proof.xyz

.xyz crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 2261 ms crawled 2026-05-18

US · 104.21.31.31 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Homepage | PROOF
Description: Learn more about the community-centric web3 products being built to celebrate art, connect collectors, and activate creative entrepreneurship.

Open Graph

title: Homepage | PROOF
site name: PROOF

Technology

CDN: Cloudflare
CMS: Next.js

Third-party hosts loaded (1)

d10ynv83w8vhgs.cloudfront.net×15

Social

Registration

Registrar

MarkMonitor, Inc (TLDs)

Created

2018-12-09

Expires

2028-12-09 934 days left

Updated

2024-04-09

Name servers

abby.ns.cloudflare.com
huxley.ns.cloudflare.com

DNS records live

NS

abby.ns.cloudflare.com
huxley.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 4 TXT records

asv=9dbb22ad817c83a68dee02d6c2640f04
google-site-verification=kQJ38wlY4dLbNMuAJOEBTTJw0m6OV-hEF-9weQVct_Y
linear-domain-verification=uayikfve9umn
notion-domain-verification=1Jwc12gGQZTYlVPhPmv9QTOeqF9d8i7uS4KdQNm2bL3

Email authentication partial

SPF

v=spf1 include:mail.zendesk.com include:_spf.google.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; rua=mailto:dmarc@proof.xyz,mailto:re+a8b1334cd89b@inbound.dmarcdigests.com; ruf=mailto:dmarc@proof.xyz; pct=100

policy: none (monitoring only)

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OGW72mFLPMquv+G7s3YI0DRzl/DVuO59nl8yf0MuSpjcpKfC1SHYmZQcBKvDv7/nbuou25KpvKSQR…
k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…

selectors probed

Certificate (current)

WE1

from 2026-04-29 to 2026-07-28

Expires in 69 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.proof.xyz/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: origin
x-frame-options: deny
x-content-type-options: nosniff
content-security-policy: default-src 'self' cdn.infiniteobjects.com fonts.gstatic.com; frame-src 'self' ipfs.io arweave.net *.arweave.net generator.artblocks.io generator-staging-goerli.artblocks.io generator-staging-sepolia.artblocks.io www.youtube.com www.youtube-nocookie.com verify.walletconnect.com proofxyz.mypinata.cloud *.crossmint.com; connect-src 'self' wss: nft-metadata.proof.art *.ingest.sentry.io wss://*.infura.io wss://*.walletlink.org wss://mainnet.era.zksync.io/ws virtual.mainnet.rpc.tenderly.co wss://*.bridge.walletconnect.org registry.walletconnect.com wss://*.walletconnect.com *.walletconnect.com cloudflare-eth.com *.wallet.coinbase.com api.wallet.coinbase.com mainnet-infura.wallet.coinbase.com *.algolia.net *.algolianet.com generator.artblocks.io generator-staging-goerli.artblocks.io generator-staging-sepolia.artblocks.io media-proxy-staging.artblocks.io www.googletagmanager.com www.google-analytics.com storage.googleapis.com *.s3.us-west-2.amazonaws.com d10ynv83w8vhgs.cloudfront.net birdwat
strict-transport-security: max-age=31104000; includeSubDomains

Links to (7)

Linked from (2)

eth.xyz×4
bee.com×3