Link Check results for app.doma.xyz

No Security Risks Detected

This domain appears to be safe and secure

100%

Score

Disclaimer: This assessment is based on automated analysis of publicly available information. Results are for informational purposes only. For critical applications, consult security professionals.

Scan Information

Last checked:February 23, 2026 21:11:00

Target URL:https://app.doma.xyz/

Scan Complete

Refresh page after 10 minutes
for updated results

Page Information

Target URL

https://app.doma.xyz/

Page Title

Doma App

Site Favicon

Status

Active

Host Information

Domain

app.doma.xyz

Server

cloudflare

Country

United States

IP Address

172.67.71.74

ASN Information

13335

CLOUDFLARENET

Technologies

HSTS

Security

Google Tag Manager

Tag managers

Google Analytics

Analytics

Cloudflare Browser Insights

Analytics

Cloudflare

CDN

SSL Certificate

HTTPS Enabled

Secure

Certificate Issuer

WE1

Valid From

2026-01-12 11:30:58

Valid Until

2026-04-12 12:30:54

Subject Name

doma.xyz

Performance Statistics

234

Total Requests

Domains

IP Addresses

6.44 MB

Transfer Size

Content Size17.9 MB

HTTP Headers

cache-control

private, no-cache, no-store, max-age=0, must-revalidate

cf-cache-status

DYNAMIC

cf-ray

9d29b6c94c034c00-MIA

content-encoding

content-security-policy

default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://challenges.cloudflare.com https://*.posthog.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.posthog.com https://fonts.googleapis.com; img-src 'self' data: blob: https://*.posthog.com https://ddcdn.sfo3.cdn.digitaloceanspaces.com https://doma.xyz https://opsjet.cloudflareaccess.com https://cdn-devnet.doma.xyz https://cdn-testnet.doma.xyz https://cdn.doma.xyz https://walletconnect.org https://walletconnect.com https://secure.walletconnect.com https://secure.walletconnect.org https://tokens-data.1inch.io https://tokens.1inch.io https://ipfs.io https://cdn.zerion.io https://explorer-api.walletconnect.com; font-src 'self' data: https://*.posthog.com https://fonts.gstatic.com; media-src 'self' https://*.posthog.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; child-src blob: https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org; frame-src 'self' https://d46c9e6b-09c8-4e8d-a5b4-97161086bcf8.bridges.rollbridge.app https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org https://challenges.cloudflare.com https://secure.walletconnect.com https://secure.walletconnect.org https://privy.doma.xyz https://privy.dashboard-dev.doma.xyz/ https://privy.dashboard-testnet.doma.xyz/ data: blob:; connect-src 'self' https://*.google-analytics.com https://cloudflare-ipfs https://arweave.net https://graph.doma.xyz https://cdn-devnet.doma.xyz https://cdn-testnet.doma.xyz https://*.coingecko.com/ https://*.uniswap.org https://o314338.ingest.us.sentry.io https://auth.privy.io wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org https://*.rpc.privy.systems https://*.posthog.com https://*.conduit.xyz https://rpc.walletconnect.com https://cloudflare-eth.com https://rpc.walletconnect.org https://relay.walletconnect.com https://relay.walletconnect.org https://pulse.walletconnect.com https://pulse.walletconnect.org https://api.web3modal.com https://api.web3modal.org https://keys.walletconnect.com https://keys.walletconnect.org https://notify.walletconnect.com https://notify.walletconnect.org https://echo.walletconnect.com https://echo.walletconnect.org https://push.walletconnect.com https://push.walletconnect.org https://explorer-api.walletconnect.com https://www.google-analytics.com https://privy.doma.xyz https://api.doma.xyz https://sepolia.infura.io https://mainnet.infura.io https://rpc2.sepolia.org https://sepolia.base.org https://chain-proxy.wallet.coinbase.com https://rpc-testnet.doma.xyz/ https://rpc.doma.xyz/ wss://rpc-testnet.doma.xyz/ wss://rpc.doma.xyz/ https://base-sepolia.infura.io https://rpc-devnet.doma.xyz/ wss://rpc-devnet.doma.xyz/ https://cdn.doma.xyz https://pqzyj9pnj7.execute-api.us-west-1.amazonaws.com https://rpc.viction.xyz https://www.shibrpc.com https://rpc.coredao.org https://apechain.calderachain.xyz/http https://*.drpc.org https://api.avax.network/ext/bc/C/rpc https://mainnet.base.org/ https://curtis.rpc.caldera.xyz/http https://puppynet.shibrpc.com https://api.devnet.solana.com https://api.mainnet-beta.solana.com wss://api.devnet.solana.com wss://api.mainnet-beta.solana.com https://cloudflare-dns.com https://dnssec-oracle.ens.domains/ https://*.rpc.thirdweb.com https://stargate.finance https://scan.layerzero-api.com https://scan.testnet.layerzero-api.com https://rpc.ankr.com https://keetmans.omadhina.co.na/ https://restwhois.ngtld.cn/ https://rdap.verisign.com https://data.iana.org https://pubapi.registry.google/ https://rdap.identitydigital.services/ https://rdap.centralnic.com/; worker-src 'self' blob:; manifest-src 'self'

content-type

text/html; charset=utf-8

date

Mon, 23 Feb 2026 21:11:09 GMT

link

</_next/static/media/AktivGroteskVF_WghtWdth-s.p.341e9d53.ttf>; rel=preload; as="font"; crossorigin=""; type="font/ttf", </images/doma-logo-privy.svg>; rel=preload; as="image", </_next/static/chunks/f443e9b0e6c2256d.css>; rel=preload; as="style", </_next/static/chunks/1a7387cee3e04f39.css>; rel=preload; as="style"

nel

{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}

referrer-policy

strict-origin-when-cross-origin

report-to

{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Om7grgLYUQgCXGUBFBjblScRCQhAHKBcQtNJm%2FGfZxyGgIlCIM3lY7zt16nkjrL5giX%2FEnAPXjmHf%2Fc7L%2FW74xn0KYDdSl08idZbBMerroxVjEd6Rg%3D%3D"}]}

server

cloudflare

server-timing

cfCacheStatus;desc="DYNAMIC" cfEdge;dur=14,cfOrigin;dur=645

strict-transport-security

max-age=31536000; includeSubDomains

vary

rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding

x-content-type-options

nosniff

x-dns-prefetch-control

x-forwarded-for

2a09:bac5:31be:aa::11:1ac, 10.124.32.40;

x-frame-options

SAMEORIGIN

x-xss-protection

1; mode=block

20 headers detected

Technology Stack Analysis

HSTS

Security

HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.

Google Tag Manager

Tag managers

Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app.

Google Analytics

Analytics

Google Analytics is a free web analytics service that tracks and reports website traffic.

Cloudflare Browser Insights

AnalyticsRUM

Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.

Cloudflare

CDN

Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.

Website Cookies 3

_ga

.doma.xyz

Value

GA1.1.1918916852.1771881078

Expires:3/30/2027

_ga_0G2JC1M4HY

.doma.xyz

Value

GS2.1.s1771881077$o1$g0$t1771881077$j60$l0$h0

Expires:3/30/2027

ph_phc_L0ZNng7i9u4w0jnqylV4kqKoNPIVhf8LIQfoYiLRFlT_posthog

app.doma.xyz

Secure Lax