urlscan.io logo urlscan.io
SecurityTrails logo

app.blumira.com Open in urlscan Pro
2606:4700:20::ac43:44ce  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/query/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Effective URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Submission: On July 26 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 7 domains to perform 22 HTTP transactions. The main IP is 2606:4700:20::ac43:44ce, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.blumira.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 16th 2022. Valid for: a year.
This is the only time app.blumira.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:600... 54113 (FASTLY)
1 13.32.110.56 16509 (AMAZON-02)
4 2606:4700:20:... 13335 (CLOUDFLAR...)
1 35.188.42.15 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
3 143.204.103.120 16509 (AMAZON-02)
1 34.194.237.29 14618 (AMAZON-AES)
22 11
9    2606:4700:20::ac43:44ce (United States)

ASN13335 (CLOUDFLARENET, US)
app.blumira.com
1    2606:4700:3032::ac43:a9f7 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    13.32.110.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-56.vie50.r.cloudfront.net
cdn.heapanalytics.com
4    2606:4700:20::681a:f51 (United States)

ASN13335 (CLOUDFLARENET, US)
fea.blumira.com
1    35.188.42.15 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 15.42.188.35.bc.googleusercontent.com
sentry.io
1    2a00:1450:4001:830::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
blu-public-assets.storage.googleapis.com
3    143.204.103.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-103-120.fra50.r.cloudfront.net
cdn.auth0.com
1    34.194.237.29 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-237-29.compute-1.amazonaws.com
heapanalytics.com
Apex Domain
Subdomains		 Transfer
13 blumira.com
app.blumira.com
fea.blumira.com
2 MB
3 auth0.com
cdn.auth0.com — Cisco Umbrella Rank: 8519
5 KB
2 heapanalytics.com
cdn.heapanalytics.com — Cisco Umbrella Rank: 3247
heapanalytics.com — Cisco Umbrella Rank: 2711
44 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 72
blu-public-assets.storage.googleapis.com
8 KB
1 sentry.io
sentry.io — Cisco Umbrella Rank: 415
405 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 424
883 B
1 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 947
10 KB
22 7
Domain Requested by
9 app.blumira.com 1 redirects app.blumira.com
4 fea.blumira.com app.blumira.com
3 cdn.auth0.com app.blumira.com
1 heapanalytics.com app.blumira.com
1 blu-public-assets.storage.googleapis.com app.blumira.com
1 sentry.io app.blumira.com
1 cdn.heapanalytics.com app.blumira.com
1 cdn.jsdelivr.net app.blumira.com
1 fonts.googleapis.com app.blumira.com
1 use.fontawesome.com app.blumira.com
22 10

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-16 -
2023-05-16		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-07-04 -
2022-09-26		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-03-21 -
2023-04-22		 a year crt.sh
cdn.heapanalytics.com
Amazon		 2021-08-28 -
2022-09-26		 a year crt.sh
sentry.io
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-03 -
2023-07-04		 a year crt.sh
*.storage.googleapis.com
GTS CA 1C3		 2022-06-27 -
2022-09-19		 3 months crt.sh
*.auth0.com
Amazon		 2022-03-26 -
2023-04-24		 a year crt.sh
heapanalytics.com
Amazon		 2021-12-09 -
2023-01-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Frame ID: 18AF971CD6B1CDAFC60C5F07C2123B6A
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Blumira

Page URL History Show full URLs

  1. https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/query/findings/b4462f82-623e-481e-b55a-... HTTP 302
    https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • heap-\d+\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

