urlscan.io logo urlscan.io
SecurityTrails logo

app.read.ai Open in urlscan Pro
18.173.205.64  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.read.ai/
Effective URL: https://app.read.ai/
Submission: On October 25 via manual from US — Scanned from PL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 3 countries across 13 domains to perform 62 HTTP transactions. The main IP is 18.173.205.64, located in United States and belongs to AMAZON-02, US. The main domain is app.read.ai. The Cisco Umbrella rank of the primary domain is 101032.
TLS certificate: Issued by Amazon RSA 2048 M02 on May 11th 2025. Valid for: a year.
This is the only time app.read.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 18.173.205.64 16509 (AMAZON-02)
5 142.250.186.138 15169 (GOOGLE)
3 34.120.195.249 396982 (GOOGLE-CL...)
2 142.250.186.136 15169 (GOOGLE)
3 34.128.128.0 396982 (GOOGLE-CL...)
2 142.250.185.227 15169 (GOOGLE)
9 98.88.67.63 14618 (AMAZON-AES)
1 13.35.58.124 16509 (AMAZON-02)
3 216.198.54.3 209242 (CLOUDFLAR...)
4 64.233.184.84 15169 (GOOGLE)
2 104.110.240.169 20940 (AKAMAI-AS...)
1 216.198.53.3 209242 (CLOUDFLAR...)
3 13.35.58.4 16509 (AMAZON-02)
1 142.250.185.100 15169 (GOOGLE)
1 23.215.20.211 16625 (AKAMAI-AS)
1 216.198.53.6 209242 (CLOUDFLAR...)
1 216.239.32.36 15169 (GOOGLE)
1 18.213.87.253 14618 (AMAZON-AES)
62 19
17    18.173.205.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-205-64.fra56.r.cloudfront.net
app.read.ai
5    142.250.186.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f10.1e100.net
fonts.googleapis.com
3    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o992397.ingest.sentry.io
2    142.250.186.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f8.1e100.net
www.googletagmanager.com
3    34.128.128.0 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 0.128.128.34.bc.googleusercontent.com
featureassets.org
prodregistryv2.org
2    142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net
fonts.gstatic.com
9    98.88.67.63 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-98-88-67-63.compute-1.amazonaws.com
api.read.ai
1    13.35.58.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-124.fra60.r.cloudfront.net
js.stripe.com
3    216.198.54.3 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)
static.zdassets.com
4    64.233.184.84 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f84.1e100.net
accounts.google.com
2    104.110.240.169 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a104-110-240-169.deploy.static.akamaitechnologies.com
consent.cookiebot.com
1    216.198.53.3 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)
ekr.zdassets.com
3    13.35.58.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-58-4.fra60.r.cloudfront.net
js.stripe.com
1    142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net
www.google.com
1    23.215.20.211 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-215-20-211.deploy.static.akamaitechnologies.com
consentcdn.cookiebot.com
1    216.198.53.6 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)
readinc.zendesk.com
1    216.239.32.36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    18.213.87.253 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-87-253.compute-1.amazonaws.com
moxy.read.ai
Apex Domain
Subdomains		 Transfer
27 read.ai
app.read.ai — Cisco Umbrella Rank: 101032
api.read.ai — Cisco Umbrella Rank: 36473
moxy.read.ai — Cisco Umbrella Rank: 91276
3 MB
5 google.com
accounts.google.com — Cisco Umbrella Rank: 18
www.google.com — Cisco Umbrella Rank: 2
92 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 50
6 KB
4 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2142
ekr.zdassets.com — Cisco Umbrella Rank: 2400
281 KB
4 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1151
378 KB
3 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4673
consentcdn.cookiebot.com — Cisco Umbrella Rank: 4887
154 KB
3 sentry.io
o992397.ingest.sentry.io — Cisco Umbrella Rank: 116265
412 B
2 gstatic.com
fonts.gstatic.com
84 KB
2 featureassets.org
featureassets.org — Cisco Umbrella Rank: 1714
4 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 51
272 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3004
1 zendesk.com
readinc.zendesk.com — Cisco Umbrella Rank: 135901
1 KB
1 prodregistryv2.org
prodregistryv2.org — Cisco Umbrella Rank: 975
342 B
62 13
Domain Requested by
17 app.read.ai app.read.ai
9 api.read.ai app.read.ai
5 fonts.googleapis.com app.read.ai
4 accounts.google.com app.read.ai
accounts.google.com
4 js.stripe.com app.read.ai
js.stripe.com
3 static.zdassets.com app.read.ai
static.zdassets.com
3 o992397.ingest.sentry.io app.read.ai
2 consent.cookiebot.com app.read.ai
2 fonts.gstatic.com fonts.googleapis.com
2 featureassets.org app.read.ai
2 www.googletagmanager.com app.read.ai
1 moxy.read.ai app.read.ai
1 region1.google-analytics.com app.read.ai
1 readinc.zendesk.com static.zdassets.com
1 consentcdn.cookiebot.com consent.cookiebot.com
1 www.google.com
1 ekr.zdassets.com app.read.ai
1 prodregistryv2.org app.read.ai
62 18
Subject Issuer Validity Valid
*.read.ai
Amazon RSA 2048 M02		 2025-05-11 -
2026-06-08		 a year crt.sh
upload.video.google.com
WE2		 2025-10-01 -
2025-12-24		 3 months crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2025-07-24 -
2026-08-24		 a year crt.sh
*.google-analytics.com
WE2		 2025-10-01 -
2025-12-24		 3 months crt.sh
featureassets.org
R12		 2025-10-15 -
2026-01-13		 3 months crt.sh
*.gstatic.com
WE2		 2025-10-01 -
2025-12-24		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2025-08-19 -
2025-12-04		 4 months crt.sh
prodregistryv2.org
R13		 2025-10-15 -
2026-01-13		 3 months crt.sh
zdassets.com
WE1		 2025-10-23 -
2026-01-21		 3 months crt.sh
accounts.google.com
WR2		 2025-10-01 -
2025-12-24		 3 months crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-12-30 -
2026-01-07		 a year crt.sh
*.google.com
WE2		 2025-10-01 -
2025-12-24		 3 months crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-12-29 -
2026-01-07		 a year crt.sh
readinc.zendesk.com
E7		 2025-09-24 -
2025-12-23		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://app.read.ai/
Frame ID: 41A152D881CAE9AD33868B1D46396A0B
Requests: 51 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-e69592bba60955b937cda4ffc13a98a6.html
Frame ID: 086930CA6859C97FD1E8311AE4CF633E
Requests: 3 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 9BA54B8B0E6FE305A4F999A6652E7626
Requests: 1 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-80aad5a.js
Frame ID: C0079DDCB087A69205BC5073DFEEDD66
Requests: 3 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 57CB5E48D4DF0F4DA02DD1DD5EBA7296
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Read - Zaloguj siÄ™

Page URL History Show full URLs

  1. http://app.read.ai/ HTTP 307
    https://app.read.ai/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • accounts\.google\.com/gsi/client
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

62
Requests

97 %
HTTPS

0 %
IPv6

13
Domains

18
Subdomains

19
IPs

3
Countries

4141 kB
Transfer

12582 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.read.ai/ HTTP 307
    https://app.read.ai/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

