ngrok.com

HTML metadata

Title: ngrok: AI & API Gateway | Secure Tunnels & Traffic
Description: ngrok is an AI and API gateway that securely routes, transforms, and observes traffic to services running anywhere—powering APIs, AI agents, and LLM workloads.
Language: en-US
Canonical: https://ngrok.com/

Open Graph

url: https://ngrok.com/
title: ngrok: AI & API Gateway | Secure Tunnels & Traffic
locale: en_US
site name: ngrok.com
description: ngrok is an AI and API gateway that securely routes, transforms, and observes traffic to services running anywhere—powering APIs, AI agents, and LLM workloads.

Technology

CMS: Gatsby

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Registration

Registrar

NameCheap, Inc.

Created

2013-03-18

Expires

2031-03-18 1764 days left

Updated

2026-02-24

Name servers

ns-1191.awsdns-20.org
ns-1552.awsdns-02.co.uk
ns-299.awsdns-37.com
ns-985.awsdns-59.net

DNS records live

NS

ns-1191.awsdns-20.org
ns-1552.awsdns-02.co.uk
ns-299.awsdns-37.com
ns-985.awsdns-59.net

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 14 TXT records

MS=ms54638992
MS=4E68497F7FE0C52FFF9AA21759F98DA9C7851559
google-site-verification=ovDe-z_kNvjU3KOAl35kjVW3OtBZc9HVvz7fXlrZZdA
zapier-domain-verification-challenge=688083e7-4e0a-46d1-bb3b-afba59813e07
sinch-domain-verification=68b65413-731f-4609-8031-0da08dec78be
hubspot-domain-verification=MTRjYTdiYzAtYmMxOS00ODYwLWIxMTQtMTE4NDQyMmU2OThl
google-site-verification=EqI946zEUkMi7c2lszohdzuH3WjS6gqFweBukIRk1hk
anthropic-domain-verification-rsnnnx=j1KXArx1t88aeN8QRyoGFIPG1
m5lbtxv1wb9mmqn8gb77l0fzqw4574s9
stripe-verification=4ae5785d7d47bb67658101049e139e565355fdbe0b74c80f8b10d1b68ed07397
apple-domain-verification=nWajJXKaTl4E15Wp
segment-site-verification=7ovxCnLsFAO7peWlZAapBteMUioR56oX
google-site-verification=NuaXoaJOg65EEby46q68Tk2MjKJbImfQvgF8ZWWIyFc
postman-domain-verification=4804e876c6d1fe01133ac3ca13ead25cb5583892a095b6daa04f89daa865bb2f053797f99bb93df00a008d9c9a4374e09551f86b7cf50625e3932dba31101a9d

Email authentication strong

SPF

v=spf1 include:_spf.google.com include:mailgun.org include:_spf.salesforce.com include:mail.zendesk.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; sp=reject; pct=100; fo=1; adkim=r; aspf=r; rua=mailto:dmarc-reports@ngrok.com; ruf=mailto:dmarc-reports@ngrok.com; ri=86400

policy: reject (enforced) · sp=reject

DKIM

google: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+oojvnEcNNpi+m2GtvT+94ZyoJv1EjWD9uuFNBbDBvJZzA+5ooaauW8nnX9bI2ImilfFy2fUc3mpHJlaZIy…

selectors probed

Certificate (current)

E7

from 2026-05-03 to 2026-08-01

Expires in 74 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://ngrok.com/

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy
permissions-policy

findings

CSP uses wildcard sources
missing frame protection

Header values

referrer-policy: strict-origin-when-cross-origin
permissions-policy: camera=(), microphone=(), geolocation=()
x-content-type-options: nosniff
content-security-policy: script-src 'nonce-853689b1abb6e669b808c8cbc17641c4' 'strict-dynamic' 'self' https://cdn.ketchjs.com https://global.ketchcdn.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://ngrok.zendesk.com https://pod-13.zendesk.com https://pod-13-sunco-ws.zendesk.com https://static.zdassets.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://us-assets.i.posthog.com https://e.ngrok.com; base-uri 'self';; object-src 'none';; worker-src blob:;; frame-ancestors 'self' https://us.posthog.com;
strict-transport-security: max-age=63072000; includeSubDomains; preload