indexo.dev

grassfoundation.io

.io crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 1066 ms crawled 2026-05-18

US · 13.249.8.62 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Get rewarded for the internet you don't use
Description
Grass turns the unused part of your internet into rewards. Just download the app, let it run in the background, and start earning.
Language
en

Open Graph

title
Get rewarded for the internet you don't use
description
Grass turns the unused part of your internet into rewards. Just download the app, let it run in the background, and start earning.

Technology

CDN
Amazon CloudFront
CMS
Next.js

DNS records live

NS
  • anton.ns.cloudflare.com
  • pam.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
Show 8 TXT records
  • google-site-verification=XvANuzvJRbf3pX72QwuTTSPtY83rNhyKb7uWs9fJghs
  • google-site-verification=zzjer5Le0oYPDR6RKPPZjlzfbPKxwci0Rl7H00gkc1A
  • tipalti-domain-verification=0722fc07-8e06-f111-838e-02501973a9c1
  • tipalti-domain-verification=4d9ede5e-8e06-f111-838e-02501973a9c1
  • tipalti-domain-verification=dc43022c-8e06-f111-838e-02501973a9c1
  • brevo-code:adeeb9822c6fe7675c40605341cd7560
  • fcb4e8b9-dd85-46f1-bb5d-0832555d0ed3=49e0326386d82b29b769131f0aa098a5c917773c8344157252f1434843dff7a4
  • google-site-verification=Bgv93s8olejQ-KEf8UdQfXwma48LYBhJdCsfZVgK4tU

Email authentication strong

SPF
v=spf1 include:_spf.google.com include:_spf.salesforce.com -all
strict (-all)
DMARC
v=DMARC1; p=quarantine; rua=mailto:rua@dmarc.brevo.com,mailto:security@groomla.ke;
policy: quarantine
DKIM
  • mail: k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z…
selectors probed

Certificate (current)

Amazon RSA 2048 M04
from 2026-05-09 to 2026-11-23
Expires in 187 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 65/100 Checked live page: https://www.grassfoundation.io/

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
origin-when-cross-origin
x-frame-options
DENY
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://api.getgrass.io https://white-distinguished-seed.solana-mainnet.quiknode.pro/592d88f53e29bd010c015a0949b8f388f8cf21ce/ undefined wss://*.walletconnect.org https://*.walletconnect.org https://*.walletconnect.com wss://*.walletconnect.com wss://*.solana.com https://*.solana.com https://infragrid.v.network/wallet/getnodeinfo wss://*.quiknode.pro wss://*.helius-rpc.com https://*.helius-rpc.com https://*.quiknode.pro https://*.solflare.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.gstatic.com; img-src 'self' https://cdn.jsdelivr.net https://*.grassfoundation.io https://*.getgrass.io blob: data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; frame-src 'self' https://*.solflare.com https://*.walletconnect.org https://*.walletconnect.com;

Linked from (2)