superstate.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-08 · ok HTTP/1.1 200 838 ms crawled 2026-05-08

US · 104.20.23.38 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title

Superstate

Description

Superstate is modernizing investing through tokenized financial products

Language

Canonical

https://superstate.com/

Feeds

Atom Atom

Open Graph

title: Superstate
description: Superstate is modernizing investing through tokenized financial products

Technology

CDN: Cloudflare

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Registration

Registrar

Cloudflare, Inc.

Created

1999-11-23

Expires

2026-11-23 187 days left

Updated

2025-04-22

Name servers

ignacio.ns.cloudflare.com
liberty.ns.cloudflare.com

DNS records live

NS

ignacio.ns.cloudflare.com
liberty.ns.cloudflare.com

TXT

google-site-verification=RPwDMQlfVk-nIXpY2QKVIupD0LZEX6QepdwO5jUm5Oo
google-site-verification=90ldzfyI3LjaURwdViylgVUcoIea1rTYMCSq51Fx0c8

Email authentication no MX

SPF

v=spf1 -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:it+dmarc@superstate.co; ruf=mailto:it+dmarc@superstate.co; fo=1

policy: reject (enforced)

DKIM

Show 12 DKIM selectors

default: v=DKIM1; p=
google: v=DKIM1; p=
selector1: v=DKIM1; p=
selector2: v=DKIM1; p=
k1: v=DKIM1; p=
k2: v=DKIM1; p=
mail: v=DKIM1; p=
dkim: v=DKIM1; p=
s1: v=DKIM1; p=
s2: v=DKIM1; p=
mxvault: v=DKIM1; p=
smtpapi: v=DKIM1; p=

selectors probed

Certificate (current)

WE1

from 2026-04-19 to 2026-05-19

Expired 1 day ago

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 95/100 Checked live page: https://superstate.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: camera=(), microphone=(), geolocation=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-src 'self' https://www.googletagmanager.com https://*.tradingview.com https://verify.walletconnect.com https://*.walletconnect.com https://*.hsforms.net https://*.hsforms.com; worker-src 'self' blob:; connect-src 'self' https://*.superstate.com https://*.walletconnect.com wss://*.walletconnect.com https://*.sentry.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://hermes.pyth.network https://rpc.plume.org https://testnet-rpc.plume.org https://eth-mainnet.g.alchemy.com https://lela-0faqed-fast-mainnet.helius-rpc.com; font-src 'self'; img-src 'self' data: https://assets.superstate.com https://assets.dev.superstate.com https://assets.devddx.superstate.com https://assets.staging.superstate.com https://superstate.com https://drive.usercontent.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hubspot.com https://*.hu
strict-transport-security: max-age=63072000; includeSubDomains; preload