62 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app.read.ai/
Redirect Chain
  • http://app.read.ai/
  • https://app.read.ai/
2 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
b0b1ac513e4c3f8192ab3285f088541c05487c3a4f9e56a9f8f849370698f433
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

content-length
2212
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
content-type
text/html
date
Sat, 25 Oct 2025 08:25:59 GMT
referrer-policy
strict-origin-when-cross-origin
server
CloudFront
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
x-amz-cf-id
TDGMPUBvHGIT-JZDabFiGG7xqc5WMuG5ZkiFeV13uVUhTGLkSLjNVQ==
x-amz-cf-pop
FRA56-P12
x-amzn-requestid
c8c73242-2fd8-4fa8-9a3c-6c7d5ff50d1f
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-robots-tag
noindex
x-xss-protection
1

Redirect headers

Location
https://app.read.ai/
Non-Authoritative-Reason
HttpsUpgrades
main-Cpeb595w.js
app.read.ai/assets/ 		556 KB
178 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/main-Cpeb595w.js
Requested by
Host: app.read.ai
URL: https://app.read.ai/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ab5bdcca3427ae1194cdd9b3466184d69c1830e55ad7f2e3f865188ddab44acf
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer
https://app.read.ai/

Response headers

content-encoding
br
etag
W/"52b91eb99f565d38629cfe3aefec9c20"
age
2438
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
Ub9-fbohmUJobNZTt6q4ahNDVhCKDfzZIdKRh9aZCIJJuzVkEsFNJw==
date
Sat, 25 Oct 2025 07:46:11 GMT
content-type
text/javascript
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:18 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
main-B84XSr8_.css
app.read.ai/assets/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/main-B84XSr8_.css
Requested by
Host: app.read.ai
URL: https://app.read.ai/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
362699d56d9c7d945e1a99175423b359f2aebb6461d03135f80822347b345de3
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer
https://app.read.ai/

Response headers

content-encoding
gzip
etag
W/"da53f8a961d03a4f5849a8164e502362"
age
1277
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
tqxavceW33fKgin4XM1EIAtWtrpM0ALjP3Il6zzUO6mmTZz4PHVp8w==
date
Sat, 25 Oct 2025 08:04:47 GMT
content-type
text/css
vary
accept-encoding, Origin
last-modified
Fri, 03 Oct 2025 21:48:51 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
css2
fonts.googleapis.com/ 		12 KB
1015 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&family=Poppins:wght@400;500;600;700&display=swap
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-B84XSr8_.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f10.1e100.net
Software
ESF /
Resource Hash
3786181b1a6bdea885939bd26c746bbc01b3ce4610d4c6aabc09f1d450e14632
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 25 Oct 2025 08:26:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 25 Oct 2025 08:26:00 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sat, 25 Oct 2025 08:26:00 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css2
fonts.googleapis.com/ 		5 KB
1001 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;500;600;700&display=swap
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-B84XSr8_.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f10.1e100.net
Software
ESF /
Resource Hash
91ab22dea7363fd24f310c4b1bf3e7b3686c8850d7833824442efec197b5e581
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 25 Oct 2025 08:26:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 25 Oct 2025 08:26:00 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sat, 25 Oct 2025 07:29:20 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css2
fonts.googleapis.com/ 		18 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;500;600&display=swap
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-B84XSr8_.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f10.1e100.net
Software
ESF /
Resource Hash
54f3a15767f27295314aaa24214fb75611ea8548c959d03c0ab056f6fb02fb40
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 25 Oct 2025 08:26:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 25 Oct 2025 08:26:00 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sat, 25 Oct 2025 08:26:00 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css2
fonts.googleapis.com/ 		16 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-B84XSr8_.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f10.1e100.net
Software
ESF /
Resource Hash
f30a2f101b045d24748cdbb5e2082e3216ae8ecfcc2f091af638786d3eced120
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 25 Oct 2025 08:26:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 25 Oct 2025 08:26:00 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sat, 25 Oct 2025 07:56:27 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css2
fonts.googleapis.com/ 		2 KB
517 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lato:wght@400;700&display=swap
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-B84XSr8_.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f10.1e100.net
Software
ESF /
Resource Hash
c3e606051dc0106a9e30d26f110dbb1b835f7a7f2042caa0622ff01f13ef7e5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 25 Oct 2025 08:26:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 25 Oct 2025 08:26:00 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sat, 25 Oct 2025 08:00:31 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
/
o992397.ingest.sentry.io/api/5997695/envelope/ 		2 B
300 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o992397.ingest.sentry.io/api/5997695/envelope/?sentry_version=7&sentry_key=6df7af02dacf407aba6f9c7a3353e8f9&sentry_client=sentry.javascript.react%2F9.44.2
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.read.ai/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Sat, 25 Oct 2025 08:26:00 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
App-DXJirrXp.js
app.read.ai/assets/ 		1 MB
435 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/App-DXJirrXp.js
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3f8adb2691d8b97c56b366d9d78cadda3cfff040dd9b20104e1b031e1e117c4d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer

Response headers

content-encoding
br
etag
W/"cf533c8de7335b4bd5b8f662ff2c116c"
age
3372
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
ajQgne_rzt2AMEt4C5PX_KoTK71dSH0jd5ysv0TFAIM-2fA_2rq0nA==
date
Sat, 25 Oct 2025 07:32:53 GMT
content-type
text/javascript
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:15 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
App-DmhOWiV4.css
app.read.ai/assets/ 		157 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/App-DmhOWiV4.css
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e871bb71bfb534927f5f7f31383d04d01deebbeb180d40ed5f8d344794e2616d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer
https://app.read.ai/

Response headers

etag
"f04eb8dc3d9bb9cca7034fa24f9bce9c"
age
3372
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
D6g6fzCkLdfxa3TPcozI8PK6bptSgiKSPpowDQ3N9hNaDDob5MnP3w==
date
Sat, 25 Oct 2025 07:32:53 GMT
content-type
text/css
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:15 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
https://app.read.ai
content-length
157
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
favicon.ico
app.read.ai/ 		15 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
21e3f2c31ba605a773a378d10e5d2921725192937933583f291cf2b3b2f2376b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

etag
"cb681e65721db81d34576cfe39a37dac"
age
2305
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
HFW3p1sEoKE6X9p3QRBkWTy7HojmIJ3XhdhcWFVSSNCB8RkwPI30Uw==
date
Sat, 25 Oct 2025 07:49:40 GMT
content-type
image/vnd.microsoft.icon
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:20 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
15406
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
js
www.googletagmanager.com/gtag/ 		478 KB
159 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-2Y1H5ZJMBK
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/App-DXJirrXp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
63c36fe9a15380f1ef974fe0fc4954fb993ce76a5799dae229f7aef0848376e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
content-encoding
zstd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
expires
Sat, 25 Oct 2025 08:26:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
161874
date
Sat, 25 Oct 2025 08:26:00 GMT
x-xss-protection
0
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Google Tag Manager
access-control-allow-headers
Cache-Control
messages-KtQiQxck.js
app.read.ai/assets/ 		361 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/messages-KtQiQxck.js
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/App-DXJirrXp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
797300cc76f7fcd23614accc72ab88e40deef3ecb390ccdbacd5258ae405ae35
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer
https://app.read.ai/assets/App-DXJirrXp.js

Response headers

content-encoding
br
etag
W/"369a9fc5ec5c22d1dc1868dde1eb6a81"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
i3vtJujpZryLLQbYhAy4-ydbN9boy_-6un4tt-5mF7M9l23wW9BIdQ==
date
Sat, 25 Oct 2025 08:26:01 GMT
content-type
text/javascript
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:19 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
initialize
featureassets.org/v1/ 		27 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://featureassets.org/v1/initialize?k=client-5rDNQDOcT7Yt6ZTWHVfNzpkY1kHdmfijSlRx83EYj9e&st=javascript-client&sv=3.21.0&t=1761380761022&sid=67dd7e93-1071-4ac5-b1e3-b24b052281d8&se=1
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
6995ea81144b58b08c3d5e9e7ac9588ab854e7d4a4789b71d7ee21cef1d3a36d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.read.ai/