22
Requests

100 %
HTTPS

60 %
IPv6

7
Domains

10
Subdomains

11
IPs

2
Countries

1714 kB
Transfer

6771 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/query/findings/b4462f82-623e-481e-b55a-e16c6541cac6 HTTP 302
    https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request b4462f82-623e-481e-b55a-e16c6541cac6
app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/
Redirect Chain
  • https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/query/findings/b4462f82-623e-481e-b55a-e16c6541cac6
  • https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:44ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
537dc7c2916ec5fb4a9c6ac9a0f16f1f8e24dc3880fe9b5008edb13f852dd998
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public,max-age=60
cf-cache-status
DYNAMIC
cf-ray
730f91e6ebd3bb86-FRA
content-encoding
br
content-security-policy
default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
content-type
text/html
date
Tue, 26 Jul 2022 19:33:57 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Tue, 26 Jul 2022 19:34:57 GMT
feature-policy
fullscreen 'self';camera 'none';geolocation 'none';microphone 'none'
last-modified
Mon, 06 Jun 2022 16:00:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0z3ClpM2wJJlONSwX8XFqEOH7wxmy0EuCRloCL%2FLhXDJdq01enLM4TfGxyXpExvfQUtBLfQA56wOD27uAbMsDzOQfT0U2qyUCgovZ9McE6ws7BaxIOx0IC1siIrWbtP3TzntEj67eniJFmgLwA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=5184000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-goog-generation
1654531242589270
x-goog-hash
crc32c=rm6nCg== md5=CaxQNQTecm0o73pYliEJnA==
x-goog-meta-blu-build
20220606T1554_4de4755
x-goog-meta-goog-reserved-file-mtime
1654531237
x-goog-metageneration
2
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
3790
x-guploader-uploadid
ADPycdt5p1-S291iSXckTrgaD8JkO_OryU0wo12w5qMyHc1URGOu5_kBjc9Olc2nnpbFVmlr8GytYL0ex3k-R31JNH0AIrm7wu1d
x-xss-protection
1; mode=block

Redirect headers

cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
730f91e69b56bb86-FRA
date
Tue, 26 Jul 2022 19:33:56 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 01 Jan 1970 00:00:01 GMT
location
https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Z1A9KmzKyYUdNZO4C7RZFCMAYP%2FaGaFkZgC1YvH2dmCakpFheD1QsbrPASMPWBDXRm5HDxw1QPCM8XNr7SHzXeb4R4W%2FKocfop%2BP9xCSxteer3Eo%2BAYY%2FjY7RGiwaCsr9yND3ElA3%2FklDxlvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
NUJbt9HWUohVtRnGpyA_dMNWDP4.js
app.blumira.com/cdn-cgi/apps/head/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.blumira.com/cdn-cgi/apps/head/NUJbt9HWUohVtRnGpyA_dMNWDP4.js
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:44ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
704726e5e3bb62cd689198651729e1e7786fe2427d502627c6d7215edac7fe1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 19:33:57 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
7GTHW6ZYXRTWM060
x-amz-version-id
pbgYBmSoImqFQKGOGN3qv4.6qW.YGsWE
x-amz-id-2
qh++SXH4DslX9qGpsSp773MAOTPh124DfRrIYvqA8Sex0Ws7EQ6WVPszO6uTVvHWzKb3FuyMNwc=
last-modified
Thu, 02 Jul 2020 00:55:36 GMT
server
cloudflare
etag
W/"80912342359954be6ed0bf06f8813368"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APNNfVURzBw6WfF6MhGrz13naIrYAa6ZD80uttdAKU1ZHKlwPWK6MoaG5ZdZp8r07vm5sDUCrYWE1Opk0xXeRczd539IeSsGHfUYkF9%2FX%2Bro4liZ6rUPObaX9ZlIEy9dwKfv1bK4Ay1S93DggA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
730f91e9f951bb86-FRA
all.css
use.fontawesome.com/releases/v5.1.0/css/ 		45 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.1.0/css/all.css
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550

