app.canopy.rent Open in urlscan Pro
2600:9000:21f3:d400:1f:f09:c880:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
Effective URL:
https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
Submission: On October 24 via manual (October 24th 2022, 11:47:39 am UTC) from GB — Scanned from GB

Summary HTTP 61 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 20 IPs in 5 countries across 13 domains to perform 61 HTTP transactions. The main IP is 2600:9000:21f3:d400:1f:f09:c880:93a1, located in United States and belongs to AMAZON-02, US. The main domain is app.canopy.rent.
TLS certificate: Issued by Amazon on July 17th 2022. Valid for: a year.

This is the only time app.canopy.rent was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	2600:9000:21f... 2600:9000:21f3:d400:1f:f09:c880:93a1	16509 (AMAZON-02) (AMAZON-02)
11	104.18.70.113 104.18.70.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.225.78.123 13.225.78.123	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	35.158.159.232 35.158.159.232	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	3.248.45.153 3.248.45.153	16509 (AMAZON-02) (AMAZON-02)
3	13.225.78.75 13.225.78.75	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
3	54.187.119.242 54.187.119.242	16509 (AMAZON-02) (AMAZON-02)
2	104.16.51.111 104.16.51.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:20e... 2600:9000:20eb:9a00:19:7d10:bd80:93a1	16509 (AMAZON-02) (AMAZON-02)
1 4	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	52.41.97.242 52.41.97.242	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0a::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
61	20

17 2600:9000:21f3:d400:1f:f09:c880:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

app.canopy.rent	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.18.70.113 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.78.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-123.fra2.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.158.159.232 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-159-232.eu-central-1.compute.amazonaws.com

widget.usersnap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebase.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.248.45.153 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-45-153.eu-west-1.compute.amazonaws.com

backend-prod.canopy.rent	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.78.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-75.fra2.r.cloudfront.net

resources.usersnap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebaseinstallations.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.51.111 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

insurestreet.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:9a00:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.41.97.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-41-97-242.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebaseremoteconfig.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	canopy.rent 1 redirects app.canopy.rent backend-prod.canopy.rent	2 MB
11	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 1991 ekr.zdassets.com — Cisco Umbrella Rank: 2280	296 KB
8	googleapis.com firebase.googleapis.com — Cisco Umbrella Rank: 6379 firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 562 firebaseremoteconfig.googleapis.com — Cisco Umbrella Rank: 469	4 KB
7	stripe.com js.stripe.com — Cisco Umbrella Rank: 1212 q.stripe.com — Cisco Umbrella Rank: 7555 m.stripe.com — Cisco Umbrella Rank: 1150	95 KB
4	facebook.com 1 redirects www.facebook.com — Cisco Umbrella Rank: 107	253 B
4	usersnap.com widget.usersnap.com — Cisco Umbrella Rank: 33221 resources.usersnap.com — Cisco Umbrella Rank: 45721	427 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1274	16 KB
2	zendesk.com insurestreet.zendesk.com	932 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 151	111 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6045	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 84	347 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 5017	347 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 61	66 KB
61	13

	Domain	Requested by
17	app.canopy.rent	1 redirects app.canopy.rent
10	static.zdassets.com	app.canopy.rent static.zdassets.com
4	firebaseremoteconfig.googleapis.com	app.canopy.rent
4	www.facebook.com	1 redirects app.canopy.rent
3	q.stripe.com	app.canopy.rent
3	resources.usersnap.com	widget.usersnap.com resources.usersnap.com
3	js.stripe.com	app.canopy.rent js.stripe.com
2	m.stripe.network	js.stripe.com m.stripe.network
2	insurestreet.zendesk.com	static.zdassets.com
2	firebaseinstallations.googleapis.com	app.canopy.rent
2	backend-prod.canopy.rent	app.canopy.rent
2	firebase.googleapis.com	app.canopy.rent
2	connect.facebook.net	app.canopy.rent connect.facebook.net
1	www.google.de	app.canopy.rent
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	m.stripe.com	m.stripe.network
1	www.googletagmanager.com	app.canopy.rent
1	widget.usersnap.com	app.canopy.rent
1	ekr.zdassets.com	static.zdassets.com
61	20

This site contains links to these domains. Also see Links.

Domain
www.google.com
support.apple.com
www.microsoft.com
www.mozilla.org

Subject Issuer	Validity	Valid
app.canopy.rent Amazon	`2022-07-17` - `2023-08-15`	a year	crt.sh
ssl1036557.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2022-06-08` - `2022-12-15`	6 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2022-10-19` - `2023-01-11`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-08-02` - `2022-10-31`	3 months	crt.sh
usersnap.com Amazon	`2022-09-08` - `2023-10-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
backend-prod.canopy.rent Amazon	`2022-09-30` - `2023-10-28`	a year	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-06` - `2022-12-07`	3 months	crt.sh
insurestreet.zendesk.com Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-15` - `2023-01-26`	4 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
Frame ID: F906AF3CB44AA477DBED404E1336D3BC
Requests: 34 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 6740D435A93CD83D60860769BC3610F0
Requests: 4 HTTP requests in this frame

Frame: https://resources.usersnap.com/widget-assets/js/entries/globalSetup/f0a6a22055117c511a5e.js
Frame ID: 53E7DA4A2D2ED826DD8BBD6F8B07F764
Requests: 1 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/latest/web-widget-framework-e02dceabb69d6ba4a66a.js
Frame ID: 0B1506647DCC36D12AB012AAFEF9E6CE
Requests: 11 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 5D7A5CEDFD4582A45C0211D3D5C609D8
Requests: 4 HTTP requests in this frame

Frame: data://truncated
Frame ID: BFA824829015C5D3855C18C23088460D
Requests: 1 HTTP requests in this frame

Frame: https://resources.usersnap.com/widget-assets/js/entries/globalSetup/f0a6a22055117c511a5e.js
Frame ID: 7ABCD7E195FDD3F651D49194B81C7B80
Requests: 1 HTTP requests in this frame

Frame: https://resources.usersnap.com/widget-assets/js/entries/setup/2212378e2fc4815deae5.js
Frame ID: FAA3DCEDCA5290FB8D74CEE4BB912835
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Canopy

Page URL History Show full URLs

http://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a HTTP 301
https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

61
Requests

98 %
HTTPS

58 %
IPv6

13
Domains

20
Subdomains

20
IPs

5
Countries

2920 kB
Transfer

10666 kB
Size

6
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.google.com/intl/en_uk/chrome
Title: Google Chrome

Search URL Search Domain Scan URL

URL: https://support.apple.com/downloads/safari
Title: Safari

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/edge
Title: Microsoft Edge

Search URL Search Domain Scan URL

URL: https://www.mozilla.org/en-GB/firefox/new
Title: Mozilla Firefox

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a HTTP 301
https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://www.facebook.com/tr/?id=485745345895374&ev=Microdata&dl=https%3A%2F%2Fapp.canopy.rent%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&rl=&if=false&ts=1666612055003&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Canopy%22%2C%22meta%3Adescription%22%3A%22Be%20rent%20ready%20with%20Canopy!%20Easy%20references%2C%20great%20offers%20%26%20credit%20history%20boosts.%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22Canopy%22%2C%22og%3Adescription%22%3A%22Be%20rent%20ready%20with%20Canopy!%20Easy%20references%2C%20great%20offers%20%26%20credit%20history%20boosts.%22%2C%22og%3Aimage%22%3A%22%2Ffavicons%2Fcanopy-og.png%3Fv%3Dngj3bb3jOR%22%2C%22twitter%3Aurl%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.87&r=stable&ec=2&o=30&fbp=fb.1.1666612054491.1031237333&it=1666612054337&coo=false&es=automatic&tm=3&rqm=GET HTTP 302
https://www.facebook.com/tr/?cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Canopy%22%2C%22meta%3Adescription%22%3A%22Be%20rent%20ready%20with%20Canopy!%20Easy%20references%2C%20great%20offers%20%26%20credit%20history%20boosts.%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22Canopy%22%2C%22og%3Adescription%22%3A%22Be%20rent%20ready%20with%20Canopy!%20Easy%20references%2C%20great%20offers%20%26%20credit%20history%20boosts.%22%2C%22og%3Aimage%22%3A%22%2Ffavicons%2Fcanopy-og.png%3Fv%3Dngj3bb3jOR%22%2C%22twitter%3Aurl%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&coo=false&dl=https%3A%2F%2Fapp.canopy.rent%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&ec=2&es=automatic&ev=Microdata&fbp=fb.1.1666612054491.1031237333&id=485745345895374&if=false&it=1666612054337&o=30&r=stable&redirect=0&rl=&rqm=GET&sh=1200&sw=1600&tm=3&ts=1666612055003&v=2.9.87