Response headers

cache-control
no-transform
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
via
1.1 google
x-statsig-region
gke-europe-north1
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 25 Oct 2025 08:26:01 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v24/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/worksans/v24/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;500;600;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
1dd49afc07fb2231b2ff686cbf007725fb2742271bb1f28ebd98f22a0d817343
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer
https://fonts.googleapis.com/

Response headers

age
322784
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 21 Oct 2026 14:46:17 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 21 Oct 2025 14:46:17 GMT
last-modified
Wed, 10 Sep 2025 16:23:20 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
50316
x-xss-protection
0
server
sffe
QGYsz_wNahGAdqQ43Rh_cqDpp_k.woff2
fonts.gstatic.com/s/worksans/v24/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/worksans/v24/QGYsz_wNahGAdqQ43Rh_cqDpp_k.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;500;600;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
sffe /
Resource Hash
2aa17fc7b072e46652e84bbe3dbba9ec57cdea320d89e8c951ed7cf3218c300b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer
https://fonts.googleapis.com/

Response headers

age
347600
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 21 Oct 2026 07:52:41 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 21 Oct 2025 07:52:41 GMT
last-modified
Wed, 10 Sep 2025 16:23:36 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
35716
x-xss-protection
0
server
sffe
me
api.read.ai/users/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.read.ai/users/me
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
98.88.67.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-88-67-63.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
x-read-app-info,x-read-app-location
Access-Control-Request-Method
GET
Origin
https://app.read.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
x-read-app-info,x-read-app-location
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://app.read.ai
access-control-max-age
600
content-length
2
content-type
text/plain; charset=utf-8
date
Sat, 25 Oct 2025 08:26:01 GMT
server
uvicorn
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
me
api.read.ai/users/ 		30 B
280 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.read.ai/users/me
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
98.88.67.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-88-67-63.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
cfec9feffbcc0dabaa0f92491e3609eeb1e9bc8d17625cd7f043be03b609c812
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

X-Read-App-Info
@app/webapp:v2.63.0
Referer
https://app.read.ai/
X-Read-App-Location
https://app.read.ai/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://app.read.ai
content-length
30
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/json
vary
Origin
server
uvicorn
x-frame-options
DENY
index-CowMSM4X.js
app.read.ai/assets/ 		4 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/index-CowMSM4X.js
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06585cd257763aa3b53e1de63489b8e97c4f4ccaf90c6bb38368401f665197f5
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer

Response headers

content-encoding
gzip
etag
W/"1a798e4a120ba76a8032b8d1b1fd26ba"
age
2019
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
jzHWmXEb45ex8JPGH4QM3BoAZMeGdRHH8KLKFDGDARwjH8wSMiPbag==
date
Sat, 25 Oct 2025 07:54:27 GMT
content-type
text/javascript
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:17 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
NotFoundRedirect-D8PDwXTU.js
app.read.ai/assets/ 		1 MB
361 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/NotFoundRedirect-D8PDwXTU.js
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fc05b54a996d9fcf8b2c768c23f2c5a3299a2a4a76b86b23a7dfade361778f82
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer

Response headers

content-encoding
gzip
etag
W/"2d110203609a29e4bbbabc658ab3796c"
age
2936
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
4B6OZobuV2q6l-rSsgjH6x85KESqWRMIM4-gnznrscF1KklbdNFZIw==
date
Sat, 25 Oct 2025 07:37:06 GMT
content-type
text/javascript
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:16 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
NotFoundRedirect-Ci_qVgc6.css
app.read.ai/assets/ 		430 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/NotFoundRedirect-Ci_qVgc6.css
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
90b34db5140a34fe71f082885a7f7d302369ec7c58f8421ae9648514712bf6cc
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer
https://app.read.ai/analytics/landing

Response headers

content-encoding
br
etag
W/"a31c1cecccf96246ad5f4e58498b78a2"
age
1447
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
_VViVb7IUoCL6_3Ah2PmLTOT1HPxF2toZFuVIFMpXRG0YvcEfIoQnw==
date
Sat, 25 Oct 2025 08:02:04 GMT
content-type
text/css
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:16 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
useConnectCalendar-IPUxOUTc.js
app.read.ai/assets/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/useConnectCalendar-IPUxOUTc.js
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8561e655668574bbccb9c1b0d910462dae3690e35da491d7d490407e5efe840d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer

Response headers

content-encoding
br
etag
W/"eba607e0360bf3875fa5b4063f24b4c6"
age
477
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
4mBczUKQW5cTBEoWsW0MPMmB_fL_KmmSf-8VSgEm5XEXOC3YTqY2sw==
date
Sat, 25 Oct 2025 08:19:57 GMT
content-type
text/javascript
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:20 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
downloadUtils-dswQSwSI.js
app.read.ai/assets/ 		7 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/downloadUtils-dswQSwSI.js
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
574e089a737aab0f105fef4ea065af47764d8ebcd2e94121f327022dd2401c46
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer

Response headers

content-encoding
br
etag
W/"e7b08827a764e7563fac6c0041f61a3e"
age
3505
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
HlGl-8z6euzv9NI1TS_ENy3MYffLOWYfgIxlkuzUb7OHXLRbR2QpEw==
date
Sat, 25 Oct 2025 07:28:02 GMT
content-type
text/javascript
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:17 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
index-Bee32Z3a.css
app.read.ai/assets/ 		5 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/assets/index-Bee32Z3a.css
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f827579163615640da9151a9071aae4b19c20ba519b955afe9edf99274898fd9
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Origin
https://app.read.ai
Referer
https://app.read.ai/analytics/landing

Response headers

content-encoding
gzip
etag
W/"61853f75168daf1ebd92b84237997aad"
age
3144
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
JJloIrRGxDs0U12hm9X1agAd4GWcbIMBUZrRJFrdKLuL7k3IXPp2wg==
date
Sat, 25 Oct 2025 07:40:05 GMT
content-type
text/css
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:17 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
access-control-allow-origin
https://app.read.ai
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
favicon.ico
app.read.ai/ 		15 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
21e3f2c31ba605a773a378d10e5d2921725192937933583f291cf2b3b2f2376b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/analytics/landing

Response headers

etag
"cb681e65721db81d34576cfe39a37dac"
age
2305
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
HFW3p1sEoKE6X9p3QRBkWTy7HojmIJ3XhdhcWFVSSNCB8RkwPI30Uw==
date
Sat, 25 Oct 2025 07:49:40 GMT
content-type
image/vnd.microsoft.icon
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:20 GMT
x-frame-options
DENY
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
15406
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
stripe.js
js.stripe.com/basil/ 		880 KB
207 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/basil/stripe.js
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/index-CowMSM4X.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-124.fra60.r.cloudfront.net
Software
Cloudfront /
Resource Hash
9efd3e8348c1b9bd5175578ee6a0f81ce860c81acc925249245e1550e14babbe
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

content-encoding
br
etag
W/"fc1cf12d759098fd4593f206857afb8b"
age
87
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
jf0bgnEmN6YIE-hme2wMi46ByT56yRLhIVSYttrM5N24GugdR2L8VA==
date
Sat, 25 Oct 2025 08:24:38 GMT
content-type
text/javascript; charset=utf-8
last-modified
Fri, 24 Oct 2025 20:49:09 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=120
timing-allow-origin
*
via
1.1 9b253b6508bd634345864697c48abb50.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA60-P10
server
Cloudfront
initialize
featureassets.org/v1/ 		0
151 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://featureassets.org/v1/initialize?k=client-5rDNQDOcT7Yt6ZTWHVfNzpkY1kHdmfijSlRx83EYj9e&st=javascript-client-react&sv=3.21.0&t=1761380761841&sid=67dd7e93-1071-4ac5-b1e3-b24b052281d8&se=1
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.read.ai/