Request headers

Referer
Origin
https://app.blumira.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 19:33:57 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
7GTH60THJGYCEH5R
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
BOBO7IWCIM7HN3X/yFV7d9qj+YqXA+f9EOjJUhH+fFgYHwjr21YMa2LNiHEJpuX5p7M5W3MqRTA=
last-modified
Wed, 30 Jun 2021 15:30:31 GMT
server
cloudflare
etag
W/"826c57385f3d35cfed5478ba7b1f5c03"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwu4j17B4L8IpZ2SEmYxK4DM0OjvG%2FJWpQ77rE%2BhfAPT3PfEki6i1wl43Zf%2Bmb4Zpd8S8%2B7LU1u15NXVUNxlmO6GRh6QH8Ciik6rCxD67gjzFgQlUdc4NFoZ1xoR8SmMF1bGnop2T3qX4skRHr8I3Kw6"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
730f91ea88a4927a-FRA
css2
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:ital@0;1&family=Prompt:ital,wght@0,700;1,700&display=swap
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3d77a621db9879b9574ac3c06bf0069802f36a8def023995809e23a7bb69ec50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 26 Jul 2022 19:33:57 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 26 Jul 2022 19:33:57 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 26 Jul 2022 19:33:57 GMT
text-security.min.css
cdn.jsdelivr.net/npm/text-security@3.2.1/ 		2 KB
883 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/text-security@3.2.1/text-security.min.css
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
76e800086349d60e53a18f6bf0861488b1652b63c683d3cc3aba4175b0c15f5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
1830739
x-jsd-version
3.2.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
425
etag
W/"71e-Xb7QbA+S1+sbJFl0d/aigZ/uK9s"
x-served-by
cache-fra19169-FRA, cache-ams21047-AMS
x-jsd-version-type
version
date
Tue, 26 Jul 2022 19:33:57 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
2.983e521a.chunk.css
app.blumira.com/static/css/ 		173 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.blumira.com/static/css/2.983e521a.chunk.css
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:44ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
361f7029135146afb51a2f440a86aa545c591d0a965e2508d3e4082862bb3c38
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-goog-hash
crc32c=gC9K1Q==, md5=OtzMfH5YzUbu+HuPTVW0FQ==
date
Tue, 26 Jul 2022 19:33:57 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1654531237
age
0
x-guploader-uploadid
ADPycdtjRMoMCXo0C1ZiZjvoML5mVgO4-4JDIRe47lCoDRJGNrV1fdpNCvP1FKjg4g3bKPGTGL2YQIhRVLTb02jDdBC93w
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
vary
Origin
x-xss-protection
1; mode=block
x-goog-meta-blu-build
20220606T1554_4de4755
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 16:00:43 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"3adccc7c7e58cd46eef87b8f4d55b415"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=5184000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vr4ASxFDGVcKn8oEVD2kPD4ScmcXuI7GQITMrkrSdsRtYGxnv4Tty3nxvaIH1%2FKHOHnhVfnqd7jlzTNc%2BpdXQOYWJyM2AYny6QIgskeX%2Bo7Nqm5Y076xqdap4xN4ytrIdR1OUS6ARJiR7N3BZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1654531243031972
content-type
text/css
cache-control
public,max-age=1200
feature-policy
fullscreen 'self';camera 'none';geolocation 'none';microphone 'none'
x-goog-stored-content-length
177513
content-security-policy
default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
cf-ray
730f91e9f954bb86-FRA
expires
Tue, 26 Jul 2022 19:53:57 GMT
main.8556a394.chunk.css
app.blumira.com/static/css/ 		237 KB
42 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.blumira.com/static/css/main.8556a394.chunk.css
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:44ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b31be4c92a3dec11340e23cf848aaf017d0b53e471d68741598c7c48018033f3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-goog-hash
crc32c=FP/zxw==, md5=bdHiFFDd7zQLfGn3z7uvdw==
date
Tue, 26 Jul 2022 19:33:57 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1654531237
age
0
x-guploader-uploadid
ADPycdsUP4bLzgwf_JGauZDxEHLKNQStcSEm2Ih-V9iGpeGiOEe2KGSKhDybfDryrT-c1IB7PsgFVOl8qqnfm0YVPJUYdw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
vary
Origin
x-xss-protection
1; mode=block
x-goog-meta-blu-build
20220606T1554_4de4755
