indexo.dev

xbto.com

.com crawl

First seen 2026-04-14 · Last seen 2026-05-11 · ok HTTP/1.1 200 6655 ms crawled 2026-05-08

US · 198.202.211.1 · AS209242 Cloudflare London, LLC

Reputation 100/100

sector finance type homepage

HTML metadata

Title
Institutional Digital Asset Investment | XBTO
Description
XBTO is a trusted leader in Institutional Digital Asset Investment. Explore expert solutions in Digital Asset Management and Crypto Market Making.
Language
en-GB
Canonical
https://www.xbto.com

Open Graph

title
Institutional Digital Asset Investment | XBTO
description
XBTO is a trusted leader in Institutional Digital Asset Investment. Explore expert solutions in Digital Asset Management and Crypto Market Making.

Technology

CDN
Cloudflare

Third-party hosts loaded (5)

  • cdn.prod.website-files.com×77
  • cdn.jsdelivr.net×2
  • d3e54v103j8qbb.cloudfront.net×1
  • hubspotonwebflow.com×1
  • js.hsforms.net×1

Social

Contact

Email

Registration

Registrar
Cloudflare, Inc.
Created
2007-12-10
Expires
2028-12-10 935 days left
Updated
2026-03-11
Name servers
  • ian.ns.cloudflare.com
  • khloe.ns.cloudflare.com

DNS records live

NS
  • ian.ns.cloudflare.com
  • khloe.ns.cloudflare.com
MX
  • 1 smtp.google.com
TXT
  • have-i-been-pwned-verification=d942cedddc9421cea90cf3a083e2e490
  • 0ed1fe018ae5450a68224f4ab8b656924c061ce586
Verified for
  • Anthropic
  • Apple
  • Atlassian
  • Cursor
  • Google
  • Microsoft 365
  • Notion

Email authentication strong

SPF
v=spf1 include:spf.protection.outlook.com include:_spf.google.com include:mail.zendesk.com include:46231866.spf10.hubspotemail.net -all
strict (-all)
DMARC
v=DMARC1; p=quarantine; rua=mailto:secu@xbto.com; ruf=mailto:secu@xbto.com; sp=reject; ri=84600
policy: quarantine · sp=reject
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5Dwqk0N4uh6QleqkA4TTZdfJczwFQ1AI+jHq+S8KXS49OeUPokwQrO4O70tXWx9MVHSHgY0QAcJk+…
  • selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq+WeR1bKvgNl0R+xHoDEYraJ9p813l5qatkeVk+eNZZEUmEOUm7sWnmHD8UPNjGCoNlT1Zlllbhir9MWrhO…
selectors probed

Certificate (current)

WE1
from 2026-03-20 to 2026-06-18
Expires in 29 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.xbto.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
DENY
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://*.linkedin.com https://*.xbto.com https://*.stablehouse.com uploads-ssl.webflow.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com https://prod-stablehouse-assets.s3.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.hs-sites.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hs-analytics.net https://js.hsadspixel.net https://js.hsadspixel.net/fb.jshttps://js.hs-banner.com https://js.hs-scripts.com https://js.hsforms.net https://*.hsforms.net https://hubspotonwebflow.com https://static.hsappstatic.net https://*.hubspot.com https://*.typeform.com https://*.licdn.com https://cdn.finsweet.com uploads-ssl.webflow.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com cdn.prod.website-files.com assets-global.website-files.com cdn.jsdelivr.net d3e54v103j8qbb.cloudfront.net www.googletagmanager.com *.googleapi
strict-transport-security
max-age=31536000; includeSubDomains

Links to (5)

Linked from (4)