Response headers

access-control-max-age
1800
cache-control
no-transform
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
via
1.1 google
x-statsig-region
gke-europe-north1
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 25 Oct 2025 08:26:01 GMT
access-control-allow-methods
POST, GET, DELETE, PATCH
rgstr
prodregistryv2.org/v1/ 		16 B
342 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prodregistryv2.org/v1/rgstr?k=client-5rDNQDOcT7Yt6ZTWHVfNzpkY1kHdmfijSlRx83EYj9e&st=javascript-client-react&sv=3.21.0&t=1761380761841&sid=67dd7e93-1071-4ac5-b1e3-b24b052281d8&ec=3&gz=1
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

access-control-allow-credentials
true
x-content-type-options
nosniff, nosniff
referrer-policy
strict-origin-when-cross-origin
via
1.1 google
permissions-policy
interest-cohort=()
x-response-time
0 ms
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
date
Sat, 25 Oct 2025 08:26:01 GMT
content-type
application/json
x-frame-options
SAMEORIGIN
service-status
api.read.ai/public/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.read.ai/public/service-status
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
98.88.67.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-88-67-63.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
x-read-app-info,x-read-app-location
Access-Control-Request-Method
GET
Origin
https://app.read.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
x-read-app-info,x-read-app-location
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://app.read.ai
access-control-max-age
600
content-length
2
content-type
text/plain; charset=utf-8
date
Sat, 25 Oct 2025 08:26:01 GMT
server
uvicorn
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
plans
api.read.ai/billing/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.read.ai/billing/plans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
98.88.67.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-88-67-63.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
x-read-app-info,x-read-app-location
Access-Control-Request-Method
GET
Origin
https://app.read.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
x-read-app-info,x-read-app-location
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://app.read.ai
access-control-max-age
600
content-length
2
content-type
text/plain; charset=utf-8
date
Sat, 25 Oct 2025 08:26:01 GMT
server
uvicorn
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
snippet.js
static.zdassets.com/ekr/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/snippet.js?key=11845bde-7c74-4711-9e4f-60ced041f56b
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/index-CowMSM4X.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.198.54.3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7bc1c531e38c4b4426fc517ea855844f31a5d8bf1c6ff7a45e32eb92dbfad6b
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

access-control-max-age
0
content-encoding
br
cf-cache-status
HIT
etag
W/"ab51643012bf7f527f6f8902883cf621"
x-amz-version-id
RTwFLgtzxsenB5BRizZThKM6ycEhuUDi
age
4
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jm9eLW5%2BPRPoT6KNwAoLhLuMHFqmaVoP9%2FcC2xlK4v%2BPgZAax%2FO8bVJ9QSW6wOwrZ0ZOdaXPowB7kEjFecs25DHWyGXs7zEAgZbK07iegQTXtUWDG%2F5fkSM71DtTG5OjUwsTiKw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, HEAD
date
Sat, 25 Oct 2025 08:26:01 GMT
content-type
application/javascript
last-modified
Wed, 16 Jul 2025 12:06:11 GMT
vary
Accept-Encoding
x-amz-id-2
SVbYdILbtq6jkajF8BXb1BgMdPNVkSUUAvMIVyhtu0vlwRYIFIxgkjSrNVzLl9N4Dg9/FmaQfwA=
access-control-allow-headers
*
strict-transport-security
max-age=0
x-amz-replication-status
COMPLETED
cache-control
public, max-age=3600, s-maxage=60
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
BMTFKP17SG9XBGJX
cf-ray
994053a23f1931d9-WAW
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
service-status
api.read.ai/public/ 		104 B
351 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.read.ai/public/service-status
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
98.88.67.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-88-67-63.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
073f494be74f6861c6c1ee17573ec38f714f70f33043bdc5f4bab7f3eed8e1b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

X-Read-App-Info
@app/webapp:v2.63.0
Referer
https://app.read.ai/
X-Read-App-Location
https://app.read.ai/analytics/landing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://app.read.ai
content-length
104
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/json
vary
Origin
server
uvicorn
x-frame-options
DENY
plans
api.read.ai/billing/ 		3 KB
722 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.read.ai/billing/plans
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
98.88.67.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-88-67-63.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
6de849c4fd2c1f6ababf48644d8583d018349ec63024b7e9580f055ecce3a831
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

X-Read-App-Info
@app/webapp:v2.63.0
Referer
https://app.read.ai/
X-Read-App-Location
https://app.read.ai/analytics/landing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://app.read.ai
content-length
445
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/json
vary
Origin, Accept-Encoding
server
uvicorn
x-frame-options
DENY
me
api.read.ai/users/ 		30 B
280 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.read.ai/users/me
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
98.88.67.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-88-67-63.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
cfec9feffbcc0dabaa0f92491e3609eeb1e9bc8d17625cd7f043be03b609c812
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

X-Read-App-Info
@app/webapp:v2.63.0
Referer
https://app.read.ai/
X-Read-App-Location
https://app.read.ai/analytics/landing
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://app.read.ai
content-length
30
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/json
vary
Origin
server
uvicorn
x-frame-options
DENY
/
o992397.ingest.sentry.io/api/5997695/envelope/ 		2 B
56 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o992397.ingest.sentry.io/api/5997695/envelope/?sentry_version=7&sentry_key=6df7af02dacf407aba6f9c7a3353e8f9&sentry_client=sentry.javascript.react%2F9.44.2
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.read.ai/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Sat, 25 Oct 2025 08:26:01 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o992397.ingest.sentry.io/api/5997695/envelope/ 		2 B
56 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o992397.ingest.sentry.io/api/5997695/envelope/?sentry_version=7&sentry_key=6df7af02dacf407aba6f9c7a3353e8f9&sentry_client=sentry.javascript.react%2F9.44.2
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.read.ai/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Sat, 25 Oct 2025 08:26:01 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
gtm.js
www.googletagmanager.com/ 		330 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MSG69NB
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/index-CowMSM4X.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
b79ac535bda1c0806ce2d3e25bde439baf9dca12f7a6e23bdbc403d72c65276b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

content-encoding
zstd
expires
Sat, 25 Oct 2025 08:26:01 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 25 Oct 2025 08:26:01 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sat, 25 Oct 2025 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
116290
x-xss-protection
0
server
Google Tag Manager
client
accounts.google.com/gsi/ 		237 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/client
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/index-CowMSM4X.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.233.184.84 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wa-in-f84.1e100.net
Software
ESF /
Resource Hash
37c2c19075b3af57d361d447a83f7daee1556c2251ba3418a956a75f95df96fe
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-9rPfjukzkmM4nKHCANDRhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

content-security-policy
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-9rPfjukzkmM4nKHCANDRhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cache-control
private, max-age=1800
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
x-content-type-options
nosniff
expires
Sat, 25 Oct 2025 08:26:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
date
Sat, 25 Oct 2025 08:26:02 GMT
x-xss-protection
0
content-type
application/javascript; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server
ESF
x-frame-options
SAMEORIGIN
search_copilot_hero-DPyzaY57.png
app.read.ai/assets/ 		126 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.read.ai/assets/search_copilot_hero-DPyzaY57.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e6cfe1775ac47b232aba1bd67631e8e9923580a30477d992094c1f87e55802b7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/analytics/signin?redirectTo=https%3A%2F%2Fapp.read.ai%2Fanalytics%2Flanding

