urlscan.io logo urlscan.io
SecurityTrails logo

hipcityveg.toast.site Open in urlscan Pro
2606:4700:4400::6812:2628  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hipcityveg.toast.site/
Effective URL: https://hipcityveg.toast.site/
Submission: On March 27 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 2 countries across 15 domains to perform 52 HTTP transactions. The main IP is 2606:4700:4400::6812:2628, located in United States and belongs to CLOUDFLARENET, US. The main domain is hipcityveg.toast.site.
TLS certificate: Issued by E1 on February 20th 2024. Valid for: 3 months.
This is the only time hipcityveg.toast.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:440... 13335 (CLOUDFLAR...)
9 2600:9000:236... 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 142.250.186.132 15169 (GOOGLE)
1 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 13.33.218.24 16509 (AMAZON-02)
1 157.230.66.5 14061 (DIGITALOC...)
8 151.101.194.217 54113 (FASTLY)
1 34.120.195.249 396982 (GOOGLE-CL...)
2 2a03:2880:f08... 32934 (FACEBOOK)
6 2a00:1450:400... 15169 (GOOGLE)
4 2606:4700:7::... 13335 (CLOUDFLAR...)
1 3.33.235.18 16509 (AMAZON-02)
1 2a03:2880:f17... 32934 (FACEBOOK)
1 172.217.18.10 15169 (GOOGLE)
2 54.186.191.245 16509 (AMAZON-02)
6 107.21.166.65 14618 (AMAZON-AES)
52 20
1    2606:4700:4400::6812:2628 (United States)

ASN13335 (CLOUDFLARENET, US)
hipcityveg.toast.site
9    2600:9000:236e:ba00:17:d7f6:d580:93a1 (United States)

ASN16509 (AMAZON-02, US)
d28f3w0x9i80nq.cloudfront.net
2    2606:4700::6810:7baf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
2    142.250.186.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f4.1e100.net
www.google.com
1    2a02:26f0:480:f::213:7ee1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a02:26f0:3500:16::215:148b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
1    13.33.218.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-218-24.fra60.r.cloudfront.net
www.datadoghq-browser-agent.com
1    157.230.66.5 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sites.nv5.toast.ventures
8    151.101.194.217 (United States)

ASN54113 (FASTLY, US)
app.launchdarkly.com
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o37442.ingest.sentry.io
2    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
6    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
4    2606:4700:7::a29f:9819 (United States)

ASN13335 (CLOUDFLARENET, US)
ws-api.toasttab.com
1    3.33.235.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa1ba9bef7b18c265.awsglobalaccelerator.com
clientstream.launchdarkly.com
1    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    172.217.18.10 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f10.1e100.net
maps.googleapis.com
2    54.186.191.245 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-191-245.us-west-2.compute.amazonaws.com
api2.amplitude.com
6    107.21.166.65 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-166-65.compute-1.amazonaws.com
events.launchdarkly.com
Apex Domain
Subdomains		 Transfer
15 launchdarkly.com
app.launchdarkly.com — Cisco Umbrella Rank: 760
clientstream.launchdarkly.com — Cisco Umbrella Rank: 934
events.launchdarkly.com — Cisco Umbrella Rank: 883
21 KB
9 cloudfront.net
d28f3w0x9i80nq.cloudfront.net
2 MB
7 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 355
233 KB
4 toasttab.com
ws-api.toasttab.com — Cisco Umbrella Rank: 48237
2 KB
2 amplitude.com
api2.amplitude.com — Cisco Umbrella Rank: 1212
309 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 182
72 KB
2 typekit.net
use.typekit.net — Cisco Umbrella Rank: 468
p.typekit.net — Cisco Umbrella Rank: 568
1 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 2
927 B
2 unpkg.com
unpkg.com — Cisco Umbrella Rank: 725
2 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
273 B
1 sentry.io
o37442.ingest.sentry.io — Cisco Umbrella Rank: 48256
299 B
1 toast.ventures
sites.nv5.toast.ventures — Cisco Umbrella Rank: 292557
1 datadoghq-browser-agent.com
www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1428
50 KB
1 gstatic.com
www.gstatic.com
201 KB
1 toast.site
hipcityveg.toast.site
13 KB
52 15
Domain Requested by
9 d28f3w0x9i80nq.cloudfront.net hipcityveg.toast.site
8 app.launchdarkly.com www.datadoghq-browser-agent.com
7 maps.googleapis.com d28f3w0x9i80nq.cloudfront.net
www.datadoghq-browser-agent.com
maps.googleapis.com
6 events.launchdarkly.com www.datadoghq-browser-agent.com
4 ws-api.toasttab.com www.datadoghq-browser-agent.com
2 api2.amplitude.com www.datadoghq-browser-agent.com
2 connect.facebook.net hipcityveg.toast.site
connect.facebook.net
2 www.google.com hipcityveg.toast.site
www.gstatic.com
2 unpkg.com hipcityveg.toast.site
1 www.facebook.com hipcityveg.toast.site
1 clientstream.launchdarkly.com hipcityveg.toast.site
1 o37442.ingest.sentry.io hipcityveg.toast.site
1 sites.nv5.toast.ventures hipcityveg.toast.site
1 www.datadoghq-browser-agent.com hipcityveg.toast.site
1 p.typekit.net use.typekit.net
1 www.gstatic.com www.google.com
1 use.typekit.net d28f3w0x9i80nq.cloudfront.net
1 hipcityveg.toast.site
52 18