61 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request eda5458e-9f3c-48b0-af76-f38b69d0ee1a Show response
app.canopy.rent/references/employer-submit/
Redirect Chain

http://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

4 KB
4 KB

464ms
340ms

Document
text/html

2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a062bafde357f9074855bfb82ace90964d26d5e90b7332fac4fdcc1be704d5d7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

content-encoding: gzip
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
content-type: text/html
date: Mon, 24 Oct 2022 11:47:34 GMT
etag: W/"324e44a35947ed33fdccbc557f1c2b90"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
last-modified: Wed, 19 Oct 2022 18:49:22 GMT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
referrer-policy: same-origin
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Origin
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
x-amz-cf-id: uSEaf2b3TphC_Y7yGwORW6eqM3ZeOEMe0uUc-AE89rvJTnm6UK4wbQ==
x-amz-cf-pop: FRA2-C2
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
x-amz-server-side-encryption: AES256
x-amz-version-id: BLXbFK52UiP_PW2HoE0EyfgPVLf5xkkR
x-cache: Error from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 167
Content-Security-Policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Content-Type: text/html
Date: Mon, 24 Oct 2022 11:47:32 GMT
Expect-CT: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
Feature-Policy: microphone 'none'; camera 'none'; geolocation 'self';
Location: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
NEL: {"report_to":"default","max_age":31536000,"include_subdomains":true}
Referrer-Policy: same-origin
Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
Server: CloudFront
Vary: Origin
Via: 1.1 882f747f39885162595630c95dd0012c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: aVBidASwLn6hSty0UQZbyEdJEuBvo7RH2atiJFH3SMty2phXgJGD0g==
X-Amz-Cf-Pop: FRA2-C2
X-Cache: Redirect from cloudfront
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block

GET
H2 200 fallback.css
app.canopy.rent/ 1 KB
3 KB 199ms
198ms Stylesheet
text/css 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/fallback.css?v=ngj3bb3jOR

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

15197df810cf88af37e79079d095a62d3f0e3961f5eac631f2a42ea33fd0c174

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: oAJ51T71nzGufaepH1_7D2RnCtNjmRHi
content-encoding: gzip
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
date: Mon, 24 Oct 2022 11:47:34 GMT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:20 GMT
server: AmazonS3
etag: W/"2561440d281fa931cb56f6227aa84ec5"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: text/css
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
x-amz-cf-id: oStKhjq8mIUVzzNth1PLvxjHelsApdoTzN0PCe8UJTmEFghn_n7l-Q==

GET
H2 200 first-input-delay.js Show response
app.canopy.rent/ 696 B
3 KB 209ms
208ms Script
application/x-javascript 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/first-input-delay.js?v=ngj3bb3jOR

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8814f979fabccd152308465e0fbeb1194b6dbfe0e4d61a6923002b1f13386e2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: Xnaxyz3E3wCKWJrmqdMtVgfpzZJbt3Mx
date: Mon, 24 Oct 2022 11:47:34 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 696
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:22 GMT
server: AmazonS3
etag: "d0c3e01e661b836af8ca5e5bf264f8ff"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: application/x-javascript
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
accept-ranges: bytes
x-amz-cf-id: DVn1DwGZX6CVg4q5xvmw_WeS48jvUzYepZsMsOjBLv0iQyLaM_umRw==

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ 23 KB
6 KB 146ms
54ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=eaf16d21-8748-43be-a897-087997817e99

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c71a7bdc6e1f2f8875556b690007a65be9e5ae1fb285f76d85180c89a3fa52d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:33 GMT
x-amz-version-id: TCAqq4sghBBBAAXd3MLZ8Fy8XIds..vO
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: A3YK84X4W7C3EBX5
age: 25
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: PmMZJ2IuYmCLtjZpmxAxUoFRJ6IjkHes+GZob9NxX/MdvNP7RJOKqoGO2VcRO/hV0PuRIiYIeIk=
last-modified: Thu, 28 Jul 2022 23:44:02 GMT
server: cloudflare
etag: W/"5cae6ce528dce0c327b2bcbaad459fdb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=3600, s-maxage=60
cf-ray: 75f27a74986976f9-LHR

GET
H2 200 main.b7b8ad50.chunk.css
app.canopy.rent/static/css/ 954 B
3 KB 207ms
206ms Stylesheet
text/css 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/static/css/main.b7b8ad50.chunk.css

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

ab22936fa5d83682e689ba4e7cfd301591a43bbc101ec24576375d39c009dc37

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: pRacp2ParguW5aLmUoxeqQDuj4GC7W7w
date: Mon, 24 Oct 2022 11:47:34 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 954
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:23 GMT
server: AmazonS3
etag: "bbe184f793110eb57612db1a803cb8a9"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: text/css
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
accept-ranges: bytes
x-amz-cf-id: Ey1-ABDIFJZdriuBD8Dz9becYVfgAJGhapYxWzI_GFqnxrKyxYKpHg==

GET
H2 200 canopy.png
app.canopy.rent/fallback-img/ 3 KB
5 KB 469ms
468ms Image
image/png 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.canopy.rent/fallback-img/canopy.png?v=ngj3bb3jOR

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

af07008ab062c330b756c0c297e9a76f93f68c5f051f48408ce9dac9a475d043

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: i..cp.gj5EOxg2S5yzvt7BAYAU36n6.Z
date: Mon, 24 Oct 2022 11:47:34 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 2961
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:20 GMT
server: AmazonS3
etag: "76ab71d314b785b5f351b77f263dd30c"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: image/png
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
accept-ranges: bytes
x-amz-cf-id: yHS_4ZNsmsHqioHodyYzG7jmVAzU1qMHZOHwC_YXhcMBeBaG0wo8Kw==

GET
H2 200 chrome.png
app.canopy.rent/fallback-img/ 7 KB
9 KB 459ms
458ms Image
image/png 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.canopy.rent/fallback-img/chrome.png?v=ngj3bb3jOR

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8316272fc6f8b812cf9ed7e9614b94217bbe9272091198766c8643127fb7ed0e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: 9TovcC54bRgjzlK4oygZ3uYLqCVhYx88
date: Mon, 24 Oct 2022 11:47:34 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 6791
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:20 GMT
server: AmazonS3
etag: "2365988f5c1b51b3cd3e17d45880445b"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: image/png
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
accept-ranges: bytes
x-amz-cf-id: xkhkJvMomWsMIF5qHjybsZ6ugqLGZOeYmiJjD0ZiafTbhvW1GqrICg==

GET
H2 200 safari.png
app.canopy.rent/fallback-img/ 13 KB
16 KB 462ms
461ms Image
image/png 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.canopy.rent/fallback-img/safari.png?v=ngj3bb3jOR

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

1e266511a00a04e8a2305706741c7ffdbddca4daf85c17628342995aa970f903

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: wnUw3V3RagTKCzOqG2Ak6MhEe_2Zx38N
date: Mon, 24 Oct 2022 11:47:34 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 13701
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:20 GMT
server: AmazonS3
etag: "e44ca6259381592cfba78c492b22d31f"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: image/png
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
accept-ranges: bytes
x-amz-cf-id: cdQ7PDizb8BtcEpuckiowX6MWb2ei9oLUu18PmtDIzgFghb5hZD7qg==

GET
H2 200 edge.png
app.canopy.rent/fallback-img/ 6 KB
8 KB 461ms
460ms Image
image/png 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.canopy.rent/fallback-img/edge.png?v=ngj3bb3jOR

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fe7d7ad17b6733df1f4fc39f23c577e44d5dbb4c634370052faf0b21d9816051

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: lYfY46Z4Kj8YxPYaBILaTtI87HQjoegV
date: Mon, 24 Oct 2022 11:47:34 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 6000
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:20 GMT
server: AmazonS3
etag: "8d91da36862147063d7ec15aa47ea49e"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: image/png
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
accept-ranges: bytes
x-amz-cf-id: HjgiLU12gtL0EBZKNUkoV6LB-XDsy0KSghc7_0YBvJHXkoIbOqes_Q==

GET
H2 200 firefox.png
app.canopy.rent/fallback-img/ 9 KB
11 KB 460ms
459ms Image
image/png 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.canopy.rent/fallback-img/firefox.png?v=ngj3bb3jOR