Response headers

etag
"2cdf1d188f033e41756c42cab658d9b1"
age
1788
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
Qh4-IeV53bLLArCsDzWzVqzUaCiLjH5MWD_7dXhjT0X8e66kmecA3Q==
date
Sat, 25 Oct 2025 07:59:24 GMT
content-type
image/png
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:20 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
129516
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
auth_rss-2Jl4i8T-.png
app.read.ai/assets/ 		417 KB
419 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.read.ai/assets/auth_rss-2Jl4i8T-.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee80d649f7214975419d02e01ed7b4f823303393186efe495284cfafc8afd35d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/analytics/signin?redirectTo=https%3A%2F%2Fapp.read.ai%2Fanalytics%2Flanding

Response headers

etag
"4374607dd82ac0fc47d2e53491a456e4"
age
3357
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
BmU1ZjmBNClAL-DFxkmA0hbbMb43bMvHMF2EcljrRW8teJlWl46cMQ==
date
Sat, 25 Oct 2025 07:40:07 GMT
content-type
image/png
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:17 GMT
x-frame-options
DENY
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
426889
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
favicon.ico
app.read.ai/ 		15 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://app.read.ai/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.205.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-205-64.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
21e3f2c31ba605a773a378d10e5d2921725192937933583f291cf2b3b2f2376b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/analytics/signin?redirectTo=https%3A%2F%2Fapp.read.ai%2Fanalytics%2Flanding

Response headers

etag
"cb681e65721db81d34576cfe39a37dac"
age
2305
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
HFW3p1sEoKE6X9p3QRBkWTy7HojmIJ3XhdhcWFVSSNCB8RkwPI30Uw==
date
Sat, 25 Oct 2025 07:49:40 GMT
content-type
image/vnd.microsoft.icon
vary
accept-encoding, Origin
last-modified
Tue, 21 Oct 2025 20:31:20 GMT
x-frame-options
DENY
content-security-policy
default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
referrer-policy
strict-origin-when-cross-origin
via
1.1 43be4ee3b8e339e1d27addbbdc49a4d4.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
15406
x-xss-protection
1
x-amz-cf-pop
FRA56-P12
server
AmazonS3
x-amz-server-side-encryption
AES256
uc.js
consent.cookiebot.com/ 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/uc.js?cbid=997ea23f-3229-4b81-b457-e9c33be1daeb&implementation=gtm&consentmode-dataredaction=dynamic
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/index-CowMSM4X.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.110.240.169 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a104-110-240-169.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d7ba610864f55019010a006c2d14b01be139ce51d372894e7b992d5e7e9eaa62

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

access-control-expose-headers
Request-Context
cache-control
public, max-age=194
content-encoding
gzip
etag
"d491fbfe1b27dc1:0"
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
expires
Sat, 25 Oct 2025 08:29:16 GMT
accept-ranges
bytes
content-length
37405
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/javascript
last-modified
Tue, 16 Sep 2025 15:10:10 GMT
vary
Accept-Encoding
11845bde-7c74-4711-9e4f-60ced041f56b
ekr.zdassets.com/compose/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/11845bde-7c74-4711-9e4f-60ced041f56b
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.198.53.3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf8fae3e1391c37e3e3cfcaa609371e155ad4f000ebdd3c8ea488f949a4741d2
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

access-control-max-age
7200
x-request-id
993d77d54cb6e9ac-SEA
access-control-expose-headers
content-encoding
br
cf-cache-status
HIT
etag
W/"bf8fae3e1391c37e3e3cfcaa609371e1"
x-permitted-cross-domain-policies
none
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4MotqpSw5WLKJ%2B%2Fu4f4nqdA7cboJUnnRGHdjBURMFXdiDoGk9Zcqe7bd7kbMxWaXylw9%2FA9tPkWqedpaEOCh9r8XoNUKTkzDLkET6I1DXeeUa%2Fiisowa2OaX7G8Hdfz3n8c%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/json; charset=utf-8
vary
Accept,Origin, Accept-Encoding
x-runtime
0.010245
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
cdn-cache-control
max-age=60
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
zendesk-service
embed-key-registry
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time
13
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
via
zorg
cf-ray
994053a33d33afc3-WAW
access-control-allow-origin
*
x-zendesk-zorg
yes
x-xss-protection
1; mode=block
server
cloudflare
controller-with-preconnect-e69592bba60955b937cda4ffc13a98a6.html
js.stripe.com/v3/ Frame 0869 		667 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-with-preconnect-e69592bba60955b937cda4ffc13a98a6.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/basil/stripe.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-4.fra60.r.cloudfront.net
Software
Cloudfront /
Resource Hash
ffca0b9d68bd08a418f86092e94c55062737ee577942e597385657b6351b68d0
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.read.ai/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2035
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-length
667
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sat, 25 Oct 2025 07:52:13 GMT
etag
"e69592bba60955b937cda4ffc13a98a6"
last-modified
Fri, 24 Oct 2025 20:02:19 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 ab85f05f60638addab7913cfb252c99a.cloudfront.net (CloudFront)
x-amz-cf-id
6HpgoAHYcaeYyziwdTT0peyGDPDb8Xe23ydFTVIqzq_wHU9vt55ROA==
x-amz-cf-pop
FRA60-P10
x-cache
Hit from cloudfront
x-content-type-options
nosniff
web-identity
google.com/.well-known/ 		0
131 B 		FedCM
General
Check archive.org
Download Go to
Full URL
https://google.com/.well-known/web-identity
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f4.1e100.net
Software
sffe /
Resource Hash
449a05234c179f92cedda0b99b2f16d311214393fcae0313dcd39f228d7c624f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/json

Response headers

accept-ranges
bytes
age
1516
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
107
content-type
application/json
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
date
Sat, 25 Oct 2025 08:00:46 GMT
expires
Sun, 26 Oct 2025 08:00:46 GMT
last-modified
Thu, 06 Jun 2024 18:30:00 GMT
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
fedcm.json
accounts.google.com/gsi/ 		0
1 KB 		FedCM
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/fedcm.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.233.184.84 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wa-in-f84.1e100.net
Software
ESF /
Resource Hash
3ceb3d73867b1e6b7afd0ab69e54fc13efa43802621d11d59582e04f477012ff
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-hZhbeZS_T-YOAF_PJxwsEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-hZhbeZS_T-YOAF_PJxwsEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-type
application/json; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
date
Sat, 25 Oct 2025 08:26:02 GMT
expires
Sat, 25 Oct 2025 08:26:02 GMT
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
server
ESF
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
style
accounts.google.com/gsi/ 		696 B
642 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/style
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/gsi/client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.233.184.84 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wa-in-f84.1e100.net
Software
ESF /
Resource Hash
d49e8f04be7ccbb69e87ae474ee50f6903b780451989e66d35ffc247a80510fe
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-rLemMgf3V-eUXN066ZUkYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

