nano-gpt.com

.com crawl

First seen 2026-04-15 · Last seen 2026-05-07 · ok HTTP/1.1 200 628 ms crawled 2026-05-10

US · 216.150.1.1 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title

NanoGPT

Description

NanoGPT offers access to every AI model with pay-as-you-go or an optional subscription with included open-source model usage. Generate videos (Kling, Veo and more), create images (Flux Pro, Kontext, GPT Image, Hidream), and access ChatGPT, Claude, Gemini, Deepseek, and other top AI models.

Language

Generator

Next.js

Canonical

https://nano-gpt.com

Translations

Open Graph

url: https://nano-gpt.com
title: NanoGPT
site name: NanoGPT
description: Access all the newest AI models including ChatGPT, Claude, Gemini, Deepseek, and all image and video models. Starting at $0.01. Pay-as-you-go or subscribe. Private by design.

Technology

CDN: Vercel
CMS: Next.js

Registration

Registrar

Cloudflare, Inc.

Created

2023-10-19

Expires

2027-10-19 516 days left

Updated

2026-02-05

Name servers

clayton.ns.cloudflare.com
lola.ns.cloudflare.com

DNS records live

NS

clayton.ns.cloudflare.com
lola.ns.cloudflare.com

MX

10 mx.zoho.eu
20 mx2.zoho.eu
50 mx3.zoho.eu

Verified for

Google
Zoho

Email authentication partial

SPF: v=spf1 include:zoho.eu ~all
softfail (~all)
DMARC: v=DMARC1; p=none; rua=mailto:dmarc@nano-gpt.com; ruf=mailto:dmarc@nano-gpt.com; sp=none; adkim=r; aspf=r
policy: none (monitoring only) · sp=none
DKIM: no key found at common selectors

Certificate (current)

R12

from 2026-03-13 to 2026-06-11

Expires in 22 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://nano-gpt.com/conversation/new

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net https://apis.google.com https://www.youtube.com https://js.stripe.com https://va.vercel-scripts.com https://embed.hel.io https://connect.facebook.net https://www.googletagmanager.com https://www.redditstatic.com https://challenges.cloudflare.com https://verify.walletconnect.org https://vercel.live https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://embed.hel.io; img-src 'self' data: blob: https: http:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' blob: https: wss: data: https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com; media-src 'self' data: blob: https: http:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; worker-src 'self' blob:; child-src 'self' blob: https://docs.google.com https://drive.google.com https://nanswap.com
strict-transport-security: max-age=63072000

Linked from (1)

longstories.ai×2