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f663f4def9b8621652e14b7b1b4be9ba0337a9dbd69fed7e2ecc1829c69bd515

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: .9AqKhmRKM_gpYBbT5z8v1kHKZSdjooX
date: Mon, 24 Oct 2022 11:47:34 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 8862
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:20 GMT
server: AmazonS3
etag: "4b83ff160e2f944772c23a818dd919b9"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: image/png
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
accept-ranges: bytes
x-amz-cf-id: aHzjf8ppaGhQRBePbfP9YVMnYB2jcqYSGAZ0Hu4W8pZGUGHkO8IgVA==

GET
H2 200 not-supported-check.js Show response
app.canopy.rent/ 136 B
2 KB 464ms
464ms Script
application/x-javascript 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/not-supported-check.js?v=ngj3bb3jOR

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

310abe0b68c61c4d03db96ce83c039c1261e8cbacff3b55bdefa1c25935d608a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: n27AXRFKUJtR2LxFRnKQPW6LaMXnVIbg
date: Mon, 24 Oct 2022 11:47:34 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 136
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:23 GMT
server: AmazonS3
etag: "8ec28b36e30b304a5a6d3a2655284dae"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: application/x-javascript
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
accept-ranges: bytes
x-amz-cf-id: mB9BOYdnY1Mm-rxg4Yfbz_706z9xzjIuaAdK-HwMOAT63-4vWbUoOA==

GET
H2 200 / Show response
js.stripe.com/v3/ 375 KB
91 KB 206ms
67ms Script
text/javascript 13.225.78.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-123.fra2.r.cloudfront.net

Software

Cloudfront /

Resource Hash

46faf4707babe3c2dd9e9e4c5ec6b45edbf5cab9a1a85a6aa05665318a0e2c7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 24 Oct 2022 11:46:58 GMT
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 51
x-cache: Hit from cloudfront
last-modified: Thu, 20 Oct 2022 17:10:39 GMT
server: Cloudfront
etag: W/"651b878c6e308ae23565d2540c68e811"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: mVzGl5BTkXdJTTGvwbTF5NkRrPdOenpejMNq6gYT3kwMg0aoF5tflA==

GET
H2 200 zd-widget-customization.js Show response
app.canopy.rent/ 129 B
2 KB 470ms
469ms Script
application/x-javascript 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/zd-widget-customization.js?v=ngj3bb3jOR

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c2e7cf6c0a658f9d072c8fdcb23907cccfa23a28ea39d0af2e242dc88f9abb6c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: IiEO1VYtOidCFt1e1rUercOoMJmMpUW6
date: Mon, 24 Oct 2022 11:47:34 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 129
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:52:03 GMT
server: AmazonS3
etag: "220032cff5ca25a86b4a9cdee221e704"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: application/x-javascript
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
accept-ranges: bytes
x-amz-cf-id: US6xyiPPc4lIRDcnrYqGsXDDBsja50CkkoiJ8TerbFEedLkCH8w06A==

GET
H2 200 runtime-main.b43f6220.js Show response
app.canopy.rent/static/js/ 2 KB
4 KB 458ms
456ms Script
application/x-javascript 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/static/js/runtime-main.b43f6220.js

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

709a59b22fb7d682e8f96006bd90e717ffad0b48ac6bf5b20093c005b47bc488

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: DYGWXg9mGKyovV4B0eBihgL3L.THvKwX
content-encoding: gzip
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
date: Mon, 24 Oct 2022 11:47:34 GMT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:25 GMT
server: AmazonS3
etag: W/"62703f5dad2cc9380829fe67bb3f75aa"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
x-amz-cf-id: ZbTXZcD1iUYqszeji75iqN9dF9D8D9nz9FKr2d8HYIht05D_ga6QsQ==

GET
H2 200 2.3dfecced.chunk.js Show response
app.canopy.rent/static/js/ 3 MB
862 KB 183ms
182ms Script
application/x-javascript 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/static/js/2.3dfecced.chunk.js

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

02eca992d254715cc49eaa993560e01a7eaedab01aa7985b56e324446d0165a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: 9BOIn8m_md7WdBf8a3j8DI2WVZj4FN8C
content-encoding: gzip
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
date: Mon, 24 Oct 2022 11:47:34 GMT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:23 GMT
server: AmazonS3
etag: W/"5d5632930f3bc79d6a9d1a9db50bd2be"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
x-amz-cf-id: gltgKcZX_PqWRf1s86G6NJ02P_1l3KH3yyXBNwdFQ-xj6PX36wICcg==

GET
H2 200 main.a236e380.chunk.js Show response
app.canopy.rent/static/js/ 3 MB
773 KB 462ms
460ms Script
application/x-javascript 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/static/js/main.a236e380.chunk.js

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

cdd6c88a9725cfad3681dff79f0a4830fc4063169ceee9037663a2cd663d859b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: X5JRfrA7XCHXz3uuTwcx8kcErJ94dn5N
content-encoding: gzip
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
date: Mon, 24 Oct 2022 11:47:34 GMT
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:24 GMT
server: AmazonS3
etag: W/"6c5ac82d1851027c530c7016632977f7"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
x-amz-cf-id: M0Tb1NnOhEVk3Ob4g1CA3NDyHPFx6zd9sbjkJNyeDMfhj_3cYh04jA==

GET
H2 200 eaf16d21-8748-43be-a897-087997817e99 Show response
ekr.zdassets.com/compose/ 322 B
784 B 307ms
207ms XHR
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/eaf16d21-8748-43be-a897-087997817e99

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=eaf16d21-8748-43be-a897-087997817e99

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8830810d5926d206af9568b5a51b7cc3148fe4561cca1dcd5e083cc600aafa5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:33 GMT
strict-transport-security: max-age=0
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-encoding: br
x-permitted-cross-domain-policies: none
status: 200 OK
x-xss-protection: 1; mode=block
x-request-id: 75eeb5f93f2175cb-SEA, 75eeb5f93f2175cb-SEA
x-runtime: 0.004400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"8830810d5926d206af9568b5a51b7cc3"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=600, public, s-maxage=60, stale-while-revalidate=600, stale-if-error=3600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes
vary: Origin, Accept-Encoding
cf-ray: 75f27a760b9c7443-LHR

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 102 KB
27 KB 175ms
59ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/static/js/main.a236e380.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f8486cf55c57486f26236be045e02ada380d1ee0378008375cf54295c23954c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 24 Oct 2022 11:47:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27027
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 0J41ClUeUKhM4mTymi6yK4nFki51BFCKLwS6NQUhb6PcM2RgwcVuV/L/1zjgKD4JKJufs5yf6zOwuiT5RD6VzQ==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 929bdd28-64f9-43fe-ac62-91c47d199724 Show response
widget.usersnap.com/global/load/ 39 KB
12 KB 240ms
115ms Script
application/javascript 35.158.159.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.usersnap.com/global/load/929bdd28-64f9-43fe-ac62-91c47d199724?onload=onUserSnapCXLoad&n=N8C9/pJVtmF1nzpV0mYhvA==

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/static/js/main.a236e380.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.158.159.232 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-158-159-232.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d85277487764fd69a9543f4cfc220c76e1593252fa3ee560a2f70e6bffe66747

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET
cache-control: max-age=10
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block

GET
H3 200 webConfig Show response
firebase.googleapis.com/v1alpha/projects/-/apps/1:1012724642953:web:c32c1115474586c324c258/ 341 B
249 B 190ms
81ms Fetch
application/json 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:1012724642953:web:c32c1115474586c324c258/webConfig

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/static/js/2.3dfecced.chunk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9c8ae5877b8be11a8dd7c8a8eb4c14f24f932e6cdda13132bf28324906e135c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: application/json
Referer
x-goog-api-key: AIzaSyCxJ9o88k0qwWHMWQHuNEumBe6gNYnxK1s
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://app.canopy.rent
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 226
x-xss-protection: 0

OPTIONS
H2 200 webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:1012724642953:web:c32c1115474586c324c258/ Frame 0
0 211ms
68ms Preflight
text/html 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:1012724642953:web:c32c1115474586c324c258/webConfig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-api-key
Access-Control-Request-Method: GET
Origin: https://app.canopy.rent
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-headers: x-goog-api-key
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://app.canopy.rent
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Mon, 24 Oct 2022 11:47:34 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