content-security-policy
script-src 'report-sample' 'nonce-rLemMgf3V-eUXN066ZUkYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
cache-control
private, max-age=86400
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
x-content-type-options
nosniff
expires
Sat, 25 Oct 2025 08:26:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
date
Sat, 25 Oct 2025 08:26:02 GMT
x-xss-protection
0
content-type
text/css; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 9BA5 		627 B
811 B 		Document
General
Check archive.org
Download Go to
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=997ea23f-3229-4b81-b457-e9c33be1daeb&implementation=gtm&consentmode-dataredaction=dynamic
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.215.20.211 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-20-211.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer
https://app.read.ai/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=31461644
content-encoding
gzip
content-length
392
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 25 Oct 2025 08:26:02 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Sat, 24 Oct 2026 11:46:46 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1761380762359_34911175_3680298470_18_510_20_71_255";dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
cc.js
consent.cookiebot.com/997ea23f-3229-4b81-b457-e9c33be1daeb/ 		418 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/997ea23f-3229-4b81-b457-e9c33be1daeb/cc.js?renew=false&referer=app.read.ai&dnt=false&init=false
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/index-CowMSM4X.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.110.240.169 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
a104-110-240-169.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
89e21b436e4c7edcdedaefdf34b69a2f748ed6ebe3a29bacf212975a78a7b4c1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

cache-control
private, max-age=1200
access-control-expose-headers
Request-Context
content-encoding
gzip
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Sat, 25 Oct 2025 08:26:02 GMT
vary
Accept-Encoding
web-widget-main-80aad5a.js
static.zdassets.com/web_widget/classic/latest/ Frame C007 		834 KB
269 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-80aad5a.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=11845bde-7c74-4711-9e4f-60ced041f56b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.198.54.3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8758fcdfb523e4c66f3c3b5b1e0cfee8b22a6980a2d60823a7cad2aa4c8f7deb
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age
0
content-encoding
br
cf-cache-status
HIT
etag
W/"2800f2d64a6bfca8ab38fcfa2cc83c9e"
x-amz-version-id
BFluhgb8WfwgrCzQhH1DsD89NoiR8gOo
age
163054
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WaACuxzDITZL97nqelj3VgLENCEElw6tVudgRMtT3dRE%2FmUMlDjqx%2FqdEgMCU5b0Y3EtDtcR7nav3AQh28V5M2JqXGuaSVTOdG8wqEP%2FN%2Biilm3AfMr09tkNRNsOz7LNCpoTgxI%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, HEAD
expires
Fri, 23 Oct 2026 09:40:27 GMT
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 23 Oct 2025 09:40:28 GMT
vary
Accept-Encoding
x-amz-id-2
etrL/0XwUxNje9rjxAQGO3DAweXtG/1TsXLCd3fMD2kuw+czWhBXeGKMQmZhyT9M3cCTydEMpinXIKxEdCpd1cLPhYOkjrd3
access-control-allow-headers
*
strict-transport-security
max-age=0
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
3CD8ASVPAQC7Z30V
cf-ray
994053a4da5b31d9-WAW
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
listaccounts
accounts.google.com/gsi/fedcm/ 		0
886 B 		FedCM
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/fedcm/listaccounts
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.233.184.84 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wa-in-f84.1e100.net
Software
ESF /
Resource Hash
f80c7a28c7780081af8b273543b91fc9a1f29fbe2891e5f67218e4952bd2154a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-fYjteKOVf2LKYeYuzTblPA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-disposition
attachment; filename="json.txt"; filename*=UTF-8''json.txt
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-fYjteKOVf2LKYeYuzTblPA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-type
application/json; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
date
Sat, 25 Oct 2025 08:26:02 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
en-us-json-80aad5a.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame C007 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-80aad5a.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-80aad5a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.198.54.3 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9cc9a0c33e8f0a92ae6b066dffd5f6f1dbb8da33010b8898297e44e4a66334a
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age
0
content-encoding
br
cf-cache-status
HIT
etag
W/"ab9bdda3847e8d3b65353203cfa2118a"
x-amz-version-id
IWr8EwttIbeWiHGwBa.S96g1Lp9DXOLt
age
163050
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HA61hN0BrO2soIZWj6BE2zXtjZUXsfoP1O1LP9tu2twm10LH0Bme8REwU2P3gj8kWyAANebkEkWfaVlFkyjX9r7iYnQgNFGggIfCiXzABvX6FnnnVrPboC1SFm%2Bs%2BMcueGnifws%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, HEAD
expires
Fri, 23 Oct 2026 09:40:29 GMT
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 23 Oct 2025 09:40:30 GMT
vary
Accept-Encoding
x-amz-id-2
wipHibd2zRD+rwKH40w13bwrkFQmvElbNfYUPQ5uFZRdHimJWUBDFa5Ln8WgoZnDai20+WAEWt1ItJ+sW3RNtZ/3dIavfpdN
access-control-allow-headers
*
strict-transport-security
max-age=0
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
EMFMR8BA246Y0NGS
cf-ray
994053a68cb131d9-WAW
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
config
readinc.zendesk.com/embeddable/ Frame C007 		665 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://readinc.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-80aad5a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.198.53.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60510e095ea96735d577e23f606032a5c2d4fe6b162b8d1bb5e05ad8f9b2eed9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age
7200
x-request-id
994052ed2cfbba86-IAD
access-control-expose-headers
content-encoding
br
x-zendesk-origin-server
embeddable-app-server-65f567dd7-twt9k
cf-cache-status
HIT
age
16
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=snJDPhbSD%2BP28DCFiziX73ozSQxL8VSvisBIpxPfLZsqCyIIdOOLOE9oxzbiIEQS32pUEMv9pwtojqJzAzeP1FsrJANoawqfhUem0MBeoe5VasccICNY79e0tOyPKUos002YQro%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
date
Sat, 25 Oct 2025 08:26:02 GMT
content-type
application/json; charset=utf-8
vary
Origin, Accept-Encoding
x-runtime
0.002122
last-modified
Sat, 25 Oct 2025 08:25:33 GMT
x-cache-status
EXPIRED
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
zendesk-service
embeddable
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time
6
x-envoy-decorator-operation
/embeddable
via
zorg
cf-ray
994053a73ed17d8d-WAW
access-control-allow-origin
*
x-zendesk-zorg
yes
server
cloudflare
token
api.read.ai/users/me/ 		30 B
280 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.read.ai/users/me/token
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
98.88.67.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-88-67-63.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
cfec9feffbcc0dabaa0f92491e3609eeb1e9bc8d17625cd7f043be03b609c812
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

X-Read-App-Info
@app/webapp:v2.63.0
Referer
https://app.read.ai/
X-Read-App-Location
https://app.read.ai/analytics/signin?redirectTo=https%3A%2F%2Fapp.read.ai%2Fanalytics%2Flanding
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://app.read.ai
content-length
30
date
Sat, 25 Oct 2025 08:26:03 GMT
content-type
application/json
vary
Origin
server
uvicorn
x-frame-options
DENY
token
api.read.ai/users/me/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.read.ai/users/me/token
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
98.88.67.63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-88-67-63.compute-1.amazonaws.com
Software
uvicorn /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-read-app-info,x-read-app-location
Access-Control-Request-Method
POST
Origin
https://app.read.ai
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-read-app-info,x-read-app-location
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://app.read.ai
access-control-max-age
600
content-length
2
content-type
text/plain; charset=utf-8
date
Sat, 25 Oct 2025 08:26:02 GMT
server
uvicorn
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-frame-options
DENY
truncated
/ 		37 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d46d54aca0f0344e1d99e475ddb37760ccca0c7a3bb179b2374aed9eb4525222