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 16:00:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"6dd1e21450ddef340b7c69f7cfbbaf77"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=5184000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w0Vu8j76sFpOm3isqkvhuPVTjk%2B4vCb%2FfBQ6ENTOszSAmzeueXBUjxQSGOu%2BwTh0HUXjgkLHNYm5yCQ2v%2BJjXiF6fjhNlfPEV2sUNS5pf4IBPi92GWYwUMdfkFO4O7iQfrPVv9x%2BeOLXBid0vw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1654531242583694
content-type
text/css
cache-control
public,max-age=1200
feature-policy
fullscreen 'self';camera 'none';geolocation 'none';microphone 'none'
x-goog-stored-content-length
243122
content-security-policy
default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
cf-ray
730f91e9f957bb86-FRA
expires
Tue, 26 Jul 2022 19:53:57 GMT
2.a130266e.chunk.js
app.blumira.com/static/js/ 		4 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.blumira.com/static/js/2.a130266e.chunk.js
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:44ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a704a13659e0383a847eea7b3bb30ebb9dfa97b02782b8660da261aa80636cde
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-goog-hash
crc32c=M5Phdg==, md5=02okvFw4ky7MvDc4Bj503w==
date
Tue, 26 Jul 2022 19:33:57 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1654531237
age
0
x-guploader-uploadid
ADPycdtdM0BkJcBLYokFr7RNcjNaPlLvLueSgXqMoksBONX6rk6hTVT_HoCRPnaREHPRuw2nILoYvdSFMxbtsHR4yWpuyZ4bJmXW
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
vary
Origin
x-xss-protection
1; mode=block
x-goog-meta-blu-build
20220606T1554_4de4755
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 16:00:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"d36a24bc5c38932eccbc3738063e74df"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=5184000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KBcL%2BC3Tfq9pSN3Vmg%2B%2F2V6PTu7uZpFlasNE1XsoNu0dBi29NP2TnxBTgUcqNbWm0dlUAgei0H%2Fq7RLE1eWX6DBZdEkbCFvivVeBJPYJ40krgfSKV1bpKqfv11FrVN3Rf33BKpD8%2BrrzKxTY0A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1654531242927118
content-type
application/javascript
cache-control
public,max-age=1200
feature-policy
fullscreen 'self';camera 'none';geolocation 'none';microphone 'none'
x-goog-stored-content-length
4481167
content-security-policy
default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
cf-ray
730f91e9f958bb86-FRA
expires
Tue, 26 Jul 2022 19:53:57 GMT
main.c43685b9.chunk.js
app.blumira.com/static/js/ 		1 MB
335 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.blumira.com/static/js/main.c43685b9.chunk.js
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:44ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
044f5027db623a96a395f146f17c09d04e4675e4d9a1c4f2985ce008a3e70b3f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-goog-hash
crc32c=SFu7QA==, md5=MWtE7V1oAlaDxVgVP7nCfg==
date
Tue, 26 Jul 2022 19:33:57 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1654531237
age
0
x-guploader-uploadid
ADPycdvkVDwKxdbgT9gV_kOQlMK7bhteBbs8kR4inqH3qH1HOgBCJPv7wm5E_lHIeCNB93K7qDUwPQ7NAJiwR2eLTCDQKQKTL_4o
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
vary
Origin
x-xss-protection
1; mode=block
x-goog-meta-blu-build
20220606T1554_4de4755
referrer-policy
same-origin
last-modified
Mon, 06 Jun 2022 16:00:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"316b44ed5d68025683c558153fb9c27e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=5184000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1v7VIM%2FFaQzKCUo%2FhuF%2BOBwvmfyyi9Xndx9nYYWOZ2o4wl0DrZNlrlPZ50mL2OcF5zkF17kzvuNJPehVAqoMGS%2FsM7IPkcR9wvCf0EhiOCFUqI2Y9UbSC9ASt014CSKBtZDTstQvhsvxWWd8dw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation
1654531242787103
content-type
application/javascript
cache-control
public,max-age=1200
feature-policy
fullscreen 'self';camera 'none';geolocation 'none';microphone 'none'
x-goog-stored-content-length
1233357
content-security-policy
default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
cf-ray
730f91e9f95cbb86-FRA
expires
Tue, 26 Jul 2022 19:53:57 GMT
ISAcmKZYgNi6vP7Q6BIj510P0kg.js
app.blumira.com/cdn-cgi/apps/body/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.blumira.com/cdn-cgi/apps/body/ISAcmKZYgNi6vP7Q6BIj510P0kg.js
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/cdn-cgi/apps/head/NUJbt9HWUohVtRnGpyA_dMNWDP4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:44ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4aae7460e90e7d4e552351a13e137a8ca9e34f24c2f571ff02d150d14b952f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 19:33:58 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