OPTIONS
H2 204 eda5458e-9f3c-48b0-af76-f38b69d0ee1a
backend-prod.canopy.rent/employer-reference/by-token/ Frame 0
0 197ms
54ms Preflight 3.248.45.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://backend-prod.canopy.rent/employer-reference/by-token/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.45.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-45-153.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: accept-version,cache-control,content-type
Access-Control-Request-Method: GET
Origin: https://app.canopy.rent
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept-version,cache-control,content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://app.canopy.rent
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
date: Mon, 24 Oct 2022 11:47:34 GMT
expect-ct: max-age=0
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
vary: Origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 eda5458e-9f3c-48b0-af76-f38b69d0ee1a Show response
backend-prod.canopy.rent/employer-reference/by-token/ 302 B
908 B 288ms
287ms Fetch
application/json 3.248.45.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://backend-prod.canopy.rent/employer-reference/by-token/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/static/js/main.a236e380.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.45.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-45-153.eu-west-1.compute.amazonaws.com

Software

Resource Hash

2ba4b0eccd39ce5d6e59203866f041839f4bc206fadfa8a0b6f7da35210abddf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Cache-Control: max-age=0
Referer
Accept-Version: 2.111.0
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/json; charset=utf-8

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
content-length: 302
x-xss-protection: 0
referrer-policy: no-referrer
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://app.canopy.rent
x-download-options: noopen
access-control-allow-credentials: true

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame 6740 200 B
1 KB 59ms
59ms Document
text/html 13.225.78.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-123.fra2.r.cloudfront.net

Software

Cloudfront /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2632
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 24 Oct 2022 11:03:56 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Tue, 18 Oct 2022 00:21:58 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
x-amz-cf-id: tKDZiYiXFFp49GEMZl11mMHOiI6I1QKIORjcZ-VNPM7NHFLWR_EC9Q==
x-amz-cf-pop: FRA2-C2
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 485745345895374 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 59ms
58ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/485745345895374?v=2.9.87&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

01d9de2d59776956db36e4d3599f4d039bd9f9be7371313966217773302d2fe7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 24 Oct 2022 11:47:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 85906
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: vHe6ejkVHf8ue5d+V24X/zC4Ol8UliE5aSkMcn8ridtmcBNucdDfH4p1hipLVdBJkRxFX/9OXst70yLNi8yE3g==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 f0a6a22055117c511a5e.js Show response
resources.usersnap.com/widget-assets/js/entries/globalSetup/ Frame 53E7 588 KB
134 KB 193ms
65ms Script
application/javascript 13.225.78.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.usersnap.com/widget-assets/js/entries/globalSetup/f0a6a22055117c511a5e.js
Requested by: Host: widget.usersnap.com
URL: https://widget.usersnap.com/global/load/929bdd28-64f9-43fe-ac62-91c47d199724?onload=onUserSnapCXLoad&n=N8C9/pJVtmF1nzpV0mYhvA==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-75.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 91e97fa63bc84932971683864b18295da59c21853289d3b3e84914e23569e87b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 10:33:27 GMT
content-encoding: br
via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
last-modified: Mon, 24 Oct 2022 10:12:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 4448
etag: W/"e161ff4a8a601e7d17d8f79ec4b3ad14"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-id: T84b6Tt2X548fM3bmgWC4rkOxz5hsZu379Gc1j_xgZ3Y1sn82KRrDg==

GET
H2 200 web-widget-framework-e02dceabb69d6ba4a66a.js Show response
static.zdassets.com/web_widget/latest/ Frame 0B15 151 KB
49 KB 63ms
63ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/web-widget-framework-e02dceabb69d6ba4a66a.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=eaf16d21-8748-43be-a897-087997817e99

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05e81951cb0bc3f592e60a131ac3805cbc7a000867817e1b74af8f47be1529ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
x-amz-version-id: vYvcsd9O9PmUzPEJ.wRavv6qOXpX1g4W
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: YFADNFKCY71TMVWQ
age: 40524
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: 7eIHgNGg3ewe0RvHf5C+kxedA0ir0lQMoNg1Au4uRgJ9ge3qxHaCs6qFDqyzBfVZD5GoWs2VK7c=
last-modified: Fri, 21 Oct 2022 09:51:36 GMT
server: cloudflare
etag: W/"f99c9292ba9d845b89822045698023dd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 75f27a7befbf76f9-LHR
expires: Sat, 21 Oct 2023 09:51:35 GMT

POST
H3 200 installations Show response
firebaseinstallations.googleapis.com/v1/projects/canopyrenter-c53a7/ 627 B
520 B 521ms
411ms Fetch
application/json 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseinstallations.googleapis.com/v1/projects/canopyrenter-c53a7/installations

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/static/js/2.3dfecced.chunk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e11b3d0ab47aafc6054a99ca9d014e78dda239f9f75238c954d29ea446bd8283

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: application/json
Referer
x-goog-api-key: AIzaSyCxJ9o88k0qwWHMWQHuNEumBe6gNYnxK1s
accept-language: en-GB,en;q=0.9
x-firebase-client: eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjcuMzIgZmlyZS1jb3JlLWVzbTIwMTcvMC43LjMyIGZpcmUtanMvIGZpcmUtaWlkLzAuNS4xMiBmaXJlLWlpZC1lc20yMDE3LzAuNS4xMiBmaXJlLWFuYWx5dGljcy8wLjguMCBmaXJlLWFuYWx5dGljcy1lc20yMDE3LzAuOC4wIGZpcmUtanMtYWxsLWFwcC85LjkuNCIsImRhdGVzIjpbIjIwMjItMTAtMjQiXX1dfQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
content-type: application/json

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://app.canopy.rent
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 497
x-xss-protection: 0

OPTIONS
H2 200 installations
firebaseinstallations.googleapis.com/v1/projects/canopyrenter-c53a7/ Frame 0
0 193ms
62ms Preflight
text/html 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseinstallations.googleapis.com/v1/projects/canopyrenter-c53a7/installations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method: POST
Origin: https://app.canopy.rent
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://app.canopy.rent
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Mon, 24 Oct 2022 11:47:34 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 6740 0
571 B 649ms
214ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 0
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 6740 0
570 B 649ms
214ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 6740 526 B
1 KB 59ms
58ms Script
text/javascript 13.225.78.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.123 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-123.fra2.r.cloudfront.net

Software

Cloudfront /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Mon, 24 Oct 2022 11:03:56 GMT
x-content-type-options: nosniff
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 2631
x-cache: Hit from cloudfront
content-length: 526
last-modified: Tue, 18 Oct 2022 00:21:57 GMT
server: Cloudfront
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 5cmsWAi46nCadKxStNeYal1RrZnELKBEvEJ8nTsH_TpZXogmsamCbQ==

GET
H2 200 config Show response
insurestreet.zendesk.com/embeddable/ Frame 0B15 678 B
932 B 172ms
68ms Fetch
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://insurestreet.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-e02dceabb69d6ba4a66a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.51.111 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3830186424bb67c7f4963dac71fa2788dcceda069d703a76a211818523345abd

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 38
x-zendesk-origin-server: embeddable-app-server-7fc664bb88-l2hdv
x-cached: STALE
x-request-id: 75f247d4fb6bdce3-LHR
x-runtime: 0.001702
last-modified: Mon, 24 Oct 2022 11:46:56 GMT
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 75f27a7d187adc7f-LHR

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 5D7A 930 B
2 KB 195ms
58ms Document
text/html 2600:9000:20eb:9a00:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20eb:9a00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 186
cache-control: max-age=300, public
content-length: 930
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 24 Oct 2022 11:45:53 GMT
etag: "fc2e029628f163bb59adc6fa5a31161c"
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
x-amz-cf-id: OjexvmbL8IUAiJj4xhpdJ0HpCaL8OA5-8CWOPa7aEvbG2pwaUbB3gg==
x-amz-cf-pop: FRA2-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 166ms
55ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=485745345895374&ev=PageView&dl=https%3A%2F%2Fapp.canopy.rent%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&rl=&if=false&ts=1666612054493&sw=1600&sh=1200&v=2.9.87&r=stable&ec=0&o=30&fbp=fb.1.1666612054491.1031237333&it=1666612054337&coo=false&rqm=GET

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 24 Oct 2022 11:47:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 167ms
56ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=485745345895374&ev=ViewContent&dl=https%3A%2F%2Fapp.canopy.rent%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&rl=&if=false&ts=1666612054494&cd[PreviousContentID]=%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&cd[ContentID]=%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&sw=1600&sh=1200&v=2.9.87&r=stable&ec=1&o=30&fbp=fb.1.1666612054491.1031237333&it=1666612054337&coo=false&rqm=GET

