indexo.dev

mandarinoriental.com

.com crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 3249 ms crawled 2026-05-18

US · 104.114.98.45 · AS16625 Akamai Technologies, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Luxury 5 Star Hotels & Resorts Worldwide | Mandarin Oriental Hotel Group
Description
Our luxury award-winning hotels and resorts worldwide. Mandarin Oriental hotels offer world-class accommodations, spas and fine dining experiences.
Language
en
Canonical
https://www.mandarinoriental.com/en
Translations
  • ar-ae
  • ca-es
  • cs
  • de
  • el-gr
  • en
  • es
  • es-es
  • fr
  • id
  • it
  • ja
  • ko-kr
  • nl
  • pt-br
  • ru
  • th
  • tr
  • zh-cn
  • zh-hk

Technology

CDN
Akamai
Analytics
  • Google Tag Manager

Third-party hosts loaded (4)

  • media.ffycdn.net×26
  • cdn-assets-eu.frontify.com×4
  • assets.adobedtm.com×1
  • www.googletagmanager.com×1

Social

Registration

Registrar
Network Solutions, LLC
Created
1996-08-23
Expires
2029-08-22 1191 days left
Updated
2023-09-14
Name servers
  • ns1.p17.dynect.net
  • ns2.p17.dynect.net
  • ns3.p17.dynect.net
  • ns4.p17.dynect.net

DNS records live

NS
  • ns1.p17.dynect.net
  • ns2.p17.dynect.net
  • ns3.p17.dynect.net
  • ns4.p17.dynect.net
MX
  • 10 mail.mandarinoriental.com
TXT
  • ok95cmvqe65jfmh6s5bftbvlbp
  • d6qjbm30t8jkhf0bbod52bmj64
  • MS=ms72636301

Email authentication strong

SPF
v=spf1 -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:2ba186d34b0c256@rep.dmarcanalyzer.com; ruf=mailto:2ba186d34b0c256@for.dmarcanalyzer.com; fo=1;
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

DigiCert Global G3 TLS ECC SHA384 2020 CA1
from 2026-01-07 to 2027-01-09
Expires in 235 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.mandarinoriental.com/en

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
unsafe-url
x-frame-options
DENY
permissions-policy
accelerometer=(), camera=(), geolocation=*, gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-content-type-options
nosniff
content-security-policy
default-src https: 'self' data: *.demdex.net *.everesttech.net *.omtrdc.net *.sc.omtrdc.net *.tt.omtrdc.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.letsway.com https://pay.sandbox.datatrans.com https://utt.impactcdn.com https://*.googleapis.com https://*.kouto.co https://*.stripe.com https://*.imagekit.io https://*.bing.com https://*.creativecdn.com https://cloud.e.mandarinoriental.com https://siteintercept.qualtrics.com https://cdnjs.cloudflare.com https://cloud.official.mandarinoriental.com https://zn1z6joka9pfuojsc-mohgcx.siteintercept.qualtrics.com https://www.wepowerconnections.com https://lantern.roeyecdn.com https://tags.creativecdn.com https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.go-mpulse.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://assets.adobedtm.com https://b99.yahoo.co.jp https://commerce.adobedtm.com https://cdn.cookie
strict-transport-security
max-age=86400 ; includeSubDomains

Links to (6)

Linked from (24)