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		293 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 57CB 		200 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/basil/stripe.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-4.fra60.r.cloudfront.net
Software
Cloudfront /
Resource Hash
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.read.ai/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
3576
alt-svc
h3=":443"; ma=86400
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sat, 25 Oct 2025 07:26:28 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Thu, 09 Oct 2025 21:31:41 GMT
origin-agent-cluster
?1
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 ab85f05f60638addab7913cfb252c99a.cloudfront.net (CloudFront)
x-amz-cf-id
5rM5fnerTNW2xaMcQU1OkRn7zqtFnCEr23i823CqVl7k2u1l295o4A==
x-amz-cf-pop
FRA60-P10
x-cache
Hit from cloudfront
x-content-type-options
nosniff
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-2Y1H5ZJMBK&gtm=45je5am0v882048435za200zd882048435&_p=1761380761895&gcs=G100&gcd=13p3p3p2p5l1&npa=1&dma_cps=-&dma=1&gdid=dMWZhNz&cid=395644533.1761380763&ul=pl-pl&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_eu=AEA&_s=1&tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480710~115583768~115938466~115938469~116217636~116217638&sid=1761380760&sct=1&seg=0&dl=https%3A%2F%2Fapp.read.ai%2Fanalytics%2Fsignin%3FredirectTo%3Dhttps%253A%252F%252Fapp.read.ai%252Fanalytics%252Flanding&dt=Read%20-%20Zaloguj%20si%C4%99&_tu=CA&en=scroll&_fv=1&_nsi=1&_ss=1&ep.debug=false&epn.percent_scrolled=90&tfd=4080
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://app.read.ai/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:103:0
report-to
{"group":"ascnsrsggc:103:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:103:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://app.read.ai
cross-origin-opener-policy-report-only
same-origin; report-to=ascnsrsggc:103:0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 25 Oct 2025 08:26:03 GMT
content-type
text/plain
server
Golfe2
shared-caf83cc577d2fe065563df3b839aae57.js
js.stripe.com/v3/fingerprinted/js/ Frame 0869 		773 KB
168 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-caf83cc577d2fe065563df3b839aae57.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-with-preconnect-e69592bba60955b937cda4ffc13a98a6.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.58.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-58-4.fra60.r.cloudfront.net
Software
Cloudfront /
Resource Hash
2e3b47b1b2033b12ffd3027b0fe22188eb8f530ab2386561b7d5cc8aedebfe84
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Referer
https://js.stripe.com/v3/controller-with-preconnect-e69592bba60955b937cda4ffc13a98a6.html

Response headers

content-encoding
br
etag
W/"6b722c4e67353ad1b005c9db58e2031b"
age
1283
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Id9MdYMuJPtfQdR3ps8pN7-ED_rMMWV41Qa6tc6CqfrhPKwxkxId_w==
date
Sat, 25 Oct 2025 08:04:41 GMT
content-type
text/javascript; charset=utf-8
last-modified
Fri, 24 Oct 2025 20:02:28 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=31536000
timing-allow-origin
*
via
1.1 ab85f05f60638addab7913cfb252c99a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA60-P10
server
Cloudfront
controller-with-preconnect-770b83debe78677c2db14644e82b506a.js
js.stripe.com/v3/fingerprinted/js/ Frame 0869 		0
0
m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
js.stripe.com/v3/fingerprinted/js/ Frame 57CB 		0
0
/
moxy.read.ai/track/ 		25 B
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://moxy.read.ai/track/?verbose=1&ip=1&_=1761380765582
Requested by
Host: app.read.ai
URL: https://app.read.ai/assets/main-Cpeb595w.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.87.253 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-87-253.compute-1.amazonaws.com
Software
nginx/1.29.0 /
Resource Hash
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://app.read.ai/

Response headers

strict-transport-security
max-age=604800; includeSubDomains
access-control-max-age
1728000
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
x-envoy-upstream-service-time
36
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 google
access-control-allow-origin
https://app.read.ai
alt-svc
clear
content-length
25
date
Sat, 25 Oct 2025 08:26:06 GMT
content-type
application/json
server
nginx/1.29.0
access-control-allow-headers
X-Requested-With, Content-Type, X-Amzn-Trace-Id

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
js.stripe.com
URL
https://js.stripe.com/v3/fingerprinted/js/controller-with-preconnect-770b83debe78677c2db14644e82b506a.js
Domain
js.stripe.com
URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Verdicts & Comments Add Verdict or Comment

48 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 function| READ_ERROR_FALLBACK object| SENTRY_RELEASE object| _sentryDebugIds string| _sentryDebugIdIdentifier object| __SENTRY__ string| __reactRouterVersion object| __STATSIG__ function| __mp_recorder object| google_tag_manager object| google_tag_data object| dataLayer function| onYouTubeIframeAPIReady object| READ_STRIPE_ERROR_PROMISE object| msal object| meet function| READ_ONE_TAP_CALLBACK object| zEWebpackACJsonp function| zE function| zEmbed boolean| MotionIsMounted object| webpackChunkStripeJSouter function| noop function| Stripe object| __SJS_PERF_STATE__ object| default_gsi object| _F_toggles_default_gsi object| google object| __G_ID_CLIENT__ object| closure_lm_873632 object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent boolean| zEACLoaded object| CookiebotDialog object| CookieConsentDialog function| $zopim function| gtag object| gaGlobal

4 Cookies

Domain/Path Name / Value
.read.ai/ Name: readCsrfToken
Value: WHyB3mBkZ1lIJi7tB5T4KWuaEF5xGdqL9Pw31fmweyYP77GiUgIRJuZ4iLgG6e39
.app.read.ai/ Name: mp_68e743b21f2eb5cbbfd12657136457ad_mixpanel
Value: %7B%22distinct_id%22%3A%22%24device%3Aeaed646e-b907-4628-a851-aa053e1a4341%22%2C%22%24device_id%22%3A%22eaed646e-b907-4628-a851-aa053e1a4341%22%2C%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%2C%22__mps%22%3A%7B%7D%2C%22__mpso%22%3A%7B%22%24initial_referrer%22%3A%22%24direct%22%2C%22%24initial_referring_domain%22%3A%22%24direct%22%7D%2C%22__mpus%22%3A%7B%7D%2C%22__mpa%22%3A%7B%7D%2C%22__mpu%22%3A%7B%7D%2C%22__mpr%22%3A%5B%5D%2C%22__mpap%22%3A%5B%5D%2C%22user_agent%22%3A%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F141.0.0.0%20Safari%2F537.36%22%2C%22client_app%22%3A%22browser%22%7D
app.read.ai/ Name: msal.cache.encryption
Value: %7B%22id%22%3A%22019a1a79-808a-7396-b51b-87570caeedb0%22%2C%22key%22%3A%22hDrxyzt3Ialxt4UwfT-wv9zZ18u83ihV0lfzfhc6WCY%22%7D
.read.ai/ Name: g_state
Value: {"i_l":0,"i_ll":1761380762245,"i_b":"8bifFcEKIL3ug8SmV/O16T83s2y+SBqIhPNeyrd4afQ"}

