indexo.dev

leather.io

.io crawl

First seen 2026-04-13 · Last seen 2026-05-08 · ok HTTP/1.1 200 233 ms crawled 2026-05-06

US · 172.67.71.162 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Leather
Description
Leather is a self-custodial wallet built for earning yield and managing assets in the Bitcoin ecosystem. Open-source and secure, it supports BTC, STX, Ordinals, BRC-20s, and more—giving users full control across apps, DeFi, and marketplaces.
Language
en-US
Generator
Framer b47b624
Canonical
https://leather.io/

Open Graph

url
https://leather.io/
title
Leather
description
Leather is a self-custodial wallet built for earning yield and managing assets in the Bitcoin ecosystem. Open-source and secure, it supports BTC, STX, Ordinals, BRC-20s, and more—giving users full control across apps, DeFi, and marketplaces.

Technology

CDN
Cloudflare
Analytics
  • Cloudflare Insights
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (6)

  • framerusercontent.com×88
  • events.framer.com×1
  • fonts.gstatic.com×1
  • static.cloudflareinsights.com×1
  • storage.googleapis.com×1
  • www.googletagmanager.com×1

Social

DNS records live

NS
  • elmo.ns.cloudflare.com
  • tricia.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
Show 7 TXT records
  • google-site-verification=r72583oX5MlWctCWVeKFfBzK2TRqtRomW8EGWwn8qOU
  • h1-domain-verification=vR2kzUbhjKa1d3nGsz9Qx6y2LiVXXXYZwQu7ZLrYdRLNmfrv
  • google-site-verification=1jK4WaR2Y1mTcHMESQPuwZ8mYhrIcNnAuZtvYOrLSU0
  • google-site-verification=SNjcLpPhJSDuyKMWa32lfzO3gPct0Ns2aStg-skGE7E
  • google-site-verification=TU8DqfpQZYhDLwM0M3mFI9eBgV8-fyAM7957uh0Jyr0
  • google-site-verification=jEIavdW63S0NajEg0prcKIuiAiJSwKzxtwFtgSIezzg
  • google-site-verification=qYs7XTjQO_IBLgWoYaY-vsgwsJzRn4cYx8rwCiFG4-k

Email authentication strong

SPF
v=spf1 include:dc-aa8e722993._spfm.leather.io ~all
softfail (~all)
DMARC
v=DMARC1;p=quarantine;sp=quarantine;pct=100;rua=mailto:dmarc-reports@leather.io;ri=86400;fo=1
policy: quarantine · sp=quarantine
DKIM
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed

Certificate (current)

WE1
from 2026-05-05 to 2026-08-03
Expires in 76 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://leather.io/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • weak frame protection
  • weak content type protection
  • missing Permissions Policy
Header values
referrer-policy
same-origin, no-referrer
x-frame-options
SAMEORIGIN, deny
x-content-type-options
nosniff, nosniff, nosniff
content-security-policy
default-src 'self' api.github.com *.segment.io *.segment.com *.mxpnl.com *.spline.design framerusercontent.com api.framer.com framer.com events.framer.com app.framerstatic.com fonts.gstatic.com *.google-analytics.com *.analytics.google.com leather.us21.list-manage.com sdk.absolutelabs.app api.coingecko.com https://cdn.lottielab.com/; style-src 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.segment.com *.mxpnl.com unpkg.com *.framer.com storage.googleapis.com framer.com *.googletagmanager.com framerusercontent.com events.framer.com sdk.absolutelabs.app s3.tradingview.com widget.gleamjs.io; img-src 'self' data: https://*; child-src 'none'; frame-src *.framer.com https://wrm.link gleam.io; frame-ancestors 'none'; form-action 'self' webhook.frontapp.com; worker-src 'self' blob:;
strict-transport-security
max-age=31536000

Links to (8)

Linked from (2)