3GZDFMRHCQJWXXQ4
x-amz-version-id
irznjxTtv_EvdU8MZD5ms.R4ajYm5lKN
x-amz-id-2
5j42r6IAApbbmKRJipLxSdj+Wdmz6e0cGCdkAHwUD/7r8SCUZsRUIcpiFw6Q6vStqOYMZuAZ7l0=
last-modified
Thu, 02 Jul 2020 00:55:36 GMT
server
cloudflare
etag
W/"c832126bbb4200a64fa5d5584d6b8a93"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q9cDlp%2Bko1BHs6jYue99xCmpwAycwJmrZZcMccj0g14Pb9xe%2FEmfBmweQdVbLS1CCjLd6T7AT1jyzB3IzU5E99b%2FkANhaWRaLxlntiB12d4ZWJOvBpdW%2FE6BtRwM2J8hgX1JM%2Bpcfzu%2Fnu9E9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
730f91eccdd5bb86-FRA
heap-1590275325.js
cdn.heapanalytics.com/js/ 		111 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/heap-1590275325.js
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-56.vie50.r.cloudfront.net
Software
nginx /
Resource Hash
1df29c88af38eae2f69cbbb69ae0103bf1bee8db1ffa1bbdaa52408e9df7ee34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 19:33:58 GMT
content-encoding
gzip
server
nginx
x-amz-cf-pop
VIE50-C2
etag
W/"1bacb-JhTouI6vBY3/a8mD3Ic4Vg"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 fadd210e8fada96866356688e5524d10.cloudfront.net (CloudFront)
cache-control
public, max-age=120
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-id
fgBOkQnSwRIIhHCBPfoehSMX-eZwGdA833AKWacLOjl06HSJXNffeQ==
constant.json
fea.blumira.com/blu-constants/ 		468 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fea.blumira.com/blu-constants/constant.json
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/static/js/2.a130266e.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c183f28ea6df9e39cbf7cb019b7e7097943465f1eb0183cb26047a390b4a43a2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.stripe.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 19:33:58 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
surrogate-control
no-store
content-encoding
br
vary
Accept-Encoding
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
x-blu-request-id
54bae28a
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"750a0-RnIik1JDPKVS96k+bBynIW19ZK4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=5184000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5qgTyn42%2BJRkLjK7NDU2llua1K3UC0MIGt2x8oJCg%2B3C%2BWy9CYhbLwCnQIYXcTPLMmrua8D2k%2B18oI%2Fptfa2r5plY0rC3rZ1z%2Bw7Ay14PfM8Nw8%2BvvdeWjXe379ljhKwVMRvK4tftB295%2BzqRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-blu-request-id
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
feature-policy
fullscreen 'self';camera 'none';geolocation 'none';microphone 'none'
content-security-policy
default-src 'self' https://*.auth0.com https://*.stripe.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com
cf-ray
730f91efecf2929f-FRA
expires
0
en-us.json
fea.blumira.com/blu-constants/language/ 		106 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fea.blumira.com/blu-constants/language/en-us.json
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/static/js/2.a130266e.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc18e6e86aec9c30055d1e06c3d223a9d0de5cd8335e98237ef8d5ad15b9fd94
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.stripe.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 19:33:58 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
surrogate-control
no-store
content-encoding
br
vary
Accept-Encoding
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
x-blu-request-id
2bd55310
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"1a89a-qSgse1i9U3AXFbJXW+JX1ZMXqqU"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=5184000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WQLNKULCw5bwJar4H4y1FWl63QzHNEcvBG4c%2F6DG2WHzH9SQNjyiNCklaXUvwiOMTwsB0vOX5f4v9MV62Q6GDJv%2FSs1GbTUk7WONrxlwY32buLZtIjwaMVnX1hWhYquaX%2BpnXY7DGx7l5uPbaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-blu-request-id
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
feature-policy
fullscreen 'self';camera 'none';geolocation 'none';microphone 'none'
content-security-policy
default-src 'self' https://*.auth0.com https://*.stripe.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com
cf-ray
730f91efecf3929f-FRA
expires
0
/
sentry.io/api/1395071/envelope/ 		2 B