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 24 Oct 2022 11:47:34 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 web-widget-messenger-6addd0b.js Show response
static.zdassets.com/web_widget/latest/messenger/ Frame 0B15 14 KB
4 KB 56ms
56ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-6addd0b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-e02dceabb69d6ba4a66a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58ebae669e67ea8e80494b2c592e19c14b6ebc5146c2cabd1fe1bbbd873dcc51

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
x-amz-version-id: tmUhQQ90ceZl1V08BgS8Fz16TS7LPfb0
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: Q7W92AR6GVMJZA26
age: 40522
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: t8Du8iGT0UV9Um6mzg83K7qL8zEkT88uftowDwXkIk47Mwdkcuag43oEXdV7six/OxllzlEv3Xo=
last-modified: Fri, 21 Oct 2022 09:52:03 GMT
server: cloudflare
etag: W/"be304f1126f6bcd0468b2a228423e435"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 75f27a7d8b3776f9-LHR
expires: Sat, 21 Oct 2023 09:52:02 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
66 KB 188ms
72ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-PTSFZ17CJW

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/static/js/2.3dfecced.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8e393433289d0b33591893baa8f1c4c38b19fe449ec69729fce2e6e27ebbc647

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 66860
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 24 Oct 2022 11:47:34 GMT

POST
H2 200 csp-report
q.stripe.com/ Frame 5D7A 0
344 B 387ms
215ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Mon, 24 Oct 2022 11:47:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
server: nginx
cross-origin-opener-policy: same-origin
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
x-robots-tag: none
content-length: 0
expires: 0

GET
H2 200 out-4.5.42.js Show response
m.stripe.network/ Frame 5D7A 86 KB
14 KB 67ms
67ms Script
text/javascript 2600:9000:20eb:9a00:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.42.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20eb:9a00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 24 Oct 2022 11:46:55 GMT
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
server: Cloudfront
via: 1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
etag: W/"21df7244385e5c0bdf32da01d0dad6c0"
age: 43
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
x-amz-cf-id: 4LfFRwNcKAmIIXRQEShvY6y5hMcaw2TkifT7ZITSKa6TzNPw_waYbg==

GET
H2 200 web-widget-447-6addd0b.js Show response
static.zdassets.com/web_widget/latest/messenger/ Frame 0B15 392 KB
124 KB 69ms
69ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/messenger/web-widget-447-6addd0b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-6addd0b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5886d0574ef4b74b22c1e28e43de05c4b3190e735abc011f54a50ab76fe591e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
x-amz-version-id: aXaLHUUrOQZLgr8m5bia7i1N.cNILHal
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: Q7WD3FH8W2E036FZ
age: 40522
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: LCddfRqjoxOocHconwPoi7mTLqL+FCP2CRGnA8o/HKvUTE+DfcxwCqLC8yQ8Z1SY2mN4OryyOaQ=
last-modified: Fri, 21 Oct 2022 09:52:03 GMT
server: cloudflare
etag: W/"16c884d4969f1f0d496fb8796c125c2b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 75f27a7e5cd976f9-LHR
expires: Sat, 21 Oct 2023 09:52:02 GMT

GET
H2 200 web-widget-3245-6addd0b.js Show response
static.zdassets.com/web_widget/latest/messenger/ Frame 0B15 184 KB
43 KB 66ms
66ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/messenger/web-widget-3245-6addd0b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-6addd0b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74a4aac121b619602249aa70d58c0233ed13bbfc47adfdbf011545ac4099af3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:34 GMT
x-amz-version-id: ujBW2lBWUeZA8Oh7KT591ob.SL.a8Um6
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: Q7WE4T03TSC3HED8
age: 40522
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: P7s94MLkvesqkcNDtxcx77yO4+f1SjGCGCoFkOA769mNSsIiTE3hFqSJj0s4HVQCxuLQmN7ndN0=
last-modified: Fri, 21 Oct 2022 09:52:03 GMT
server: cloudflare
etag: W/"c2b585205e7dde71004512387858febf"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 75f27a7e5cdc76f9-LHR
expires: Sat, 21 Oct 2023 09:52:02 GMT

POST
H2 200 6 Show response
m.stripe.com/ Frame 5D7A 156 B
523 B 722ms
289ms XHR
application/json 52.41.97.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.41.97.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-41-97-242.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

43f97c2f52dd3ea2c7ce5d85b5074cff18b5ceba6e5ac2d3b915f2ea0ba67406

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: nginx
content-type: application/json;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 Effra-Regular.a676a80f.ttf
app.canopy.rent/static/media/ 96 KB
98 KB 191ms
191ms Font
application/octet-stream 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/static/media/Effra-Regular.a676a80f.ttf

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f2fdffadde5ebd39ff053c431ff7dc14021d909a7f6b04693a922115ab2f068d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
Origin: https://app.canopy.rent
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: tAsrN25BHa.zn.DrM8UZ.hiypYXHcu_z
date: Mon, 24 Oct 2022 11:47:35 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 98236
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:26 GMT
server: AmazonS3
etag: "2556d7a29ab01dc80b96eb824a049df6"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: application/octet-stream
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
access-control-allow-origin: https://app.canopy.rent
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
access-control-allow-credentials: true
accept-ranges: bytes
x-amz-cf-id: 1pbmFptN-vltAPW8ZTIZ41v1Kbb7lpSmhRA5AUqQplf6ASwcGUJzmQ==

GET
H2 200 Effra-Bold.8dcaf627.ttf
app.canopy.rent/static/media/ 96 KB
98 KB 200ms
198ms Font
application/octet-stream 2600:9000:21f3:d400:1f:f09:c880:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.canopy.rent/static/media/Effra-Bold.8dcaf627.ttf

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:d400:1f:f09:c880:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

423ff1d277bd6036cb39b7a56eaaedc5db5f03134b4d825a9d66ecdda17b39e4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a
Origin: https://app.canopy.rent
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: jkGu75R5Iym0vfzXwIEqMKkQtYsC3DE7
date: Mon, 24 Oct 2022 11:47:35 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b0.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://*.google-analytics.com https://*.googleapis.com https://*.js.strip https://*.zopim.com https://*.sprig.com https://*.googletagmanager.com https://*.zdassets.com https://*.usersnap.com https://*.stripe.com https://*.facebook.net https://*.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://*.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://*.usersnap.com;object-src 'none';frame-src 'self' https://*.amazonaws.com https://*.findyourcanopy.com https://*.googletagmanager.com https://*.stripe.com https://*.plaid.com https://*.usersnap.com;child-src 'self' https://*.googletagmanager.com https://js.stripe.com https://*.usersnap.com;img-src 'self' data: blob: https: *.usersnap.com;font-src 'self' data: https: *.usersnap.com *.gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://*.google.com;media-src 'self' https://*.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://*.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
nel: {"report_to":"default","max_age":31536000,"include_subdomains":true}
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA2-C2
x-permitted-cross-domain-policies: none
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:822571924046:build/production-frontend-selva:6e50e176-3c67-4566-bf1e-41b174186243
x-cache: RefreshHit from cloudfront
x-amz-meta-codebuild-content-md5: 2d32876f60d92d14a2f03ef91af80622
content-length: 97848
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 19 Oct 2022 18:49:26 GMT
server: AmazonS3
etag: "ba2d1272827c166ad5905d299caa1096"
expect-ct: max-age=604800, report-uri="https://canopy.report-uri.com/r/d/ct/enforce"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
x-amz-meta-codebuild-content-sha256: 055bbf4f7ed7fe64c3a833ac784137664f3bd6965c0ab04668336e41124d7977
content-type: application/octet-stream
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://canopy.report-uri.com/a/d/g"}],"include_subdomains":true}
access-control-allow-origin: https://app.canopy.rent
feature-policy: microphone 'none'; camera 'none'; geolocation 'self';
access-control-allow-credentials: true
accept-ranges: bytes
x-amz-cf-id: NC9v31CtISBEz3RGYfv9ODxYcz-DOK88B3rahdnnEJKr5op0Cpjcbw==

