hotelestequendama.com.co
hotelestequendama.com.co
HTML metadata
Technology
- Server
- GNA
- Analytics
-
- Google Tag Manager
- Fonts
-
- Google Fonts
Third-party hosts loaded (4)
- assets-gnahs.s3.eu-west-3.amazonaws.com×2
- fonts.gstatic.com×2
- assets.gnahs.com×1
- www.googletagmanager.com×1
Social
Contact
- Phone
DNS records live
- NS
-
- ns01.domaincontrol.com
- ns02.domaincontrol.com
- MX
-
- 0 smtp.secureserver.net
- 10 mailstore1.secureserver.net
- Verified for
-
Email authentication partial
- SPF
-
v=spf1 include:spf.ipzmarketing.com include:secureserver.net include:47531560.spf08.hubspotemail.net -allstrict (-all) - DMARC
-
v=DMARC1; p=none;policy: none (monitoring only) - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 82 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- CSP uses wildcard sources
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: 'unsafe-inline';- strict-transport-security
max-age=63072000; preload
Links to (6)
- civitatis.com×3
- facebook.com×3
- gnahs.com×3
- instagram.com×3
- tiktok.com×3
- wa.me×3