Web & access

Even the website
respects the rules.

A privacy product can't ship a marketing site stuffed with trackers. This site is static, carries no analytics or advertising cookies, locks down a strict Content-Security-Policy, and the holder waitlist proves eligibility with a read-only signature that can never move your funds.

This website

Static, and locked down.

There's no application server rendering pages and no third-party script running in your browser. The hardening is enforced at the edge with HTTP response headers — here's what's actually set.

No trackers, no cookies

The site ships no analytics SDKs and no advertising cookies — fitting, given where Searxly stands on surveillance advertising. Nothing here profiles you.

Strict CSP

A Content-Security-Policy restricts scripts and styles to the site's own origin, forbids plugins and framing, and upgrades any insecure request — shrinking the attack surface for injection.

No clickjacking

frame-ancestors 'none' and X-Frame-Options: DENY mean the site can't be embedded in an iframe to trick you into clicking something you didn't mean to.

MIME & referrer hardening

X-Content-Type-Options: nosniff stops content-type confusion, and a strict referrer policy keeps your navigation from leaking across origins.

Powerful features off

A Permissions-Policy disables camera, microphone, geolocation, USB, payment and ad-topics APIs — the site never asks, so they can't be abused.

Origin isolation

Cross-Origin-Opener-Policy: same-origin isolates the browsing context from other origins, closing a class of cross-window attacks.

The headers, verbatim

Nothing hidden.

Content-Security-Policy
default-src 'self'; object-src 'none'; script-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests (connect limited to the site + the Base RPC)
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
camera=(), microphone=(), geolocation=(), payment=(), usb=(), browsing-topics=()
Cross-Origin-Opener-Policy
same-origin
Holder waitlist

Prove you hold — without risking a cent.

Early access is gated to $SEARXLY holders, so the waitlist has to confirm you control a wallet with a balance. It does that with the two safest operations in crypto: reading a public balance and asking for a one-time signature. No transaction is ever created, no funds move, and your private keys never leave your wallet.

  • We only read your public token balance on Base
  • A one-time message signature proves you own the address
  • The signature can't authorize spending — it moves nothing
  • Eligibility is re-verified server-side, so it can't be faked
Connect a Base wallet
Your keys stay in your wallet
↓  read-only
🔒 Read public $SEARXLY balance
Via a public Base RPC · like any on-chain read
🔒 Sign a one-time message
EIP-191 personal_sign · proves control · spends nothing
↓  re-checked server-side
Eligibility confirmed
Email saved only to send your download
No transaction · no fund movement · no private keys
What the waitlist never does

A signature is not a payment.

Safe to connect. Free to leave.

Read-only and fund-safe by design — confirm the contract address against @Searxly first.

Join the holder waitlistBack to overview