405 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.io/api/1395071/envelope/?sentry_key=90f5c9f46d164de1834902aab6a8ff4f&sentry_version=7
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/static/js/2.a130266e.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.blumira.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 26 Jul 2022 19:33:58 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://app.blumira.com
access-control-expose-headers
retry-after, x-sentry-error, x-sentry-rate-limits
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
blumira_login_blue.fe3120a1.png
app.blumira.com/static/media/ 		14 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.blumira.com/static/media/blumira_login_blue.fe3120a1.png
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:44ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc7545f4728537c8a9502d5c4202e87ecb2dde08ff8f9711da2733c5ea1cd59a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.blumira.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
age
0
x-guploader-uploadid
ADPycdtzUjMWscLhNLEjZL5fx7p2P-FoXz-ypP-FdM2xCbkWcDTj_UqLyIjtQt84N_I6KVZjYdNHVJLEStiNultNXoPPOQ
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KGb4fZUECdJwoINJijAjQR0o4yQKDx5C9Nz3yUEmiEyorqEV36mOaQjXaKkcg%2FptO0b2ryMP7Ne1S2myAsMrDJKRT39vNIUYuolJmq%2BjosQFtCYTIpBa8FMykpzxKhsbRV3HeW5z3kfB3B4a8w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-encoding
identity
referrer-policy
same-origin
x-frame-options
SAMEORIGIN
etag
"fe3120a141cd4f677f7dc6c550881f88"
x-goog-meta-blu-build
20220606T1554_4de4755
vary
Origin
x-goog-generation
1654531242649374
content-type
image/png
cache-control
public,max-age=1200
feature-policy
fullscreen 'self';camera 'none';geolocation 'none';microphone 'none'
expires
Tue, 26 Jul 2022 19:53:58 GMT
date
Tue, 26 Jul 2022 19:33:58 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1654531237
x-goog-storage-class
STANDARD
x-goog-metageneration
1
content-length
14505
x-xss-protection
1; mode=block
last-modified
Mon, 06 Jun 2022 16:00:42 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=5184000; includeSubDomains
x-goog-hash
crc32c=vCeZbw==, md5=/jEgoUHNT2d/fcbFUIgfiA==
x-goog-stored-content-length
14505
accept-ranges
bytes
cf-ray
730f91ef9af7bb86-FRA
blu-logo.png
blu-public-assets.storage.googleapis.com/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blu-public-assets.storage.googleapis.com/images/blu-logo.png
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
c21f0a1f83d948e8e877b5a900c570b8dba49edc7fde3bf54fea4efa6d2031bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 19:33:58 GMT
age
0
x-guploader-uploadid
ADPycdtwDEC7QX3OLjzI6goaYP505WNyQS19N9YzmJk4p1AB-8do29EVmdU9rNauuGNashBWqj32WR4kSomTdrK6iYx83oDBftLh
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6476
last-modified
Fri, 08 Feb 2019 15:22:49 GMT
server
UploadServer
etag
"8716da649339b5e5259f9eb418c6c4cd"
x-goog-hash
crc32c=iuakcg==, md5=hxbaZJM5teUln560GMbEzQ==
content-language
en
x-goog-generation
1549639369756037
cache-control
public, max-age=3600
x-goog-stored-content-length
6476
accept-ranges
bytes
content-type
image/png
expires
Tue, 26 Jul 2022 20:33:58 GMT
logout
fea.blumira.com/auth/ 		58 B
426 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fea.blumira.com/auth/logout
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/static/js/2.a130266e.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bf7eff0eb9546895578e66a20e2d85cbffd8c6f9355ba119cc5026cc1572ff2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.stripe.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 26 Jul 2022 19:33:58 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
surrogate-control
no-store
content-encoding
br
vary
Accept-Encoding
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
x-blu-request-id
49de0dba
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"3a-coQh11dBAwGO5IyBfXSPyxXKtdM"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=5184000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tr3rxMyFHgWMrtd9y0YtPeu%2BQqHGffwpzaMAi25f9O2LSAg%2FsPeOeAUgBkK4iLOgfXC2iOMsTLGSixhDlda3Lgko0VTlh0EII2MH2VlHGe2DzHw3VAfFmt2dO79pVmwWmqYqYgnBAtc8TMnbTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-blu-request-id
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
feature-policy
fullscreen 'self';camera 'none';geolocation 'none';microphone 'none'