This site contains links to these domains. Also see Links.

Domain
hipcityveg.com
Subject Issuer Validity Valid
toast.site
E1		 2024-02-20 -
2024-05-20		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.google.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-02-01 -
2025-03-03		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
*.datadoghq-browser-agent.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-12 -
2024-12-14		 a year crt.sh
*.sites.nv5.toast.ventures
E1		 2024-03-01 -
2024-05-30		 3 months crt.sh
app.launchdarkly.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-07-02 -
2024-08-02		 a year crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-02 -
2024-12-02		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-01-05 -
2024-04-04		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
ws-api.toasttab.com
E1		 2024-03-15 -
2024-06-13		 3 months crt.sh
clientstream.launchdarkly.com
Amazon RSA 2048 M02		 2023-08-09 -
2024-09-05		 a year crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2024-01-31 -
2025-03-02		 a year crt.sh
events.launchdarkly.com
Amazon ECDSA 256 M02		 2023-06-21 -
2024-07-20		 a year crt.sh

This page contains 3 frames:

Primary Page: https://hipcityveg.toast.site/
Frame ID: 4405835890AF612D672F39B15EC6B4D9
Requests: 40 HTTP requests in this frame

Frame: https://sites.nv5.toast.ventures/map?shortUrl=hipcityveg-chinatown&sourceId=LocationMap&order=&guids=1cd1a198-f540-4dde-a24f-e7358a0ded46&guids=5ce788b2-0ec3-4115-aa31-1cf71f6927f3&guids=5f7680f8-f11b-4c0f-80b7-5e8def20136e&guids=68c5ed37-a511-4c7a-9c65-870b602c43e4&guids=a5783efe-0d1d-4000-b09a-8d0e707c5d92&selectedGuid=&selectedDiningOption=TAKE_OUT&style=locationDetails
Frame ID: BA5644961423A0150B0EB1E5AE4AA73C
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfD-H8mAAAAAK-gw-dLyIgoh1TpBg2VuSZi5SJA&co=aHR0cHM6Ly9oaXBjaXR5dmVnLnRvYXN0LnNpdGU6NDQz&hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=onp8vli37v31
Frame ID: 842BAFDF24D3828B2267E1DFC0ED4B96
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HipCityVeg | Location Selection

Page URL History Show full URLs

  1. http://hipcityveg.toast.site/ HTTP 307
    https://hipcityveg.toast.site/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

