×1
fonts.gstatic.com×1

Social

Registration

Registrar

GoDaddy.com, LLC

Created

2024-03-26

Expires

2027-03-26 310 days left

Updated

2024-08-01

Name servers

ns45.domaincontrol.com
ns46.domaincontrol.com

DNS records live

NS

ns45.domaincontrol.com
ns46.domaincontrol.com

Email authentication no MX

SPF: not published
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

R13

from 2026-03-31 to 2026-06-29

Expires in 40 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 55/100 Checked live page: https://www.heritage-holidays.com/

present

strict-transport-security
content-security-policy

findings

short HSTS max-age
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://* blob: 'unsafe-inline'; img-src 'self' https://* data: blob:; media-src 'self' https://*; connect-src 'self' https://* wss://*; form-action 'self' https://*; frame-src 'self' https://*; frame-ancestors 'self' https://*; worker-src 'self' https://* 'unsafe-inline' 'unsafe-eval' blob:
strict-transport-security: max-age=600

Links to (3)

Linked from (1)

heritagehosting.co.uk×1