monad.xyz

HTML metadata

Title: Monad | The Most Performant EVM Blockchain
Description: Monad is the most performant EVM-compatible blockchain with 10,000 TPS, 0.8s finality, and 0.4s block times. Build beyond limits, explore decentralized apps, and join the next frontier of crypto.
Language: en

Open Graph

title: Monad | The Most Performant EVM Blockchain
description: Monad is the most performant EVM-compatible blockchain with 10,000 TPS, 0.8s finality, and 0.4s block times. Build beyond limits, explore decentralized apps, and join the next frontier of crypto.

Technology

CDN: Vercel
CMS: Next.js

Third-party hosts loaded (1)

images.lumacdn.com×10

Social

Registration

Registrar

MarkMonitor, Inc (TLDs)

Created

2019-04-20

Expires

2034-04-20 2892 days left

Updated

2025-12-04

Name servers

cass.ns.cloudflare.com
marvin.ns.cloudflare.com

DNS records live

NS

cass.ns.cloudflare.com
marvin.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

google-site-verification=VuAEzoBKWUzufnnA4ydS4RR9fMbxSftKRXKzAvcJJyY
proxy-ssl.webflow.com
google-site-verification=U7Nf9b9klMvNdA7Jt5mTECSAI5iqzNPkvz9o_S35afE

Email authentication strong

SPF

v=spf1 include:_spf.google.com ~all

softfail (~all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:postmaster@monad.xyz; pct=100; adkim=r; aspf=r

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtunRScWM5aJKI6VsFUPKIK6Dk5FD+DsA1SZCF0+XDosfbWdswFN9rNGpECZIfVWIh1kXvzsBUluSDR…

selectors probed

Certificate (current)

R13

from 2026-05-11 to 2026-08-09

Expires in 82 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.monad.xyz/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: DENY
permissions-policy: camera=(), microphone=(), geolocation=(), browsing-topics=(), interest-cohort=(), payment=(), autoplay=(self "https://www.youtube.com" "https://x.com" "https://platform.twitter.com"), fullscreen=(self "https://www.youtube.com" "https://x.com" "https://platform.twitter.com")
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.vercel-scripts.com; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://subscribe-forms.beehiiv.com https://www.googletagmanager.com https://va.vercel-scripts.com https://tally.so; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://images.ctfassets.net https://images.lumacdn.com https://cdn-assets.molandak.org https://assets.unicorn.studio; media-src 'self' data: blob: https://cdn-assets.molandak.org https://assets.unicorn.studio; font-src 'self' data:; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://www.youtube.com https://platform.twitter.com https://subscribe-forms.beehiiv.com https://tally.so; upgrade-insecure-requests;
strict-transport-security: max-age=63072000