tapairportugal.com

HTML metadata

Title

Institucional | TAP Air Portugal

Description

Bem-vindo ao site institucional da TAP Air Portugal. Aqui encontra factos e números, a história, a frota e muito mais sobre a maior companhia aérea portuguesa!

Language

pt

Canonical

https://www.tapairportugal.com/pt

Translations

en
pt

Open Graph

url: Institucional | TAP Air Portugal
title: Institucional | TAP Air Portugal
locale: pt
description: Bem-vindo ao site institucional da TAP Air Portugal. Aqui encontra factos e números, a história, a frota e muito mais sobre a maior companhia aérea portuguesa!

Technology

CDN: Cloudflare
CMS: Next.js

Analytics

Cloudflare Insights
Google Tag Manager

Third-party hosts loaded (4)

cdn.engagement.coremedia.cloud×1
static.cloudflareinsights.com×1
universal-editor-service.adobe.io×1
www.googletagmanager.com×1

Social

Contact

Address: Rua Exemplo 123, 1000-001, Lisbon, Lisbon, PT

Registration

Registrar

EuroDNS S.A.

Created

1997-06-27

Expires

2030-06-26 1497 days left

Updated

2023-07-13

Name servers

ns1-03.azure-dns.com
ns2-03.azure-dns.net
ns3-03.azure-dns.org
ns4-03.azure-dns.info

DNS records live

NS

ns1-03.azure-dns.com
ns2-03.azure-dns.net
ns3-03.azure-dns.org
ns4-03.azure-dns.info

TXT

239ffpr5yy15q0j91brvqpl9c8vj4j08

Verified for

Google

Email authentication no MX

SPF: v=spf1 ip4:91.198.90.0/24 include:spf.protection.outlook.com -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

E7

from 2026-03-23 to 2026-06-21

Expires in 31 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.tapairportugal.com/pt

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-embedder-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
weak frame protection

Header values

referrer-policy: no-referrer
x-frame-options: ALLOW-FROM *.adobe.net *.adobe.com *.amazoncognito.com
permissions-policy: browsing-topics=(*), accelerometer=(*), autoplay=(*), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(*), fullscreen=(*), geolocation=(*), gyroscope=(*), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(*), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(*), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(*), gamepad=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), unload=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.smartvel.com *.firebaseapp.com *.amazoncognito.com *.adobeaemcloud.com; connect-src 'self' *.googleadservices.com *.googlesyndication.com *.linkedin.com *.visualwebsiteoptimizer.com *.smartvel.com *.facebook.com *.bing.com *.facebook.net *.adobelogin.com booking.flytap.com *.experience.adobe.net *.doubleclick.net *.inside-graph.com *.google.pt *.google.es *.onetrust.com *.cloudflare.com *.google-analytics.com *.adobeaemcloud.com *.adobe.com cdn.cookielaw.org *.experiencecloud.live *.googleapis.com *.google.com *.coremedia.cloud *.byside.com wss://wsa1.byside.com wss://eu-live.inside-graph.com *.firebaseapp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.googlesyndication.com *.linkedin.com *.youtube.com *.bing.com *.visualwebsiteoptimizer.com *.smartvel.com *.facebook.net *.adobe.io *.experience.adobe.net *.doubleclick.net *.inside-graph.com *.google.pt *.google.es *.cloudflare.com booking.flytap.com *.google-analytics.com *.licd
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-embedder-policy: same-origin
cross-origin-resource-policy: same-origin