4 Console Messages

Source Level URL
Text
network error URL: https://api.read.ai/users/me
Message:
Failed to load resource: the server responded with a status of 401 ()
other error URL: https://app.read.ai/analytics/signin?redirectTo=https%3A%2F%2Fapp.read.ai%2Fanalytics%2Flanding
Message:
Provider's accounts list is empty.
network error URL: https://api.read.ai/users/me
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://api.read.ai/users/me/token
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.read.ai; style-src 'self' accounts.google.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' snap.licdn.com *.redditstatic.com connect.facebook.net *.cookiebot.com *.gstatic.com gstatic.com *.google.com *.googletagmanager.com *.stripe.com *.zdassets.com static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' blob: stats.g.doubleclick.net www.redditstatic.com *.reddit.com *.google.com *.google-analytics.com *.googletagmanager.com *.read.ai blob: *.googleapis.com featureassets.org prodregistryv2.org assetsconfigcdcn.org *.sentry.io *.zdassets.com *.zendesk.com res.cdn.office.net beyondwickedmapping.org cloudflare-dns.com statsigapi.net px.ads.linkedin.com *.run.app conversionsapigateway.com *.cookiebot.com *.facebook.com login.microsoftonline.com graph.microsoft.com onedrive.live.com; img-src 'self' blob: data: *.read.ai *.linkedin.com *.facebook.com connect.facebook.net *.reddit.com reddit.com *.google-analytics.com *.googletagmanager.com www.google.com px.ads.linkedin.com s3.amazonaws.com *.atlassian.net 'unsafe-inline'; media-src 'self' blob: data: *.read.ai download-video.akamaized.net player.vimeo.com read.ai readai-assets-production.s3.amazonaws.com; worker-src 'self' blob: data: *.read.ai; base-uri 'self'; font-src fonts.gstatic.com; form-action 'self' *.facebook.com *.read.ai *.sharepoint.com *.live.com; frame-ancestors 'self' app.hubspot.com teams.microsoft.com *.teams.microsoft.com *.cloud.microsoft *.skype.com login.microsoftonline.com *.twitter.com twitter.com *.x.com x.com meet.google.com *.meet.google.com *.live.com; frame-src 'self' consentcdn.cookiebot.com *.facebook.com *.google.com content.googleapis.com *.stripe.com player.vimeo.com login.microsoftonline.com *.live.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
api.read.ai
app.read.ai
consent.cookiebot.com
consentcdn.cookiebot.com
ekr.zdassets.com
featureassets.org
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
moxy.read.ai
o992397.ingest.sentry.io
prodregistryv2.org
readinc.zendesk.com
region1.google-analytics.com
static.zdassets.com
www.google.com
www.googletagmanager.com
js.stripe.com
104.110.240.169
13.35.58.124
13.35.58.4
142.250.185.100
142.250.185.227
142.250.186.136
142.250.186.138
18.173.205.64
18.213.87.253
216.198.53.3
216.198.53.6
216.198.54.3
216.239.32.36
23.215.20.211
34.120.195.249
34.128.128.0
64.233.184.84
98.88.67.63
06585cd257763aa3b53e1de63489b8e97c4f4ccaf90c6bb38368401f665197f5
073f494be74f6861c6c1ee17573ec38f714f70f33043bdc5f4bab7f3eed8e1b1
1dd49afc07fb2231b2ff686cbf007725fb2742271bb1f28ebd98f22a0d817343
21e3f2c31ba605a773a378d10e5d2921725192937933583f291cf2b3b2f2376b
2aa17fc7b072e46652e84bbe3dbba9ec57cdea320d89e8c951ed7cf3218c300b
2e3b47b1b2033b12ffd3027b0fe22188eb8f530ab2386561b7d5cc8aedebfe84
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
362699d56d9c7d945e1a99175423b359f2aebb6461d03135f80822347b345de3
3786181b1a6bdea885939bd26c746bbc01b3ce4610d4c6aabc09f1d450e14632
37c2c19075b3af57d361d447a83f7daee1556c2251ba3418a956a75f95df96fe
3ceb3d73867b1e6b7afd0ab69e54fc13efa43802621d11d59582e04f477012ff
3f8adb2691d8b97c56b366d9d78cadda3cfff040dd9b20104e1b031e1e117c4d
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
449a05234c179f92cedda0b99b2f16d311214393fcae0313dcd39f228d7c624f
54f3a15767f27295314aaa24214fb75611ea8548c959d03c0ab056f6fb02fb40
574e089a737aab0f105fef4ea065af47764d8ebcd2e94121f327022dd2401c46
60510e095ea96735d577e23f606032a5c2d4fe6b162b8d1bb5e05ad8f9b2eed9
63c36fe9a15380f1ef974fe0fc4954fb993ce76a5799dae229f7aef0848376e4
6995ea81144b58b08c3d5e9e7ac9588ab854e7d4a4789b71d7ee21cef1d3a36d
6de849c4fd2c1f6ababf48644d8583d018349ec63024b7e9580f055ecce3a831
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
797300cc76f7fcd23614accc72ab88e40deef3ecb390ccdbacd5258ae405ae35
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
8561e655668574bbccb9c1b0d910462dae3690e35da491d7d490407e5efe840d
8758fcdfb523e4c66f3c3b5b1e0cfee8b22a6980a2d60823a7cad2aa4c8f7deb
89e21b436e4c7edcdedaefdf34b69a2f748ed6ebe3a29bacf212975a78a7b4c1
90b34db5140a34fe71f082885a7f7d302369ec7c58f8421ae9648514712bf6cc
91ab22dea7363fd24f310c4b1bf3e7b3686c8850d7833824442efec197b5e581
9efd3e8348c1b9bd5175578ee6a0f81ce860c81acc925249245e1550e14babbe
ab5bdcca3427ae1194cdd9b3466184d69c1830e55ad7f2e3f865188ddab44acf
b0b1ac513e4c3f8192ab3285f088541c05487c3a4f9e56a9f8f849370698f433
b79ac535bda1c0806ce2d3e25bde439baf9dca12f7a6e23bdbc403d72c65276b
b9cc9a0c33e8f0a92ae6b066dffd5f6f1dbb8da33010b8898297e44e4a66334a
bf8fae3e1391c37e3e3cfcaa609371e155ad4f000ebdd3c8ea488f949a4741d2
c3e606051dc0106a9e30d26f110dbb1b835f7a7f2042caa0622ff01f13ef7e5e
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cfec9feffbcc0dabaa0f92491e3609eeb1e9bc8d17625cd7f043be03b609c812
d46d54aca0f0344e1d99e475ddb37760ccca0c7a3bb179b2374aed9eb4525222
d49e8f04be7ccbb69e87ae474ee50f6903b780451989e66d35ffc247a80510fe
d7ba610864f55019010a006c2d14b01be139ce51d372894e7b992d5e7e9eaa62
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6cfe1775ac47b232aba1bd67631e8e9923580a30477d992094c1f87e55802b7
e7bc1c531e38c4b4426fc517ea855844f31a5d8bf1c6ff7a45e32eb92dbfad6b
e871bb71bfb534927f5f7f31383d04d01deebbeb180d40ed5f8d344794e2616d
ee80d649f7214975419d02e01ed7b4f823303393186efe495284cfafc8afd35d
f30a2f101b045d24748cdbb5e2082e3216ae8ecfcc2f091af638786d3eced120
f80c7a28c7780081af8b273543b91fc9a1f29fbe2891e5f67218e4952bd2154a
f827579163615640da9151a9071aae4b19c20ba519b955afe9edf99274898fd9
fc05b54a996d9fcf8b2c768c23f2c5a3299a2a4a76b86b23a7dfade361778f82
ffca0b9d68bd08a418f86092e94c55062737ee577942e597385657b6351b68d0