indexo.dev

payload.com

.com crawl

First seen 2026-05-05 · Last seen 2026-05-15 · ok HTTP/1.1 200 1976 ms crawled 2026-05-11

US · 104.18.3.107 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Payload | Unified Payment Infrastructure for Modern Businesses
Description
Move money faster, smarter, and at any scale. A unified payment platform for receiving, sending, and facilitating money movement across every channel and method.
Canonical
https://payload.com/

Open Graph

url
https://payload.com/
title
Unified Payment Infrastructure for Modern Businesses
description
Move money faster, smarter, and at any scale. A unified payment platform for receiving, sending, and facilitating money movement across every channel and method.

Technology

CDN
Cloudflare
CMS
Next.js

Social

Contact

Address
4455 Carver Woods Drive, Suite 200, 45242, Cincinnati, OH, US

Registration

Registrar
Cloudflare, Inc.
Created
1995-04-26
Expires
2030-04-27 1438 days left
Updated
2024-05-02
Name servers
  • bill.ns.cloudflare.com
  • jade.ns.cloudflare.com

DNS records live

NS
  • bill.ns.cloudflare.com
  • jade.ns.cloudflare.com
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
Show 6 TXT records
  • zoho-verification=zb04867961.zmverify.zoho.com
  • bw=rtfNSCp0knUxojwTon4hgblihgZrJMkAWfzRX6K1sVYb
  • google-gws-recovery-domain-verification=51028497
  • google-site-verification=OEa3mFxMoggLnc3oMVmdF0lB-GQqB0j2Hgpc6rPtA_A
  • rvyfru3tab
  • twilio-domain-verification=b0676193288ce8aefc34dee217da2267

Email authentication strong

SPF
v=spf1 include:mail.zendesk.com include:zcsend.net include:_spf.google.com include:47241254.spf03.hubspotemail.net -all
strict (-all)
DMARC
v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@payload.com
policy: quarantine
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FEYSoNScO0VflOmHiV39RPi3Q1tzy1pUlefCTtAXUbUv2oRt8seOKkagjN5VM8iCyK4o5aAx8Z3pr…
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFQKHXWziMCLN3XVmIYOxCAQ7OoqHNSSZQny4MHznLFGMfTty5G6vW7fn1itUvRQTwkPGpLZ4Zn2zGfkGc…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGDGQzfDXWZS4mrjbUHwbpWcX6cLjyjjqmueIO/yfVK1Qnh530vzCduSq/awlo/pUOcLxpXBPBY0UqjPY+XQ8YpU…
selectors probed

Certificate (current)

WE1
from 2026-03-23 to 2026-06-21
Expires in 32 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://payload.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
content-security-policy
script-src 'self' 'unsafe-eval' 'unsafe-inline' payload.co app.payload.co payload.com app.payload.com pay.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com cdnjs.cloudflare.com browser.sentry-cdn.com *.fontawesome.com snap.licdn.com *.hubspot.com js.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com cdn.jsdelivr.net; img-src 'self' data: payload.co app.payload.co payload.com app.payload.com gstatic.com www.google-analytics.com *.visa.com www.gstatic.com developers.google.com px.ads.linkedin.com track.hubspot.com forms.hsforms.com; default-src 'self' payload.co *.payload.co payload.com *.payload.com fonts.gstatic.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' payload.co app.payload.co payload.com app.payload.com fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net; connect-src 'self' ws: wss: payload.co *.payload
strict-transport-security
max-age=31536000; includeSubDomains

Links to (3)

Linked from (2)