puraventura.co.uk

.uk crawl

First seen 2026-04-13 · Last seen 2026-05-08 · ok HTTP/1.1 200 1913 ms crawled 2026-05-06

US · 172.67.158.173 · AS13335 Cloudflare, Inc.

Reputation 92/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title: Central America Trips | PuraVentura
Description: Explore Central America on expertly guided small-group tours. Culture, nature, comfort and authentic encounters—designed for travellers seeking meaningful journeys.
Language: gb

Open Graph

url: https://www.puraventura.co.uk/
title: Central America Trips | PuraVentura
description: Explore Central America on expertly guided small-group tours. Culture, nature, comfort and authentic encounters—designed for travellers seeking meaningful journeys.

Technology

CDN: Cloudflare
CMS: Next.js

Analytics

Cloudflare Insights

Third-party hosts loaded (5)

cdn.venturatravel.org×2
get.geojs.io×2
storage.googleapis.com×2
media.venturatravel.org×1
static.cloudflareinsights.com×1

Registration

Registrar

Cloudflare, Inc.

Created

2025-09-01

Expires

2026-09-01 103 days left

Updated

2025-09-01

Name servers

jim.ns.cloudflare.com.
lara.ns.cloudflare.com.

DNS records live

NS

jim.ns.cloudflare.com
lara.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

Verified for

Google

Email authentication strong

SPF: v=spf1 include:_spf.google.com ~all
softfail (~all)
DMARC: v=DMARC1; p=none;
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

WE1

from 2026-04-25 to 2026-07-24

Expires in 64 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.puraventura.co.uk/

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: font-src 'self' data: https://media.venturatravel.org https://static.klaviyo.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://static.klaviyo.com *.ekonsilio.io https://fonts.googleapis.com; script-src * 'unsafe-inline' 'unsafe-eval' *.ekonsilio.io blob:; worker-src blob: 'self'; img-src * data: blob: *.ekonsilio.io; connect-src * ws: wss: *.ekonsilio.io *.simplelocalize.io;