holiduhost.com
holiduhost.com
HTML metadata
Technology
- CDN
- Amazon CloudFront
- Analytics
-
- Google Analytics
- Google Tag Manager
- Ads
-
- Meta Pixel
- Taboola
Third-party hosts loaded (13)
- assets.holidu.com×8
- img.holidu.com×8
- static.holidu.com×7
- www.googletagmanager.com×2
- api.holidu.com×1
- bat.bing.com×1
- cdn.taboola.com×1
- cdnjs.cloudflare.com×1
- connect.facebook.net×1
- retrack-kupona.kuponacdn.de×1
- static2.holidu.com×1
- widget.trustpilot.com×1
- www.google-analytics.com×1
Registration
- Registrar
- Amazon Registrar, Inc.
- Created
- 2024-07-31
- Expires
- 2026-07-31 72 days left
- Updated
- 2025-06-26
- Name servers
-
- ns-1075.awsdns-06.org
- ns-1921.awsdns-48.co.uk
- ns-495.awsdns-61.com
- ns-904.awsdns-49.net
DNS records live
- NS
-
- ns-1075.awsdns-06.org
- ns-1921.awsdns-48.co.uk
- ns-495.awsdns-61.com
- ns-904.awsdns-49.net
- TXT
-
google-site-verification=kbRsOOVln7Ib-NyoKm4_I8fIyDdyRYsx2UHNa7PIZXc
Email authentication no MX
- SPF
- not published
- DMARC
- not published
- DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 70 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- referrer-policy
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Permissions Policy
Header values
- referrer-policy
strict-origin-when-cross-origin- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https: http:;font-src 'self' data: https:;connect-src 'self' https: ws: wws:;worker-src 'self' blob:;frame-ancestors 'self' https://*.holidu.com https://*.holidu.cloud https://*.holidu.io https://tsmart.tomas-travel.com- strict-transport-security
max-age=15552000