content-security-policy
default-src 'self' https://*.auth0.com https://*.stripe.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com
access-control-allow-credentials
true
cf-ray
730f91f1ef18929f-FRA
expires
0
logout
fea.blumira.com/auth/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://fea.blumira.com/auth/logout
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:f51 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.blumira.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-ray
730f91efecf4929f-FRA
content-length
0
date
Tue, 26 Jul 2022 19:33:58 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q66%2BKY7r7CxcJQG8FDyAaovIwCAvL40Z92UCX8zJbnib2sTFfa1pfLSDbzdZCm6RlIJ0nodroAWPv3s5rioTsiulfwl4M1cSVd38NPxSsVy3swd4JZ3lQTLH8XiXH3dvL0H1xc0HeUHuHt900g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Access-Control-Request-Headers
via
1.1 google
en.js
cdn.auth0.com/js/lock/11.33.0/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.auth0.com/js/lock/11.33.0/en.js
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/static/js/2.a130266e.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-120.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
274a08ddc700fc754cb977c38b9fa34cc0dac17b9d768da40c81b502b97862f6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 04:28:50 GMT
content-encoding
gzip
last-modified
Thu, 05 May 2022 10:54:47 GMT
server
AmazonS3
age
54309
etag
W/"752bd942891e49a1035e916dd81017a5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
fIAt2lfJC9TfPCo.nwExeJ2QJokMMcKR
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
cache-control
max-age=2628000,public
x-amz-replication-status
COMPLETED
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
AKSND9f43moGR4C_o_HIdDPfznZx1SYiYg_wX4XwVRuA1jPnuZx4GA==
X1nqXmSr5M8Xj6TiIXwtFgeRctI7b1hT.js
cdn.auth0.com/client/ 		496 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.auth0.com/client/X1nqXmSr5M8Xj6TiIXwtFgeRctI7b1hT.js?t1658864038376
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/static/js/2.a130266e.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-120.fra50.r.cloudfront.net
Software
cloudflare /
Resource Hash
18e48b9ed1ea69c3b98cc3275f7df4a0485338eb562d4b48097044b79f202fb0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date
Tue, 26 Jul 2022 19:33:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
EXPIRED
tracestate
auth0-request-id=730f91f0c82e90a8
x-auth0-requestid
d4216adfda637ddc8af9
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
strict-transport-security
max-age=31536000
ot-tracer-sampled
true
server
cloudflare
traceparent
00-3bf8ece24cea4aa0-0000000000000000730c6e71388e53a4-01
etag
W/"1f0-tQU1VvCutN+tz9N2+ZWAPbIKeVY"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
ot-tracer-traceid
730c6e71388e53a4
cache-control
public, max-age=60, stale-while-revalidate=60, stale-if-error=86400
ot-baggage-auth0-request-id
730f91f0c82e90a8
cf-ray
730f91f0c82e90a8-FRA
x-amz-cf-id
mQvFUiXhNM_1P5bN7nFf4zL-iALJybEQzNgquCalk3L-ke2eajU1ig==
ot-tracer-spanid
3bf8ece24cea4aa0
X1nqXmSr5M8Xj6TiIXwtFgeRctI7b1hT.js
cdn.auth0.com/client/ 		496 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.auth0.com/client/X1nqXmSr5M8Xj6TiIXwtFgeRctI7b1hT.js?t1658864038378
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/static/js/2.a130266e.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-120.fra50.r.cloudfront.net
Software
cloudflare /
Resource Hash
18e48b9ed1ea69c3b98cc3275f7df4a0485338eb562d4b48097044b79f202fb0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
EXPIRED
tracestate
auth0-request-id=730f91f0c82e90a8
x-auth0-requestid
d4216adfda637ddc8af9
x-amz-cf-pop
FRA50-C1
x-cache
Hit from cloudfront
date
Tue, 26 Jul 2022 19:33:59 GMT
ot-tracer-sampled
true
server
cloudflare
traceparent
00-3bf8ece24cea4aa0-0000000000000000730c6e71388e53a4-01
etag
W/"1f0-tQU1VvCutN+tz9N2+ZWAPbIKeVY"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
ot-tracer-traceid
730c6e71388e53a4
cache-control
public, max-age=60, stale-while-revalidate=60, stale-if-error=86400
ot-baggage-auth0-request-id
730f91f0c82e90a8
cf-ray
730f91f0c82e90a8-FRA
x-amz-cf-id
fkN6zIJDob8E8TjJ66eS0e0NvjE2DmXWx8PIVdwhxY0pw7jlZ80p_g==
ot-tracer-spanid
3bf8ece24cea4aa0
truncated
/ 		833 B
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fa4e452fb02ad9bbe6945ef2ca3bf93382d0ad314cb9875b34916be384459525