GET
H2 200 en-us-json-6addd0b.js Show response
static.zdassets.com/web_widget/latest/messenger/web-widget-locales/messenger/ Frame 0B15 10 KB
2 KB 75ms
75ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/messenger/web-widget-locales/messenger/en-us-json-6addd0b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-6addd0b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eae1624bc2b093db7aed7fdab996877d69bc2baa5996c819d604f7b8b016878e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
x-amz-version-id: uYgsWhTPv8LsUir96Udjc6854BorrEwL
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: BPEJRJ4611MGWZX3
age: 40506
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: 4b9HMJPpro8uAmwDqm5DZ0coyFMUifGd97QWU/AnvGr0Iz80/TUpkF+dz0ZdKJBUat2Lmjkyig0=
last-modified: Fri, 21 Oct 2022 09:52:04 GMT
server: cloudflare
etag: W/"5736729c4ee91e51558295ab68ab9c2b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 75f27a7f9f7076f9-LHR
expires: Sat, 21 Oct 2023 09:52:03 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
347 B 179ms
60ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-PTSFZ17CJW&gtm=2oeaj0&_p=1119159201&_gaz=1&_fid=dAIDeVqgWGI-_5pV77M_lG&cid=1254241944.1666612055&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1666612054&sct=1&seg=0&dl=https%3A%2F%2Fapp.canopy.rent%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&dt=Canopy&en=page_view&_fv=2&_nsi=1&_ss=1&_ee=1&ep.origin=firebase
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-PTSFZ17CJW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Oct 2022 11:47:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://app.canopy.rent
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
347 B 171ms
56ms Ping
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-PTSFZ17CJW&cid=1254241944.1666612055&gtm=2oeaj0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-PTSFZ17CJW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Oct 2022 11:47:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://app.canopy.rent
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 212ms
81ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-PTSFZ17CJW&cid=1254241944.1666612055&gtm=2oeaj0&aip=1&z=1813713096

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Oct 2022 11:47:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.facebook.com/tr/
Redirect Chain

https://www.facebook.com/tr/?id=485745345895374&ev=Microdata&dl=https%3A%2F%2Fapp.canopy.rent%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&rl=&if=false&ts=1666612055003&cd[...
https://www.facebook.com/tr/?cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Canopy%22%2C%22meta%3Adescription%22%3A%22Be%20rent%20ready%20with%20Canopy!%20Easy%20references%2C...

0
15 B

54ms
54ms

Image
text/plain

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Canopy%22%2C%22meta%3Adescription%22%3A%22Be%20rent%20ready%20with%20Canopy!%20Easy%20references%2C%20great%20offers%20%26%20credit%20history%20boosts.%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22Canopy%22%2C%22og%3Adescription%22%3A%22Be%20rent%20ready%20with%20Canopy!%20Easy%20references%2C%20great%20offers%20%26%20credit%20history%20boosts.%22%2C%22og%3Aimage%22%3A%22%2Ffavicons%2Fcanopy-og.png%3Fv%3Dngj3bb3jOR%22%2C%22twitter%3Aurl%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&coo=false&dl=https%3A%2F%2Fapp.canopy.rent%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&ec=2&es=automatic&ev=Microdata&fbp=fb.1.1666612054491.1031237333&id=485745345895374&if=false&it=1666612054337&o=30&r=stable&redirect=0&rl=&rqm=GET&sh=1200&sw=1600&tm=3&ts=1666612055003&v=2.9.87

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/references/employer-submit/eda5458e-9f3c-48b0-af76-f38b69d0ee1a

Protocol

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 24 Oct 2022 11:47:35 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

Redirect headers

pragma: no-cache
date: Mon, 24 Oct 2022 11:47:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
content-type: text/plain
location: /tr/?cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Canopy%22%2C%22meta%3Adescription%22%3A%22Be%20rent%20ready%20with%20Canopy!%20Easy%20references%2C%20great%20offers%20%26%20credit%20history%20boosts.%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22Canopy%22%2C%22og%3Adescription%22%3A%22Be%20rent%20ready%20with%20Canopy!%20Easy%20references%2C%20great%20offers%20%26%20credit%20history%20boosts.%22%2C%22og%3Aimage%22%3A%22%2Ffavicons%2Fcanopy-og.png%3Fv%3Dngj3bb3jOR%22%2C%22twitter%3Aurl%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&coo=false&dl=https%3A%2F%2Fapp.canopy.rent%2Freferences%2Femployer-submit%2Feda5458e-9f3c-48b0-af76-f38b69d0ee1a&ec=2&es=automatic&ev=Microdata&fbp=fb.1.1666612054491.1031237333&id=485745345895374&if=false&it=1666612054337&o=30&r=stable&redirect=0&rl=&rqm=GET&sh=1200&sw=1600&tm=3&ts=1666612055003&v=2.9.87
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i
expires: 0

GET
H2 200 web-widget-6965-6addd0b.js Show response
static.zdassets.com/web_widget/latest/messenger/ Frame 0B15 139 KB
46 KB 69ms
68ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/messenger/web-widget-6965-6addd0b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-6addd0b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2bdb33defe4c63e549037d3294462ae4c5913d793affd48ab60562d6b8062ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
x-amz-version-id: YevgWNhPd04oUX7eFB5Nh3QzIQPTH0Ag
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: Q7W20QKW6CZSMKY1
age: 40523
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: yUgJqJXBpiMo6KtFX88MazF54xZ9YLIJqVL8JYNXNB4ZXQk25inR8+6TZ90gamlSQhriYVKm3zY=
last-modified: Fri, 21 Oct 2022 09:52:03 GMT
server: cloudflare
etag: W/"94893c94656a16938d2cfa70a87f063f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 75f27a80286e76f9-LHR
expires: Sat, 21 Oct 2023 09:52:02 GMT

GET
H2 200 web-widget-9809-6addd0b.js Show response
static.zdassets.com/web_widget/latest/messenger/ Frame 0B15 28 KB
9 KB 58ms
57ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/messenger/web-widget-9809-6addd0b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-6addd0b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2510b807540118c7902fc2a55344cb5b8be791d830c6e37cecdb70f30125b034

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
x-amz-version-id: dE4mR5dPIA6yPnE2N5p8IizAXTcOQzmE
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: Q7W503YBQ84YY27R
age: 40523
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: jXd/WyUdwNNKjCy3M8jZun0wUT/Uhw46qN8lSo6n/Faagxbjr8TSwmPBBPufoIdkiRW6z3D4k4o=
last-modified: Fri, 21 Oct 2022 09:52:03 GMT
server: cloudflare
etag: W/"7f90e3a97a3bcf5c1aab74f58af70fcf"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 75f27a80287076f9-LHR
expires: Sat, 21 Oct 2023 09:52:02 GMT

GET
H2 200 web-widget-9865-6addd0b.js Show response
static.zdassets.com/web_widget/latest/messenger/ Frame 0B15 13 KB
3 KB 57ms
56ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/messenger/web-widget-9865-6addd0b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-6addd0b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

929e0a531f16371620c4a2396db4153999408702a012cb39001317f926095918

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
x-amz-version-id: R3uw9kYg4xtuXkagEUKuGR44uwnQ7gjD
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: Q7W7PAT9S46BRQ1D
age: 40523
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: HPcd02XgQHbZl8jXi4IrGwcD+OAiqXk59Cuma6AKJF8o7OwK/RWl/gd2xpielBXEPiMSRbfG+zI=
last-modified: Fri, 21 Oct 2022 09:52:03 GMT
server: cloudflare
etag: W/"cf86837f58ab2fd498ae42b921447f01"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 75f27a80287376f9-LHR
expires: Sat, 21 Oct 2023 09:52:02 GMT

GET
H2 200 web-widget-3323-6addd0b.js Show response
static.zdassets.com/web_widget/latest/messenger/ Frame 0B15 26 KB
7 KB 59ms
59ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/latest/messenger/web-widget-3323-6addd0b.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/messenger/web-widget-messenger-6addd0b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41b1ae10b7b5faa4678f0efb67c7e5b9efdc2485949a8c2015e0f4459a2d5be3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
x-amz-version-id: hnY8hxCJbm.9qz.GowmmFERAJnHiWfXd
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=0
x-amz-request-id: Q7WBKXR920QTCN1T
age: 40523
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Xen29txvBjUEp4zXyTiFdl2BSVOrsyzxd7bncSxV9TM9upCD5DbFtxWpluqNBgGUWHbuDnULMBk=
last-modified: Fri, 21 Oct 2022 09:52:03 GMT
server: cloudflare
etag: W/"780eacc3ecef5fe104cde6028cd45222"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 75f27a80287476f9-LHR
expires: Sat, 21 Oct 2023 09:52:02 GMT

