qtravel.se

HTML metadata

Title: Skidresor till Andorra och Baqueira Beret | Quality Travel
Description: I Andorra finner du utmanande skidåkning, 300 soldagar per år, taxfree shopping! Läs mer om våra prisvärda resor. Quality Travel har 30 år i branschen.
Language: sv
Canonical: https://www.qtravel.se

Open Graph

url: https://www.qtravel.se
title
locale: sv
site name: Quality Travel
description: I Andorra finner du utmanande skidåkning, 300 soldagar per år, taxfree shopping! Läs mer om våra prisvärda resor. Quality Travel har 30 år i branschen.

Technology

CDN: Cloudflare
CMS: Next.js

Analytics

Google Tag Manager

Cookie consent

Cookiebot

Third-party hosts loaded (3)

consent.cookiebot.com×1
widget.trustpilot.com×1
www.googletagmanager.com×1

Social

DNS records live

NS

candy.ns.cloudflare.com
stan.ns.cloudflare.com

MX

1 qtravel-se.mail.protection.outlook.com

Verified for

Google
Microsoft 365

Email authentication partial

SPF

v=spf1 include:spf.protection.outlook.com include:_spf.travelize.se include:mailgun.org -all

strict (-all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

WE1

from 2026-05-21 to 2026-08-19

Expires in 75 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.qtravel.se/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: microphone=(), camera=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' blob: *.api.sanity.io *.mux.com; frame-src https:; font-src 'self'; img-src 'self' data: cdn.sanity.io *.trustpilot.com images.qtravel.se imgsct.cookiebot.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net www.google.se www.google.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com widget.trustpilot.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net connect.facebook.net; frame-ancestors 'self' localhost:3333 studio.qtravel.se studio.qtravel-test.se *.sanity.io; connect-src 'self' ws: wss: *.api.sanity.io consentcdn.cookiebot.com *.mux.com inferred.litix.io widget.trustpilot.com *.google-analytics.com *.analytics.google.com *.doubleclick.net www.google.com
strict-transport-security: max-age=63072000; includeSubDomains