archipelagohotels.com

HTML metadata

Title: Southeast Asia's Largest Privately Owned Hospitality Group
Description: Archipelago Hotels is Southeast Asia's leading hotel management company with over 45,000 rooms across 200+ locations. Experience excellence with our 13 award-winning brands across Indonesia, Philippines, Malaysia, and beyond.
Language: en
Canonical: https://www.archipelagohotels.com/

Open Graph

url: https://www.archipelagohotels.com/
title: Southeast Asia's Largest Privately Owned Hospitality Group
locale: en_US
site name: Archipelago Hotels
description: Archipelago Hotels is Southeast Asia's leading hotel management company with over 45,000 rooms across 200+ locations. Experience excellence with our 13 award-winning brands across Indonesia, Philippines, Malaysia, and beyond.

Technology

CDN: Cloudflare
CMS: Nuxt

Analytics

Cloudflare Insights
Google Tag Manager

Third-party hosts loaded (3)

customer-hhwb7w5adjlguf9r.cloudflarestream.com×3
www.googletagmanager.com×2
static.cloudflareinsights.com×1

Social

Contact

Address: Wisma Staco Jl. Casablanca 3rd Floor, 12870, Jakarta, DKI Jakarta, ID

Registration

Registrar

Cloudflare, Inc.

Created

2015-04-08

Expires

2027-04-08 310 days left

Updated

2026-03-09

Name servers

jeff.ns.cloudflare.com
may.ns.cloudflare.com

DNS records live

NS

jeff.ns.cloudflare.com
may.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

Verified for

Anthropic
Google
OpenAI

Email authentication partial

SPF

v=spf1 include:_spf.google.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; sp=quarantine; rua=mailto:8a7901a3a8af4f6c9e0a8f281bebb28e@dmarc-reports.cloudflare.net,mailto:sentec-d@dmarc.report-uri.com; ruf=mailto:sentec-d@dmarc.report-uri.com; rf=afrf; pct=99; ri=86400

policy: reject (enforced) · pct=99 · sp=quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiSooXVetL1IOoYwePyJxWtEPxBOjRh8gj8Lzbjc/fRY1CllKrP7oM3Q6/03rUmHM/oC2m+7jw9Ks5s…

selectors probed

Certificate (current)

WE1

from 2026-04-20 to 2026-07-19

Expires in 48 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://archipelagohotels.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(self "https://www.google-analytics.com"), camera=(self), microphone=(), fullscreen=(self), payment=(), accelerometer=(), autoplay=(self), clipboard-read=(self), clipboard-write=(self), display-capture=(), gyroscope=(), magnetometer=(), usb=(), web-share=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://*.ampproject.org https://*.pbahotels.com; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://static.cloudflareinsights.com https://accounts.google.com/gsi/client https://challenges.cloudflare.com https://cdn.denomatic.com https://*.affilired.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://app.termly.io https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://cdnjs.cloudflare.com https://cdn.ampproject.org https://*.onesignal.com https://cdn.jsdelivr.net https://onesignal.com https://*.archipelagointernational.com https://apis.google.com https://www.youtube.com https://m.youtube.com https://secure.gravatar.com https://ajax.googleapis.com https://translate.g
strict-transport-security: max-age=15552000; includeSubDomains