wit.ai

.ai crawl

First seen 2026-04-11 · Last seen 2026-05-18 · ok HTTP/1.1 200 3076 ms crawled 2026-05-19

FI · 157.240.205.53 · AS32934 Facebook, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title: Wit.ai
Language: en

Technology

Third-party hosts loaded (1)

static.xx.fbcdn.net×9

Registration

Registrar

RegistrarSafe, LLC

Created

2017-12-16

Expires

2033-10-06 2695 days left

Updated

2025-10-27

Name servers

b.ns.facebook.com
a.ns.facebook.com
c.ns.facebook.com
d.ns.facebook.com

DNS records live

NS

a.ns.facebook.com
b.ns.facebook.com
c.ns.facebook.com
d.ns.facebook.com

MX

10 mxa-00082601.gslb.pphosted.com
10 mxb-00082601.gslb.pphosted.com

TXT

48z95208r3jk2gqq2jc8367nrmz520z2

Verified for

Google
Microsoft 365

Email authentication partial

SPF: v=spf1 include:_spf.facebook.com include:spf.mail.intercom.io include:spf-00082601.pphosted.com -all
strict (-all)
DMARC: v=DMARC1; p=none; sp=none; rua=mailto:a@dmarc.facebookmail.com
policy: none (monitoring only) · sp=none
DKIM: no key found at common selectors

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1

from 2026-02-26 to 2026-05-27

Expires in 6 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://wit.ai/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
permissions-policy
cross-origin-opener-policy
cross-origin-resource-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy

Header values

x-frame-options: DENY
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-content-type-options: nosniff
content-security-policy: default-src blob:;script-src *.facebook.com *.facebook.net *.fbcdn.net 'nonce-UIQfkvGU' *.wit.ai *.facebook.com:8443;style-src *.facebook.com 'unsafe-inline' *.wit.ai *.fbcdn.net;connect-src 'self' *.fbcdn.net *.facebook.net *.facebook.com wss://*.facebook.com *.wit.ai *.facebook.com:8443 wss://api.wit.ai wss://ws.wit.ai *.facebook.com:9504;font-src data: blob: *.fbcdn.net;img-src 'self' blob: data: *.fbcdn.net *.fbsbx.com www.facebook.com/tr/ *.facebook.net *.facebook.com;media-src data: blob: *.fbcdn.net;child-src data: blob:;frame-src data: blob:;manifest-src data: blob:;object-src data: blob:;worker-src data: blob:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=31536000; preload; includeSubDomains
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin

Linked from (1)

clojuredocs.org×3