indexo.dev

bettermarkets.app

.app crawl

First seen 2026-04-17 · Last seen 2026-05-12 · ok HTTP/1.1 200 977 ms crawled 2026-05-12

US · 216.150.1.193 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Better Markets - Buy and Sell Private Equity | Invest from $1
Description
Invest in SpaceX, OpenAI, Stripe and 100+ private companies before IPO. Direct ownership, zero fees, starting from $1. The modern private equity exchange.
Canonical
https://bettermarkets.app

Open Graph

url
https://bettermarkets.app/
title
Better Markets - Private Equity Trading Platform
site name
Better Markets
description
Trade private equity with zero fees. Own shares in SpaceX, OpenAI, and private companies before they IPO.

Technology

CDN
Vercel
CMS
Nuxt

Third-party hosts loaded (3)

  • o4510780141207552.ingest.us.sentry.io×1
  • plainstats.com×1
  • us.i.posthog.com×1

Social

DNS records live

NS
  • bowen.ns.cloudflare.com
  • val.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • google-site-verification=VaZiF5Kqq5z6cD9hKR6G5y8U-zPpy7w-NpCpGe76uik
  • google-site-verification=WbJFQG7p1a37J4Biv9RfphHcGHgcTQ-DgYX0avXnjFI
  • waybackverify

Email authentication weak

SPF
v=spf1 include:_spf.google.com ~all
softfail (~all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R13
from 2026-04-15 to 2026-07-14
Expires in 56 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.bettermarkets.app/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
camera=(), microphone=(), geolocation=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://us.i.posthog.com https://us-assets.i.posthog.com https://js.stripe.com https://*.clarity.ms https://static.hotjar.com https://*.hotjar.com https://plainstats.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: blob: https: http:; connect-src 'self' https://api.stripe.com https://us.i.posthog.com https://us-assets.i.posthog.com https://*.supabase.co wss://*.supabase.co https://api.wise.com https://api.resend.com https://api-js.mixpanel.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://plainstats.com https://ipapi.co; frame-src 'self' blob: https://js.stripe.com; object-src 'none'; base-uri 'self'; form-action 'self';
strict-transport-security
max-age=63072000

Links to (8)

Linked from (5)