52
Requests

98 %
HTTPS

53 %
IPv6

15
Domains

18
Subdomains

20
IPs

2
Countries

2164 kB
Transfer

8459 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hipcityveg.toast.site/ HTTP 307
    https://hipcityveg.toast.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
hipcityveg.toast.site/
Redirect Chain
  • http://hipcityveg.toast.site/
  • https://hipcityveg.toast.site/
134 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2628 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb9c366ac0be926a85d6faf5093093e07dd9c5cd36e2a0b1931b7c54402a9e51
Security Headers
Name Value
Content-Security-Policy worker-src 'self' blob:; child-src 'self' blob:; connect-src https://d28f3w0x9i80nq.cloudfront.net/ https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com o37442.ingest.sentry.io https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com http://localhost:36867/consumer-app-bff/v1/graphql http://localhost:36867/do-federated-gateway/v1/graphql https://bff-production.nv5.toast.ventures https://checkoutshopper-live.adyen.com https://www.google.com https://maps.googleapis.com https://www.google-analytics.com https://rs.fullstory.com https://graph.facebook.com/ https://events.launchdarkly.com https://app.launchdarkly.com https://clientstream.launchdarkly.com https://api2.amplitude.com/2/httpapi https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://google.com/ https://pay.google.com/; frame-src https://www.toasttab.com/ https://sites.nv5.toast.ventures https://sites.nv5.toast.ventures https://ws-api.toasttab.com:8443 https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com https://d28f3w0x9i80nq.cloudfront.net/ https://docs.google.com https://www.google.com www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://cdn.userway.org/ https://business.untappd.com https://checkoutshopper-live.adyen.com https://pay.google.com/ https://google.com/; script-src-elem 'unsafe-inline' https://ws-api.toasttab.com:8443 https://d28f3w0x9i80nq.cloudfront.net/ https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js https://google.com/ https://pay.google.com/; script-src nonce-d680f47ccbed6d0426b09c29afb6d915 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js; style-src-elem 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; style-src 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; media-src https://d28f3w0x9i80nq.cloudfront.net/ https://d1w7312wesee68.cloudfront.net/; img-src * data:; font-src *; default-src nonce-d680f47ccbed6d0426b09c29afb6d915 self https://d28f3w0x9i80nq.cloudfront.net/
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, s-maxage=60, max-age=120, must-revalidate, stale-while-revalidate=60
cf-cache-status
DYNAMIC
cf-ray
86b1077fcf545d60-FRA
content-encoding
br
content-security-policy
worker-src 'self' blob:; child-src 'self' blob:; connect-src https://d28f3w0x9i80nq.cloudfront.net/ https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com o37442.ingest.sentry.io https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com http://localhost:36867/consumer-app-bff/v1/graphql http://localhost:36867/do-federated-gateway/v1/graphql https://bff-production.nv5.toast.ventures https://checkoutshopper-live.adyen.com https://www.google.com https://maps.googleapis.com https://www.google-analytics.com https://rs.fullstory.com https://graph.facebook.com/ https://events.launchdarkly.com https://app.launchdarkly.com https://clientstream.launchdarkly.com https://api2.amplitude.com/2/httpapi https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://google.com/ https://pay.google.com/; frame-src https://www.toasttab.com/ https://sites.nv5.toast.ventures https://sites.nv5.toast.ventures https://ws-api.toasttab.com:8443 https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com https://d28f3w0x9i80nq.cloudfront.net/ https://docs.google.com https://www.google.com www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://cdn.userway.org/ https://business.untappd.com https://checkoutshopper-live.adyen.com https://pay.google.com/ https://google.com/; script-src-elem 'unsafe-inline' https://ws-api.toasttab.com:8443 https://d28f3w0x9i80nq.cloudfront.net/ https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js https://google.com/ https://pay.google.com/; script-src nonce-d680f47ccbed6d0426b09c29afb6d915 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js; style-src-elem 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; style-src 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; media-src https://d28f3w0x9i80nq.cloudfront.net/ https://d1w7312wesee68.cloudfront.net/; img-src * data:; font-src *; default-src nonce-d680f47ccbed6d0426b09c29afb6d915 self https://d28f3w0x9i80nq.cloudfront.net/
content-type
text/html; charset=utf-8
date
Wed, 27 Mar 2024 17:16:39 GMT
etag
W/"2172c-QpAkZnsVgwvfSnZ97uSAujnRWjM"
expires
Wed, 27 Mar 2024 17:18:38 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1

Redirect headers

Location
https://hipcityveg.toast.site/
Non-Authoritative-Reason
HttpsUpgrades
public_1711378370.min.css
d28f3w0x9i80nq.cloudfront.net/app/ 		264 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d28f3w0x9i80nq.cloudfront.net/app/public_1711378370.min.css
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:ba00:17:d7f6:d580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
892cffa8e31fa838ae9ea46e4d5420e15c3c353e61336ba6b068bb5dd5ea2710

