wellhub.com

.com crawl

First seen 2026-04-12 · Last seen 2026-05-16 · ok HTTP/1.1 200 1012 ms crawled 2026-05-04

US · 13.33.235.124 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Wellhub (Gympass) | Daily Wellbeing Options for Every Employee
Description: Wellhub, formerly Gympass, offers a single subscription connecting employees to fitness, mindfulness, nutrition, sleep resources, and more. Explore our how it works and how to bring wellness to your workplace.
Canonical: https://wellhub.com/en-us/

Technology

CDN: Amazon CloudFront
Server: AmazonS3
CMS: Next.js

Analytics

Google Tag Manager

Cookie consent

OneTrust

Third-party hosts loaded (2)

cdn.cookielaw.org×2
www.googletagmanager.com×2

Social

Contact

Address: 30 Irving Place 8th floor New York, NY 10003

Registration

Registrar

GoDaddy.com, LLC

Created

2021-05-29

Expires

2028-05-29 740 days left

Updated

2026-01-15

Name servers

ns-1442.awsdns-52.org
ns-1548.awsdns-01.co.uk
ns-437.awsdns-54.com
ns-732.awsdns-27.net

DNS records live

NS

ns-1442.awsdns-52.org
ns-1548.awsdns-01.co.uk
ns-437.awsdns-54.com
ns-732.awsdns-27.net

MX

1 aspmx.l.google.com
10 alt3.aspmx.l.google.com
10 alt4.aspmx.l.google.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 8 TXT records

google-site-verification=VLYYbKiBOwdnvq0hMSehSuH2SIlWZpHBbya_iDLaw3w
google-site-verification=i5dZQbAZCeMIEMgtytlQQqEkuBoIcP8EqpAr-HMz4W4
google-site-verification=rGs-AqnlSPqr4CSzMyKw-zj7wkMe-gAsew0qvplbtgY
include:MS=ms14268235
v=spf1 include:_spf.wellhub_com._d.easydmarc.pro -all
Validity-Domain-Verification=U04ATdqpVp5kpbE4lLQnGeCkaic=
anthropic-domain-verification-05qvyq=JZWd6qMyva5BRkiH0SMq5KU2q
cursor-domain-verification-0e4r0m=SgE2gAwznCbIoW4uzyNpgannT

Certificate (current)

Amazon RSA 2048 M01

from 2026-02-22 to 2026-09-08

Expires in 111 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://wellhub.com/en-us/

present

strict-transport-security
content-security-policy-report-only
x-frame-options
x-content-type-options

findings

missing Content Security Policy
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: DENY
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wellhub.com *.amplitude.com https://js.appboycdn.com/web-sdk/4.0/braze.no-amd.min.js https://widget-mediator.zopim.com https://js-na1.hs-scripts.com https://static.zdassets.com https://sdk.inbenta.io https://chatbot.backoffice.gympass-staging.com/chatbot-site-gympass-com.js https://cdn.optimizely.com https://maps.googleapis.com https://x.clearbitjs.com https://js.hscollectedforms.net https://connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com cdn.cookielaw.org/ cdn.segment.com bat.bing.com/bat.js cdn.jsdelivr.net/npm/jquery-validation@1.19.5/dist/jquery.validate.min.js cdn.optimizely.com/js/ cdn.segment.com/analytics.js/ cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js code.jquery.com/jquery-3.6.0.min.js connect.facebook.net/en_US/fbevents.js googleads.g.doubleclick.net/pagead/viewthroughconversion/ j.6sc.co/6si.min.js js.driftt.com/include/ js.h