indexo.dev

figment.io

.io crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 1647 ms crawled 2026-05-18

US · 162.159.135.42 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Digital Asset Staking That Is Built For Institutions - Figment
Description
Institutional staking made simple. Earn optimized rewards, reduce risk, and stake across 40+ protocols with Figment’s secure infrastructure.
Language
en-US
Generator
Elementor 4.0.8; features: e_font_icon_svg, additional_custom_breakpoints; settings: css_print_method-external, google_font-enabled, font_display-swap
Canonical
https://www.figment.io/
Feeds

Open Graph

url
https://www.figment.io/
title
Figment: Digital Asset Staking Built for Institutions
locale
en_US
site name
Figment
description
Institutional staking made simple. Earn optimized rewards, reduce risk, and stake across 40+ protocols with Figment’s secure infrastructure.

Technology

CDN
Cloudflare
CMS
WordPress
Analytics
  • Google Tag Manager

Third-party hosts loaded (4)

  • mlmd2ipi7gdc.i.optimole.com×27
  • cdn-cookieyes.com×1
  • gmpg.org×1
  • www.googletagmanager.com×1

Social

DNS records live

NS
  • ns-1131.awsdns-13.org
  • ns-1849.awsdns-39.co.uk
  • ns-205.awsdns-25.com
  • ns-558.awsdns-05.net
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
Show 28 TXT records
  • google-site-verification=ckc9Qq_zESsjg9oy8FGdk8e5D5rhndKTp2CanBLYRWA
  • have-i-been-pwned-verification=dweb_ui78blymfkw2spfylslgbuia
  • cursor-domain-verification-5bhrmk=o6pclHFoVS7ftZGBVnha78fQG
  • keybase-site-verification=DdAnpN-pcErgYoMxFCLrPRzTZgSXw_ZuC0eIUHwc1Fc
  • atlassian-domain-verification=EQJV6oSS0EsUMniZEt29dRHiRK8DF25h9vwMLtgRa5X8ev25UwnhTuKROmYjHUA7
  • adobe-idp-site-verification=dfab9e9d430f443ab3e42dffabb424011f98f0c24f4db2b62b3529865a3963fa
  • linear-domain-verification=2y8yhtvghp4t
  • apple-domain-verification=uTpJEETbhQlDKZys
  • pardot996052=75b5838a06aad6b820589e80f43dd16f923fb5d9722e03ad0dc3ba2ea0499623
  • anthropic-domain-verification-ef3qqv=YBhRZ4o3Ghs2y7aXV2tZEA86E
  • asv=7c46eb3ff7e779144a82de9b968869ce
  • segment-site-verification=0IoFEXsPN2QuIkmTIbOIqnJxuSjI2x4l
  • TAILSCALE=2t6ERry5XPlGtjE3yJ9F
  • google-site-verification=Khckm4dq4RhSooSiLX4HhSRacwAuWudnEHq99yylgQY
  • NS-EaLfsDm3XGqi5n1BX5H7OY48
  • pardot996052=7486fee119ac11fb89caf2d45b6d23a02e61e5ae1f92c42e7ad8e0fafc981b26
  • ZOOM_verify_Cy9ausPK4Erogm3TZam9z8
  • notion_verify_KDm6Xn5x2j6xpKdXKkW9BM3YwhXbn3MEseqyrG8dzGRQigdKG1QRZUqsU2caCpk7Qmz8i2
  • miro-verification=019009ec85a3f7ccc1252f5695a92a2a8d7fd92e
  • docker-verification=c5a7292d-239c-4ceb-bd4d-738ba6f2db9f
  • openai-domain-verification=dv-kopAnhxE51y2A1pbkM4vuEE0
  • postman-domain-verification=d507eeb4633cc84729506ee408367d2fb5a2962e26933407f6c9d36a4d9ec66b
  • MS=ms33939498
  • docusign=d3c7dec8-28e3-4f9e-b279-19a9f9db7882
  • linear-domain-verification=2m3apji93n8x
  • 4f8f96cc-5de2-472e-811c-5ac1771a1b53=2c2b6d125965754de1000a2399bb7fc846125a97cacea2aff83a2f4db0788a01
  • google-site-verification=9SYWWaxRHCGLqqiawBVtZ68V3K26I04SA8I-OYWYfSo
  • orbitid-domain-verification=cmcdmh5tw0074rj8ae2h9w8mb:figment.io

Email authentication strong

SPF
v=spf1 include:_spf.psm.knowbe4.com include:_spf.google.com include:mail.zendesk.com include:aspmx.pardot.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:re+wgipacklt32@dmarc.postmarkapp.com; aspf=r;
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLT53/D/Gyz/4WLjEqXYGs0TvLqr7ydMuVfkrUz+EqB8LS/UZMoysVqJnoQAQxTkl0RAFOaNnkaExR…
selectors probed

Certificate (current)

WE1
from 2026-04-10 to 2026-07-09
Expires in 51 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.figment.io/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
geolocation=(), microphone=(), camera=()
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tag.adrsbl.io https://googleads.g.doubleclick.net https://figment.io https://figmentio.kinsta.cloud https://cdn.spindl.xyz https://assets.apollo.io https://apollo.io https://js.intercomcdn.com https://widget.intercom.io/widget/ https://player.vimeo.com https://www.youtube.com https://youtube.com https://unpkg.com/ https://cdnjs.cloudflare.com https://script.hotjar.com https://snap.licdn.com https://cdn.segment.com https://static.hotjar.com https://cdn.datatables.net https://app.posthog.com https://*.optimole.com https://rewards-calculator.figment.io https://www.googletagmanager.com https://figment.io https://cdn-cookieyes.com https://www.youtube.com https://www.google-analytics.com https://js-agent.newrelic.com https://ssl.google-analytics.com https://bam.nr-data.net https://s.ytimg.com https://www.youtube.com/iframe_api; img-src 'self' data: https: https://tag.adrsbl.io https://px4.ads.linkedin.com https://www
strict-transport-security
max-age=63072000; includeSubDomains; preload

Links to (4)

Linked from (6)