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 17:51:54 GMT
content-encoding
gzip
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront)
last-modified
Mon, 25 Mar 2024 14:57:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
170686
etag
"79c3cfad3451f964f332954efc12af12"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/css
cache-control
max-age=31536000
accept-ranges
bytes
content-length
42018
x-amz-cf-id
7Tz4WdI5RxlO-o-7XpQ0-eM_U_avDXYbo3abXoypw6cQjh0F9qxgiA==
grids-min.css
unpkg.com/purecss@1.0.0/build/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/purecss@1.0.0/build/grids-min.css
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddfe34127ef2cbb5f5ac2a078561fdba8c0b1c827b463b8498a9818b46a09e0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:39 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
1206972
last-modified
Mon, 05 Jun 2017 15:02:40 GMT
fly-request-id
01HRWFJ000XY3PK8706PECYVW2-fra
server
cloudflare
etag
W/"92a-d7/h/+igPj9Ssky5nRAGNutfVCY"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86b1078b5af21c85-FRA
grids-responsive-min.css
unpkg.com/purecss@1.0.0/build/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/purecss@1.0.0/build/grids-responsive-min.css
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62a9e74bf710eef13b81f56375fc7e24c8b91050fa9ba66a75e9a3f35aece8f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:39 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
1202098
last-modified
Mon, 05 Jun 2017 15:02:40 GMT
fly-request-id
01HRWM6RW5EXBKA4MYQPVPRVZA-fra
server
cloudflare
etag
W/"1f60-O8+cDat7roGX29PcEKHeg9pY6j8"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
86b1078b5af41c85-FRA
enterprise.js
www.google.com/recaptcha/ 		1 KB
927 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?render=6LfD-H8mAAAAAK-gw-dLyIgoh1TpBg2VuSZi5SJA
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f4.1e100.net
Software
GSE /
Resource Hash
0c97aaa0c7a407c9c55f16b421bf275abd3e3202b6e5a2e37d8b9d23a241c393
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 27 Mar 2024 17:16:39 GMT
jey6kje.css
use.typekit.net/ 		3 KB
936 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/jey6kje.css
Requested by
Host: d28f3w0x9i80nq.cloudfront.net
URL: https://d28f3w0x9i80nq.cloudfront.net/app/public_1711378370.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ee1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
7f3e37b4785e6917cf5b2fd7a08b268b7224d235f69a247a87e9dc6f2ed4eb36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://d28f3w0x9i80nq.cloudfront.net/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Wed, 27 Mar 2024 17:16:39 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
713
recaptcha__de.js
www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/ 		502 KB
201 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LfD-H8mAAAAAK-gw-dLyIgoh1TpBg2VuSZi5SJA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa4ddb0e0c3bda5d6e61d56a544a7ff9ea3691eaa5126187daa6ed1875ba93e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
Origin
https://hipcityveg.toast.site
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 18:29:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
168417
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
204859
x-xss-protection
0
last-modified
Mon, 25 Mar 2024 04:00:24 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 25 Mar 2025 18:29:42 GMT
p.css
p.typekit.net/ 		5 B
172 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=jey6kje&ht=tk&f=9785.9787.9791.9793&a=86936557&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/jey6kje.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:148b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://use.typekit.net/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:39 GMT
last-modified
Fri, 23 Jun 2023 17:09:47 GMT
server
nginx
etag
"6495d1db-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
datadog-rum.js
www.datadoghq-browser-agent.com/us1/v5/ 		156 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-218-24.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5f2f05be23992d6bcc111710018c2aaecca2cb8c1f9fb12b39542bcb62440173

