painmap.io

.io crawl

First seen 2026-05-06 · Last seen 2026-05-13 · ok HTTP/1.1 200 2645 ms crawled 2026-05-13

DE · 63.176.8.218 · AS16509 Amazon.com, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: PainMap — Stop Guessing. Ship Products the Market Already Wants.
Description: PainMap runs parallel AI research across Reddit, X, G2, Capterra, and Trustpilot simultaneously - then delivers a complete product brief with validated features, real pricing data, and ready-to-publish landing page copy.
Language: en
Canonical: https://painmap.io/

Open Graph

url: https://painmap.io/
title: PainMap — Stop Guessing. Ship Products the Market Already Wants.
site name: PainMap
description: PainMap runs parallel AI research across Reddit, X, G2, Capterra, and Trustpilot simultaneously - then delivers a complete product brief with validated features, real pricing data, and ready-to-publish landing page copy.

Technology

CDN: Netlify

Fonts

Google Fonts

Third-party hosts loaded (2)

fonts.googleapis.com×2
fonts.gstatic.com×1

DNS records live

NS

dns1.p08.nsone.net
dns2.p08.nsone.net
dns3.p08.nsone.net
dns4.p08.nsone.net

MX

1 smtp.google.com

TXT

google-site-verification=VUWJSi4TvYxp5z8NeeVuPMrjS-P5AF-wx6ns5D_uR9M
google-site-verification=3unmjlBu4IT9E1wacpxIidnJ5TtHP5acSnnfGkgB7oI

Email authentication partial

SPF

v=spf1 include:spf.privateemail.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none;

policy: none (monitoring only)

DKIM

google: v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFEmftWBIGHet505YKEdR88+DN/sorzR+YlFMFy3PtdrUCLrHFP7miDCcau9nUrhppaqvhenqkdFsKh6…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

from 2026-04-07 to 2026-07-06

Expires in 48 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://painmap.io/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: DENY
permissions-policy: camera=(), microphone=(), geolocation=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://*.sentry.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://*.supabase.co https://api.stripe.com https://*.sentry.io https://*.ingest.sentry.io https://*.mailchimp.com; frame-src https://js.stripe.com; object-src 'none'; base-uri 'self';
strict-transport-security: max-age=31536000; includeSubDomains; preload