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type
text/css;charset=utf-8
h
heapanalytics.com/ 		37 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=1590275325&u=8666296954201322&v=1111274068380744&s=4165189094069852&b=web&tv=4.0&z=0&h=%2F&d=app.blumira.com&t=Blumira&ts=1658864038396&st=1658864038399&ei=185&et=variation
Requested by
Host: app.blumira.com
URL: https://app.blumira.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.237.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-194-237-29.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 26 Jul 2022 19:33:58 GMT
server
nginx
etag
W/"25-PqzQEyMQ6kTK11azeKO8Bw"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
739c82a6d76dd19acf29c82dae7b53b1cf63372f3da597e027c1b8f14627391a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| CloudflareApps object| process object| heap object| webpackJsonpui function| _ number| 2f1acc6c3a606b082e5eef5e54414ffb object| __SENTRY__ object| __core-js_shared__ function| filterCSS function| filterXSS object| scCGSHMRCache object| __MUI_LICENSE_INFO__ object| regeneratorRuntime object| Auth0 object| __sentry_instrumentation_handlers__

2 Cookies

Domain/Path Name / Value
.blumira.com/ Name: _hp2_id.1590275325
Value: %7B%22userId%22%3A%228666296954201322%22%2C%22pageviewId%22%3A%221111274068380744%22%2C%22sessionId%22%3A%224165189094069852%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.blumira.com/ Name: _hp2_ses_props.1590275325
Value: %7B%22ts%22%3A1658864038396%2C%22d%22%3A%22app.blumira.com%22%2C%22h%22%3A%22%2F%22%7D

1 Console Messages

Source Level URL
Text
network error URL: https://app.blumira.com/fa39f2e1-44fd-4f06-b948-1a5925d7c96e/reporting/findings/b4462f82-623e-481e-b55a-e16c6541cac6
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://*.auth0.com https://*.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zdassets.com https://*.fontawesome.com https://*.gstatic.com https://*.zendesk.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.auth0.com https://secure.gravatar.com https://static.zdassets.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' https://use.fontawesome.com https://heapanalytics.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; style-src 'self' 'unsafe-inline' data: https://use.fontawesome.com https://heapanalytics.com https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' https://blumira.com https://www.blumira.com https://*.gravatar.com https://heapanalytics.com https://blu-public-assets.storage.googleapis.com data:; connect-src 'self' wss://fea.blumira.com https://fea.blumira.com https://yoyy6m2m5f.execute-api.us-east-2.amazonaws.com https://sentry.io/ https://auth.blumira.com https://ekr.zdassets.com https://blumira.zendesk.com https://heapanalytics.com https://storage.googleapis.com; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.blumira.com
blu-public-assets.storage.googleapis.com
cdn.auth0.com
cdn.heapanalytics.com
cdn.jsdelivr.net
fea.blumira.com
fonts.googleapis.com
heapanalytics.com
sentry.io
use.fontawesome.com
13.32.110.56
143.204.103.120
2606:4700:20::681a:f51
2606:4700:20::ac43:44ce
2606:4700:3032::ac43:a9f7
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2010
2a04:4e42:600::485
34.194.237.29
35.188.42.15
044f5027db623a96a395f146f17c09d04e4675e4d9a1c4f2985ce008a3e70b3f
18e48b9ed1ea69c3b98cc3275f7df4a0485338eb562d4b48097044b79f202fb0
1df29c88af38eae2f69cbbb69ae0103bf1bee8db1ffa1bbdaa52408e9df7ee34
274a08ddc700fc754cb977c38b9fa34cc0dac17b9d768da40c81b502b97862f6
361f7029135146afb51a2f440a86aa545c591d0a965e2508d3e4082862bb3c38
3bf7eff0eb9546895578e66a20e2d85cbffd8c6f9355ba119cc5026cc1572ff2
3d77a621db9879b9574ac3c06bf0069802f36a8def023995809e23a7bb69ec50
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
537dc7c2916ec5fb4a9c6ac9a0f16f1f8e24dc3880fe9b5008edb13f852dd998
704726e5e3bb62cd689198651729e1e7786fe2427d502627c6d7215edac7fe1f
739c82a6d76dd19acf29c82dae7b53b1cf63372f3da597e027c1b8f14627391a
76e800086349d60e53a18f6bf0861488b1652b63c683d3cc3aba4175b0c15f5e
a704a13659e0383a847eea7b3bb30ebb9dfa97b02782b8660da261aa80636cde
b31be4c92a3dec11340e23cf848aaf017d0b53e471d68741598c7c48018033f3
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc7545f4728537c8a9502d5c4202e87ecb2dde08ff8f9711da2733c5ea1cd59a
c183f28ea6df9e39cbf7cb019b7e7097943465f1eb0183cb26047a390b4a43a2
c21f0a1f83d948e8e877b5a900c570b8dba49edc7fde3bf54fea4efa6d2031bc
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550
dc18e6e86aec9c30055d1e06c3d223a9d0de5cd8335e98237ef8d5ad15b9fd94
f4aae7460e90e7d4e552351a13e137a8ca9e34f24c2f571ff02d150d14b952f2
fa4e452fb02ad9bbe6945ef2ca3bf93382d0ad314cb9875b34916be384459525