traveliowa.com

HTML metadata

Title: Travel Iowa | Explore Iowa Attractions, Events & Scenic Road Trips
Description: Discover Iowa’s top attractions, events and scenic road trips. Plan your perfect getaway with Travel Iowa’s free official tourism guide.
Language: en
Canonical: https://www.traveliowa.com/

Open Graph

url: https://www.traveliowa.com/
title: Travel Iowa | Official Iowa Tourism and Travel Website
description: Travel Iowa is the official tourism website of the State of Iowa. Explore places and events and discover the best things to do in Iowa.

Technology

CDN: Azure Front Door
CMS: Ghost

Analytics

Google Tag Manager

Ads

Google Ads
Google Ads (DoubleClick)

Third-party hosts loaded (8)

embed.guidegeek.com×1
googleads.g.doubleclick.net×1
js.adara.com×1
kit.fontawesome.com×1
starling.crowdriff.com×1
widget.privy.com×1
www.googleadservices.com×1
www.googletagmanager.com×1

Social

Registration

Registrar

GoDaddy.com, LLC

Created

1998-02-05

Expires

2026-09-23 125 days left

Updated

2025-09-24

Name servers

ns1-04.azure-dns.com
ns2-04.azure-dns.net
ns3-04.azure-dns.org
ns4-04.azure-dns.info

DNS records live

NS

ns1-04.azure-dns.com
ns2-04.azure-dns.net
ns3-04.azure-dns.org
ns4-04.azure-dns.info

MX

0 traveliowa-com.mail.protection.outlook.com

TXT

ieda-traveliowa.azurewebsites.net
uqhhi9kkmlci1i5e9bbfflrncj

Email authentication strong

SPF

v=spf1 include:spf.protection.outlook.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.email,mailto:dmarc@traveliowa.com

policy: reject (enforced)

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZS2ol0f9nxNEoLUd5fa0d1pTMO/uxDFSiblD8i4QSa2YExeHyPer6fQzDZHJ3NgaAx1MibaNy7Z9KU1KkN2…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoCnNMgeG3TenmIhgcg8x/O2Lw06Dya5g61wiafIUsJsHTAY6qJCGXg/0Ldh/eS2TPcD3h7ffP6rPm…

selectors probed

Certificate (current)

GeoTrust TLS RSA CA G1

from 2026-01-08 to 2026-07-09

Expires in 49 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.traveliowa.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: no-referrer, strict-origin-when-cross-origin
x-frame-options: Deny
x-content-type-options: nosniff
content-security-policy: default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* localtest:* ajax.aspnetcdn.com fonts.gstatic.com *.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.google.com *.gstatic.com *.fontawesome.com *.crowdriff.com *.sa-as.com *.licdn.com *.facebook.net *.facebook.com *.googleadservices.com siteimproveanalytics.com *.doubleclick.net *.simpleviewcrm.com *.moatads.com *.pinterest.com *.spintest.com *.traveliowa.com *.cloudflare.com *.hotjar.com *.privy.com *.adnxs.com *.amp.travel *.ipredictive.com *.instagram.com *.bttrack.com *.presage.io s.pinimg.com *.stackadapt.com *.iowawineandbeer.com www.redditstatic.com *.adara.com *.adaraanalytics.com *.yieldoptimizer.com *.guidegeek.com *.github.io;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' *.traveliowa.com iowa.gov *.jquery.com maxcdn.bootstrapcdn.com *.goo
strict-transport-security: max-age=31536000; includeSubDomains