indexo.dev

qapital.com

.com crawl

First seen 2026-04-17 · Last seen 2026-05-12 · ok HTTP/1.1 200 2355 ms crawled 2026-05-12

US · 100.56.1.217 · AS14618 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Qapital - Set-and-forget your financial goals
Description
Qapital is an award-winning app designed to let you save, invest, and spend with any goal in mind.
Language
en

Open Graph

url
https://www.qapital.com/
title
Qapital - Set-and-forget your financial goals
locale
en_US
site name
Qapital
description
Qapital is an award-winning app designed to let you save, invest, and spend with any goal in mind.

Technology

CDN
Amazon CloudFront
Server
qapital
CMS
Next.js
Analytics
  • Google Tag Manager

Third-party hosts loaded (2)

  • cdn.qapitalapp.net×12
  • www.googletagmanager.com×1

Social

Registration

Registrar
Abion AB
Created
2012-09-10
Expires
2026-09-10 112 days left
Updated
2025-09-03
Name servers
  • brianna.ns.cloudflare.com
  • oswald.ns.cloudflare.com

DNS records live

NS
  • brianna.ns.cloudflare.com
  • oswald.ns.cloudflare.com
MX
  • 10 aspmx.l.google.com
  • 20 alt1.aspmx.l.google.com
  • 20 alt2.aspmx.l.google.com
  • 30 aspmx2.googlemail.com
  • 30 aspmx3.googlemail.com
TXT
  • ca3-80971e64b2d24166800706e7a86d7100
  • mixpanel-domain-verify=e2aa4eda-3ed9-4d6d-ac98-01279ef44769
  • wombat-verification=3KwxVCQV1HEp-aRXRTKKaZ5G0frhk
Verified for
  • Apple
  • Atlassian
  • Google
  • Meta
  • Microsoft 365
  • Pinterest

Email authentication strong

SPF
v=spf1 include:_spf.google.com include:spf.mandrillapp.com -all
strict (-all)
DMARC
v=DMARC1; p=reject; rua=mailto:dmarc@qapital.com;
policy: reject (enforced)
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsdaVeX+0/Om2EcT1kQ3QjwkTRwZnusVHvFX0spAykfFE+8OY6H8xxF2L5Vk3pz2td0OlBFRaQUNKp…
selectors probed

Certificate (current)

Amazon RSA 2048 M04
from 2025-09-23 to 2026-10-23
Expires in 155 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.qapital.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
same-origin
x-frame-options
DENY
permissions-policy
fullscreen=(self), geolocation=(), camera=()
x-content-type-options
nosniff
content-security-policy
default-src https://cdn.qapitalapp.net 'self'; style-src https://cdn.qapitalapp.net 'self' 'unsafe-inline'; script-src https://cdn.qapitalapp.net https://*.googletagmanager.com https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net 'self' 'unsafe-inline'; object-src 'none'; img-src https://*.google-analytics.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://www.facebook.com 'self'; connect-src https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.qapitalapp.net https://stats.g.doubleclick.net https://analytics.tiktok.com 'self'; frame-ancestors 'none'
strict-transport-security
max-age=63072000; includeSubDomains; preload

Links to (7)

Linked from (1)