grand-indonesia.com

HTML metadata

Title: Grand Indonesia - Jakarta's Shopping Destination
Description: A premium shopping destination with over 400 distinguished tenants, offering exceptional fashion, dining, entertainment, and lifestyle experiences.
Language: en
Canonical: https://www.grand-indonesia.com

Technology

Server: nginx

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Contact

Phone

02123580001

Address

Jl. M. H. Thamrin No. 1Central JakartaJakarta 10310Indonesia

Registration

Registrar

Web Commerce Communications Limited dba WebNic.cc

Created

2005-01-07

Expires

2027-01-07 233 days left

Updated

2026-03-24

Name servers

ns1.dewaweb.com
ns2.dewaweb.com
ns3.dewaweb.com

DNS records live

NS

ns1.dewaweb.com
ns2.dewaweb.com
ns3.dewaweb.com

MX

10 d510658.a.ess.au.barracudanetworks.com
20 d510658.b.ess.au.barracudanetworks.com

TXT

Show 6 TXT records

google-site-verification=hLCzFM6Fry7cZcifhuran_Ia3cvfRb8Xefq7QT9I77E
mc5vcdf2s7djfnk6mn1sqvgw47jsfxyw
google-site-verification=PVk8F40OvB6rBuXLmoX9qbk-4wnzQKJQ6Bc-BJop-9M
_zafws2kploo1jnm9sjq6g8subs8sele
MS=09A2BFD5F04DEFF331397839E306A21ECBC25FE2
koY+8UjXeVAlXLfY33doA05LkfjjcPAh7j+dD7onzf5k8H4nk4lzTpGz3p9TR8B6rcT3k9XOnoGxoPzHR3tAkA==

Email authentication strong

SPF

v=spf1 include:spf.ess.au.barracudanetworks.com ip4:103.185.53.179 exists:%{i}.spf.hc1137-97.ap.iphmx.com ip4:104.250.105.81 ip4:182.16.161.52 ip4:222.124.202.76 ip4:222.124.202.80 ip4:202.51.97.34 include:spf.protection.outlook.com include:ncapp02.com include:_spf.ascentis.com.sg -all

strict (-all)

DMARC

v=DMARC1;p=quarantine;sp=none;adkim=r;aspf=r;pct=100;fo=1;rf=afrf;ri=86400;rua=mailto:rua+grand-indonesia.com@dmarc.barracudanetworks.com;ruf=mailto:ruf+grand-indonesia.com@dmarc.barracudanetworks.com

policy: quarantine · sp=none

DKIM

default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/qBhvM9wSqF9Z2hvds01IBE50nJP+4O8ssA3Xpjqo0HbbSnz5b5FMe9VFAgogz6Epgvs/ZB3rfUY0…

selectors probed

Certificate (current)

R13

from 2026-03-21 to 2026-06-19

Expires in 31 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.grand-indonesia.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(self), microphone=()
x-content-type-options: nosniff
content-security-policy: default-src 'self';font-src 'self' https://fonts.gstatic.com data:;connect-src 'self' https://www.google.com https://www.gstatic.com https://unpkg.com/vue@3 https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com;script-src 'unsafe-eval' 'self' https://www.google.com https://www.gstatic.com https://unpkg.com/vue@3 'unsafe-inline' https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com;img-src * data:;style-src 'self' https://fonts.googleapis.com https://www.google.com 'unsafe-inline';frame-src https://www.google.com https://app.mappedin.com https://www.youtube.com https://open.spotify.com https://spotify.com https://www.instagram.com https://vimeo.com https://www.dailymotion.com;frame-ancestors 'self' https://www.google.com
strict-transport-security: max-age=31536000; includeSubDomains; preload