GET
H2 200 embeddable_blip
insurestreet.zendesk.com/ Frame 0B15 0
0 78ms
78ms Fetch 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://insurestreet.zendesk.com/embeddable_blip?type=pageView&data=eyJjaGFubmVsIjoid2ViX21lc3NlbmdlciIsInBhZ2VWaWV3Ijp7InRpbWUiOjEwMCwibG9hZFRpbWUiOjY1LjY5OTk5OTgwOTI2NTE0LCJuYXZpZ2F0b3JMYW5ndWFnZSI6ImVuLVVTIiwicGFnZVRpdGxlIjoiQ2Fub3B5IiwidXNlckFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNi4wLjUyNDkuMTE5IFNhZmFyaS81MzcuMzYiLCJpc01vYmlsZSI6ZmFsc2UsImlzUmVzcG9uc2l2ZSI6dHJ1ZSwidmlld3BvcnRNZXRhIjoid2lkdGg9ZGV2aWNlLXdpZHRoLCBpbml0aWFsLXNjYWxlPTEsIHNocmluay10by1maXQ9bm8iLCJoZWxwQ2VudGVyRGVkdXAiOmZhbHNlLCJyZWZlcnJlciI6Imh0dHBzOi8vYXBwLmNhbm9weS5yZW50L3JlZmVyZW5jZXMvZW1wbG95ZXItc3VibWl0L2VkYTU0NThlLTlmM2MtNDhiMC1hZjc2LWYzOGI2OWQwZWUxYSJ9LCJidWlkIjoiMTRmNDI4MmYwM2ZkNDkxYTg2ZGZkZTc0MThlMjFjMzMiLCJzdWlkIjoiYWNhNDA1ZjRjODUxNDJjNjlhMDE3ODA0Njc5NzRkNTMiLCJ2ZXJzaW9uIjoiNmFkZGQwYiIsInRpbWVzdGFtcCI6IjIwMjItMTAtMjRUMTE6NDc6MzUuMDU0WiIsInVybCI6Imh0dHBzOi8vYXBwLmNhbm9weS5yZW50L3JlZmVyZW5jZXMvZW1wbG95ZXItc3VibWl0L2VkYTU0NThlLTlmM2MtNDhiMC1hZjc2LWYzOGI2OWQwZWUxYSJ9
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-e02dceabb69d6ba4a66a.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.51.111 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
cf-cache-status: MISS
last-modified: Mon, 24 Oct 2022 11:47:35 GMT
server: cloudflare
x-zendesk-zorg: yes
vary: Origin, Accept-Encoding
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 75f27a803ea4dc7f-LHR
content-length: 0
x-request-id: 75f27a803ea4dc7f-LHR

GET
DATA 200
OK truncated
/ Frame BFA8 370 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b58cf763adace244285a1f020956817d3d8ea8948056c63b783bdb1d4a258d1b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 200 firebase:fetch Show response
firebaseremoteconfig.googleapis.com/v1/projects/canopyrenter-c53a7/namespaces/ 9 KB
3 KB 351ms
242ms Fetch
application/json 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseremoteconfig.googleapis.com/v1/projects/canopyrenter-c53a7/namespaces/firebase:fetch?key=AIzaSyCxJ9o88k0qwWHMWQHuNEumBe6gNYnxK1s

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/static/js/2.3dfecced.chunk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

82b6cc67698a9b10082bc263dc115b488ab6566c445f68a18f4360c6b9d28426

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Content-Encoding: gzip
Referer
If-None-Match: *
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
etag: etag-canopyrenter-c53a7-firebase-fetch--1556732983
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://app.canopy.rent
access-control-expose-headers: etag,vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2609
x-xss-protection: 0

OPTIONS
H2 200 firebase:fetch
firebaseremoteconfig.googleapis.com/v1/projects/canopyrenter-c53a7/namespaces/ Frame 0
0 196ms
62ms Preflight
text/html 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseremoteconfig.googleapis.com/v1/projects/canopyrenter-c53a7/namespaces/firebase:fetch?key=AIzaSyCxJ9o88k0qwWHMWQHuNEumBe6gNYnxK1s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-encoding,content-type,if-none-match
Access-Control-Request-Method: POST
Origin: https://app.canopy.rent
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-headers: content-encoding,content-type,if-none-match
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://app.canopy.rent
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Mon, 24 Oct 2022 11:47:35 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 fireperf:fetch Show response
firebaseremoteconfig.googleapis.com/v1/projects/canopyrenter-c53a7/namespaces/ 1 KB
470 B 357ms
248ms Fetch
application/json 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseremoteconfig.googleapis.com/v1/projects/canopyrenter-c53a7/namespaces/fireperf:fetch?key=AIzaSyCxJ9o88k0qwWHMWQHuNEumBe6gNYnxK1s

Requested by

Host: app.canopy.rent
URL: https://app.canopy.rent/static/js/2.3dfecced.chunk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3747cf0e2d506115740c1315020742baa050de3d3b90b114c281047fe6587cb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
accept-language: en-GB,en;q=0.9
Authorization: FIREBASE_INSTALLATIONS_AUTH eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBJZCI6IjE6MTAxMjcyNDY0Mjk1Mzp3ZWI6YzMyYzExMTU0NzQ1ODZjMzI0YzI1OCIsImV4cCI6MTY2NzIxNjg1NSwiZmlkIjoiZEFJRGVWcWdXR0ktXzVwVjc3TV9sRyIsInByb2plY3ROdW1iZXIiOjEwMTI3MjQ2NDI5NTN9.AB2LPV8wRQIgXzzq8eikgL2Mnjshcrlm6hSmsQ91_tExnDFwre2K3joCIQDE7RoRaFwN2r7qK8mMzqlmkjhMP_k8KzigW_V9EnCn7w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 24 Oct 2022 11:47:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
etag: etag-canopyrenter-c53a7-fireperf-fetch--1223602812
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://app.canopy.rent
access-control-expose-headers: etag,vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 446
x-xss-protection: 0

OPTIONS
H2 200 fireperf:fetch
firebaseremoteconfig.googleapis.com/v1/projects/canopyrenter-c53a7/namespaces/ Frame 0
0 94ms
62ms Preflight
text/html 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseremoteconfig.googleapis.com/v1/projects/canopyrenter-c53a7/namespaces/fireperf:fetch?key=AIzaSyCxJ9o88k0qwWHMWQHuNEumBe6gNYnxK1s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: POST
Origin: https://app.canopy.rent
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-headers: authorization
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://app.canopy.rent
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Mon, 24 Oct 2022 11:47:35 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 f0a6a22055117c511a5e.js Show response
resources.usersnap.com/widget-assets/js/entries/globalSetup/ Frame 7ABC 588 KB
134 KB 62ms
61ms Script
application/javascript 13.225.78.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.usersnap.com/widget-assets/js/entries/globalSetup/f0a6a22055117c511a5e.js
Requested by: Host: widget.usersnap.com
URL: https://widget.usersnap.com/global/load/929bdd28-64f9-43fe-ac62-91c47d199724?onload=onUserSnapCXLoad&n=N8C9/pJVtmF1nzpV0mYhvA==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-75.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 91e97fa63bc84932971683864b18295da59c21853289d3b3e84914e23569e87b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 10:33:27 GMT
content-encoding: br
via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
last-modified: Mon, 24 Oct 2022 10:12:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 4449
etag: W/"e161ff4a8a601e7d17d8f79ec4b3ad14"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-id: pmbKJZqplyEBH7ClaEZvA9A3dQ5pzSW_Kyolw932K2dOshpiydR-eA==

GET
H2 200 2212378e2fc4815deae5.js Show response
resources.usersnap.com/widget-assets/js/entries/setup/ Frame FAA3 627 KB
146 KB 62ms
60ms Script
application/javascript 13.225.78.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.usersnap.com/widget-assets/js/entries/setup/2212378e2fc4815deae5.js
Requested by: Host: resources.usersnap.com
URL: https://resources.usersnap.com/widget-assets/js/entries/globalSetup/f0a6a22055117c511a5e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-75.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d77cece4fc573bb649547b5eff4cb6d03cb3e68f508c3f4908ad1764abdebb14

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 10:33:27 GMT
content-encoding: br
via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
last-modified: Mon, 24 Oct 2022 10:12:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 4449
etag: W/"194d6ee1422631d148d4299dc33ecb25"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-id: uUc8b6CO-lLGYIzITqbKR6vYsunU5DZZroUPApQzBF0jnpOBhlu5CQ==

