mcrhotels.com

.com crawl

First seen 2026-04-13 · Last seen 2026-05-20 · ok HTTP/1.1 200 5403 ms crawled 2026-05-06

US · 52.7.206.204 · AS14618 Amazon.com, Inc.

Reputation 75/100 listed in spam blocklist

Classifying

HTML metadata

Title: MCR Hotels | Hotel Development and Management
Description: MCR is the 3rd largest hotel owner-operator in the U.S. and one of Fast Company's 10 Most Innovative Travel Companies.
Language: en-US
Canonical: https://www.mcrhotels.com/

Open Graph

url: https://www.mcrhotels.com/
title: MCR Hotels | Hotel Development and Management
locale: en_US
site name: MCR
description: MCR is the 3rd largest hotel owner-operator in the U.S. and one of Fast Company's 10 Most Innovative Travel Companies.

Technology

Server: Apache
CMS: WordPress

Fonts

Adobe Fonts

Third-party hosts loaded (4)

ajax.googleapis.com×2
code.ionicframework.com×2
maps.googleapis.com×2
use.typekit.net×2

Registration

Registrar

GoDaddy.com, LLC

Created

2016-07-12

Expires

2026-12-15 208 days left

Updated

2025-12-16

Name servers

ns75.domaincontrol.com
ns76.domaincontrol.com

DNS records live

NS

ns75.domaincontrol.com
ns76.domaincontrol.com

MX

0 mcrhotels-com.mail.protection.outlook.com

TXT

v=spf1 ip4:35.174.145.124 include:_spf.dayforcehcm.com include:spf.protection.outlook.com include:dayforcehcm.com include:_spf.salesforce.com ip4:71.78.157.250 ip4:104.11.153.33 ip4:8.53.73.115 ~all

Verified for

Anthropic
Google

Certificate (current)

R12

from 2026-04-12 to 2026-07-11

Expires in 51 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.mcrhotels.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' acsbapp.com *.facebook.net *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com; script-src-elem 'self' 'unsafe-inline' data: *.cookielaw.org unpkg.com *.ahrefs.com *.ads-twitter.com *.pinimg.com *.bing.com *.clarity.ms acsbapp.com sc-static.net *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.mews.com connect.facebook.net www.pagespeed-mod.com; style-src-elem 'self' 'unsafe-inline' *.typekit.net account.templatemonster.com platform.twitter.com fonts.bunny.net code.ionicframework.com code.jquery.com *.googleapis.com *.gstatic.com *.mews.com; style-src-attr 'unsafe-inline'; img-src 'self' blob: data: *.google.com.vn *.google.com.pr *.google.com.ni *.google.com.lb *.google.com.co *.google.co.jp *.google.bs *.google.be *.google.ro *.google.com.tr *.google.co.kr *.google.ch *.google.se *.google.ie *.google.com.mt *.google.com.hk *.google.com.au *.google.at *.googl
strict-transport-security: max-age=31536000

Linked from (1)

c20society.org.uk×3