sprig.com

HTML metadata

Title: Sprig | Enterprise Research Platform Powered by AI Agents
Description: Sprig is a unified research platform built for UX teams who need fast, relevant user insights. Powered by AI, Sprig helps you do more research in less time by capturing and analyzing real-time feedback and behavioral data at scale.
Canonical: https://sprig.com

Open Graph

title: Sprig | Enterprise Research Platform Powered by AI Agents
description: Sprig is a unified research platform built for UX teams who need fast, relevant user insights. Powered by AI, Sprig helps you do more research in less time by capturing and analyzing real-time feedback and behavioral data at scale.

Technology

CDN: Cloudflare
Server: istio-envoy

Third-party hosts loaded (3)

cdn.prod.website-files.com×75
cdn.jsdelivr.net×3
d3e54v103j8qbb.cloudfront.net×1

Social

Registration

Registrar

1API GmbH

Created

1996-01-27

Expires

2030-01-28 1348 days left

Updated

2025-11-22

Name servers

ns-1076.awsdns-06.org
ns-15.awsdns-01.com
ns-1691.awsdns-19.co.uk
ns-647.awsdns-16.net

DNS records live

NS

ns-1076.awsdns-06.org
ns-15.awsdns-01.com
ns-1691.awsdns-19.co.uk
ns-647.awsdns-16.net

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

atlassian-sending-domain-verification=56d1eef3-ae9f-4cbb-9805-7235dc611abf

Verified for

Apple
Atlassian
Google
Meta
Stripe

Email authentication strong

SPF

v=spf1 a mx include:_spf.google.com include:8224380.spf04.hubspotemail.net include:u9595947.wl198.sendgrid.net include:_spf.salesforce.com -all

strict (-all)

DMARC

v=DMARC1; p=reject; pct=100; rua=mailto:dmarc@sprig.com; sp=quarantine; adkim=r; aspf=r

policy: reject (enforced) · sp=quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzQtdXAcmm4p/Ld7NYG3xVEBX95McqLnIdh+Pry4eGmrnqTdoe9F8x+TqTemJU6YFaCLas6WCG+LJ9…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mbaSW0g/lV/p5ij//AGQBXCgb2DANWD+wWFzVVLNQDak1tXfGFExHfS47CjUSahlU2QPlOnDrNzr1lxBR…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjIdN6gxRDxjcGSlZPjD7PlBszrHwq63WI6quoaX47hzmLGjMzH9Dg3dzvh4IEI8E0GPMDOsDrmgJNkAkPvJK7Df…

selectors probed

Certificate (current)

Amazon RSA 2048 M04

from 2026-01-31 to 2027-03-02

Expires in 285 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://sprig.com/

present

strict-transport-security
content-security-policy
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-content-type-options: nosniff
content-security-policy: default-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://polyfill.io https://googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://js.hs-analytics.net https://js.hs-scripts.com https://cdn.heapanalytics.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://ws.zoominfo.com https://scout-cdn.salesloft.com https://googleads.g.doubleclick.net https://static.hsappstatic.net https://www.vimeo.com https://vimeo.com https://*.hsforms.com https://secure.cold5road.com/ https://*.
strict-transport-security: max-age=31536000

Links to (2)

linkedin.com×4
x.com×4

Linked from (1)

userleap.com×4