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.canopy.rent/	1970-01-20 09:06:28	Name: _fbp Value: fb.1.1666612054491.1031237333
.canopy.rent/	1970-01-20 16:32:52	Name: _ga Value: GA1.1.1254241944.1666612055
m.stripe.com/	1970-01-20 16:32:52	Name: m Value: 7977819d-268a-4a9e-8e5d-1d6fc7e4f652a4f7bc
.app.canopy.rent/	1970-01-20 15:42:28	Name: __stripe_mid Value: 35b80aea-6094-4f51-bcd2-de6397fc0767d767e2
.app.canopy.rent/	1970-01-20 06:56:53	Name: __stripe_sid Value: 90e47538-c5b8-43ac-a614-39913d88173123346a
.canopy.rent/	1970-01-20 16:32:52	Name: _ga_PTSFZ17CJW Value: GS1.1.1666612054.1.0.1666612055.59.0.0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'nonce-N8C9/pJVtmF1nzpV0mYhvA==' 'sha256-+mAigUEIFkW5w3/fMq9+XvCvGCOdmXzm9VmRYKRk1BQ=' 'sha256-EeXqIap0HkjWuG81MtOvCDv5WfOBtVIQoEUibr6Dn6A=' 'sha256-3QntWuBOhpc1iaqyGiJ94pZVnwjbK4fwVTP2awVIwjw=' 'sha256-yx1FMFZJTBdS4/v0dBZuVPEGhcDzstXFYEUFGEOc3aw=' https://api.smooch.io https://assets.zendesk.com https://.google-analytics.com https://.googleapis.com https://.js.strip https://.zopim.com https://.sprig.com https://.googletagmanager.com https://.zdassets.com https://.usersnap.com https://.stripe.com https://.facebook.net https://.plaid.com https://widget.usersnap.com;style-src 'self' 'report-sample' 'unsafe-inline' https://v2.zopim.com https://.zdassets.com https://www.googletagmanager.com https://tagmanager.google.com https://.googleapis.com https://.usersnap.com;object-src 'none';frame-src 'self' https://.amazonaws.com https://.findyourcanopy.com https://.googletagmanager.com https://.stripe.com https://.plaid.com https://.usersnap.com;child-src 'self' https://.googletagmanager.com https://js.stripe.com https://.usersnap.com;img-src 'self' data: blob: https: .usersnap.com;font-src 'self' data: https: .usersnap.com .gstatic.com;connect-src 'self' https: wss: about:;manifest-src 'self';base-uri 'self';form-action 'self' https://.google.com;media-src 'self' https://.zdassets.com https://v2.zopim.com;prefetch-src 'self' https://.plaid.com;worker-src 'self' blob: https://www.google.com;report-uri https://canopy.report-uri.com/r/d/csp/enforce;report-to default;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.canopy.rent
backend-prod.canopy.rent
connect.facebook.net
ekr.zdassets.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
firebaseremoteconfig.googleapis.com
insurestreet.zendesk.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
region1.analytics.google.com
resources.usersnap.com
static.zdassets.com
stats.g.doubleclick.net
widget.usersnap.com
www.facebook.com
www.google.de
www.googletagmanager.com
104.16.51.111
104.18.70.113
13.225.78.123
13.225.78.75
2001:4860:4802:32::36
2600:9000:20eb:9a00:19:7d10:bd80:93a1
2600:9000:21f3:d400:1f:f09:c880:93a1
2a00:1450:4001:80e::200a
2a00:1450:4001:827::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:830::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c0a::9a
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
3.248.45.153
35.158.159.232
52.41.97.242
54.187.119.242
01d9de2d59776956db36e4d3599f4d039bd9f9be7371313966217773302d2fe7
02eca992d254715cc49eaa993560e01a7eaedab01aa7985b56e324446d0165a8
05e81951cb0bc3f592e60a131ac3805cbc7a000867817e1b74af8f47be1529ba
15197df810cf88af37e79079d095a62d3f0e3961f5eac631f2a42ea33fd0c174
1e266511a00a04e8a2305706741c7ffdbddca4daf85c17628342995aa970f903
2510b807540118c7902fc2a55344cb5b8be791d830c6e37cecdb70f30125b034
2ba4b0eccd39ce5d6e59203866f041839f4bc206fadfa8a0b6f7da35210abddf
310abe0b68c61c4d03db96ce83c039c1261e8cbacff3b55bdefa1c25935d608a
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
3747cf0e2d506115740c1315020742baa050de3d3b90b114c281047fe6587cb6
3830186424bb67c7f4963dac71fa2788dcceda069d703a76a211818523345abd
41b1ae10b7b5faa4678f0efb67c7e5b9efdc2485949a8c2015e0f4459a2d5be3
423ff1d277bd6036cb39b7a56eaaedc5db5f03134b4d825a9d66ecdda17b39e4
43f97c2f52dd3ea2c7ce5d85b5074cff18b5ceba6e5ac2d3b915f2ea0ba67406
46faf4707babe3c2dd9e9e4c5ec6b45edbf5cab9a1a85a6aa05665318a0e2c7d
5886d0574ef4b74b22c1e28e43de05c4b3190e735abc011f54a50ab76fe591e6
58ebae669e67ea8e80494b2c592e19c14b6ebc5146c2cabd1fe1bbbd873dcc51
709a59b22fb7d682e8f96006bd90e717ffad0b48ac6bf5b20093c005b47bc488
74a4aac121b619602249aa70d58c0233ed13bbfc47adfdbf011545ac4099af3c
82b6cc67698a9b10082bc263dc115b488ab6566c445f68a18f4360c6b9d28426
8316272fc6f8b812cf9ed7e9614b94217bbe9272091198766c8643127fb7ed0e
8830810d5926d206af9568b5a51b7cc3148fe4561cca1dcd5e083cc600aafa5d
8e393433289d0b33591893baa8f1c4c38b19fe449ec69729fce2e6e27ebbc647
91e97fa63bc84932971683864b18295da59c21853289d3b3e84914e23569e87b
929e0a531f16371620c4a2396db4153999408702a012cb39001317f926095918
9c8ae5877b8be11a8dd7c8a8eb4c14f24f932e6cdda13132bf28324906e135c8
a062bafde357f9074855bfb82ace90964d26d5e90b7332fac4fdcc1be704d5d7
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
ab22936fa5d83682e689ba4e7cfd301591a43bbc101ec24576375d39c009dc37
af07008ab062c330b756c0c297e9a76f93f68c5f051f48408ce9dac9a475d043
b58cf763adace244285a1f020956817d3d8ea8948056c63b783bdb1d4a258d1b
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
c2e7cf6c0a658f9d072c8fdcb23907cccfa23a28ea39d0af2e242dc88f9abb6c
c71a7bdc6e1f2f8875556b690007a65be9e5ae1fb285f76d85180c89a3fa52d2
cdd6c88a9725cfad3681dff79f0a4830fc4063169ceee9037663a2cd663d859b
d77cece4fc573bb649547b5eff4cb6d03cb3e68f508c3f4908ad1764abdebb14
d85277487764fd69a9543f4cfc220c76e1593252fa3ee560a2f70e6bffe66747
e11b3d0ab47aafc6054a99ca9d014e78dda239f9f75238c954d29ea446bd8283
e2bdb33defe4c63e549037d3294462ae4c5913d793affd48ab60562d6b8062ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8814f979fabccd152308465e0fbeb1194b6dbfe0e4d61a6923002b1f13386e2
eae1624bc2b093db7aed7fdab996877d69bc2baa5996c819d604f7b8b016878e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2fdffadde5ebd39ff053c431ff7dc14021d909a7f6b04693a922115ab2f068d
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
f663f4def9b8621652e14b7b1b4be9ba0337a9dbd69fed7e2ecc1829c69bd515
f8486cf55c57486f26236be045e02ada380d1ee0378008375cf54295c23954c8
fe7d7ad17b6733df1f4fc39f23c577e44d5dbb4c634370052faf0b21d9816051

app.canopy.rent Open in urlscan Pro 2600:9000:21f3:d400:1f:f09:c880:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

61 Requests

98 %HTTPS

58 %IPv6

13 Domains

20 Subdomains

20 IPs

5 Countries

2920 kBTransfer

10666 kBSize

6 Cookies

4 Outgoing links

Page URL History

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

app.canopy.rent Open in urlscan Pro
2600:9000:21f3:d400:1f:f09:c880:93a1 Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

98 %
HTTPS

58 %
IPv6

13
Domains

20
Subdomains

20
IPs

5
Countries

2920 kB
Transfer

10666 kB
Size

6
Cookies

61 HTTP transactions
1 data transactions