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:15:41 GMT
content-encoding
br
via
1.1 80b00aa2dcc58ca61b2465a37c89fc92.cloudfront.net (CloudFront)
last-modified
Tue, 26 Mar 2024 16:28:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
59
x-amz-server-side-encryption
AES256
etag
W/"333f4ade73f2ba5a9053eb2fbc36d4a6"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=14400, s-maxage=60
timing-allow-origin
*
x-amz-cf-id
Lr6P_86kMnskfLXhtMti4skImXJIReKKfD7Ti9mjHLF5vTUQvqOHWg==
map
sites.nv5.toast.ventures/ Frame BA56 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sites.nv5.toast.ventures/map?shortUrl=hipcityveg-chinatown&sourceId=LocationMap&order=&guids=1cd1a198-f540-4dde-a24f-e7358a0ded46&guids=5ce788b2-0ec3-4115-aa31-1cf71f6927f3&guids=5f7680f8-f11b-4c0f-80b7-5e8def20136e&guids=68c5ed37-a511-4c7a-9c65-870b602c43e4&guids=a5783efe-0d1d-4000-b09a-8d0e707c5d92&selectedGuid=&selectedDiningOption=TAKE_OUT&style=locationDetails
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.66.5 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.25.1 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy worker-src 'self' blob:; child-src 'self' blob:; connect-src https://d28f3w0x9i80nq.cloudfront.net/ https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com o37442.ingest.sentry.io https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com http://localhost:36867/consumer-app-bff/v1/graphql http://localhost:36867/do-federated-gateway/v1/graphql https://bff-production.nv5.toast.ventures https://checkoutshopper-live.adyen.com https://www.google.com https://maps.googleapis.com https://www.google-analytics.com https://rs.fullstory.com https://graph.facebook.com/ https://events.launchdarkly.com https://app.launchdarkly.com https://clientstream.launchdarkly.com https://api2.amplitude.com/2/httpapi https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://google.com/ https://pay.google.com/; frame-src https://www.toasttab.com/ https://sites.nv5.toast.ventures https://sites.nv5.toast.ventures https://ws-api.toasttab.com:8443 https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com https://d28f3w0x9i80nq.cloudfront.net/ https://docs.google.com https://www.google.com www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://cdn.userway.org/ https://business.untappd.com https://checkoutshopper-live.adyen.com https://pay.google.com/ https://google.com/; script-src-elem 'unsafe-inline' https://ws-api.toasttab.com:8443 https://d28f3w0x9i80nq.cloudfront.net/ https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js https://google.com/ https://pay.google.com/; script-src nonce-3110527386c7cc875b62fcd985257992 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js; style-src-elem 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; style-src 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; media-src https://d28f3w0x9i80nq.cloudfront.net/ https://d1w7312wesee68.cloudfront.net/; img-src * data:; font-src *; default-src nonce-3110527386c7cc875b62fcd985257992 self https://d28f3w0x9i80nq.cloudfront.net/
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://hipcityveg.toast.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
public, s-maxage=60, max-age=120, must-revalidate, stale-while-revalidate=60
cf-cache-status
DYNAMIC
cf-ray
86b107905e0e8c6f-EWR
content-encoding
gzip
content-security-policy
worker-src 'self' blob:; child-src 'self' blob:; connect-src https://d28f3w0x9i80nq.cloudfront.net/ https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com o37442.ingest.sentry.io https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com http://localhost:36867/consumer-app-bff/v1/graphql http://localhost:36867/do-federated-gateway/v1/graphql https://bff-production.nv5.toast.ventures https://checkoutshopper-live.adyen.com https://www.google.com https://maps.googleapis.com https://www.google-analytics.com https://rs.fullstory.com https://graph.facebook.com/ https://events.launchdarkly.com https://app.launchdarkly.com https://clientstream.launchdarkly.com https://api2.amplitude.com/2/httpapi https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://google.com/ https://pay.google.com/; frame-src https://www.toasttab.com/ https://sites.nv5.toast.ventures https://sites.nv5.toast.ventures https://ws-api.toasttab.com:8443 https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com https://d28f3w0x9i80nq.cloudfront.net/ https://docs.google.com https://www.google.com www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://cdn.userway.org/ https://business.untappd.com https://checkoutshopper-live.adyen.com https://pay.google.com/ https://google.com/; script-src-elem 'unsafe-inline' https://ws-api.toasttab.com:8443 https://d28f3w0x9i80nq.cloudfront.net/ https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js https://google.com/ https://pay.google.com/; script-src nonce-3110527386c7cc875b62fcd985257992 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js; style-src-elem 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; style-src 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; media-src https://d28f3w0x9i80nq.cloudfront.net/ https://d1w7312wesee68.cloudfront.net/; img-src * data:; font-src *; default-src nonce-3110527386c7cc875b62fcd985257992 self https://d28f3w0x9i80nq.cloudfront.net/
content-type
text/html; charset=utf-8
date
Wed, 27 Mar 2024 17:16:40 GMT
etag
W/"23ce-iIGj+Rjz/gyVyjGuErQYn+0FL0I"
expires
Wed, 27 Mar 2024 17:18:40 GMT
server
nginx/1.25.1
strict-transport-security
max-age=31536000; includeSubDomains
transfer-encoding
chunked
x-content-type-options
nosniff
x-xss-protection
1
hipcityveg%201.51.19%20AM.png
d28f3w0x9i80nq.cloudfront.net/restaurantImages/ff1159c0-5262-4c02-b394-3dadb13bde43/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d28f3w0x9i80nq.cloudfront.net/restaurantImages/ff1159c0-5262-4c02-b394-3dadb13bde43/hipcityveg%201.51.19%20AM.png
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:ba00:17:d7f6:d580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c56685923519b27d80363921455351a366a3ddfeca60fc69c7ad6cd3d1a33bda

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:41 GMT
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront)
last-modified
Mon, 05 Feb 2024 20:09:19 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
x-amz-server-side-encryption
AES256
etag
"e8d5dbc20775860aea51f852319c2ca0"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
13783
x-amz-cf-id
BdCIBVxFH8PoEbQKZhOMWWTuj-SzcXfC-2B02nms89cvgMvZIdD2OQ==
public_1711378370.min.js
d28f3w0x9i80nq.cloudfront.net/app/ 		6 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://d28f3w0x9i80nq.cloudfront.net/app/public_1711378370.min.js
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:ba00:17:d7f6:d580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9b7073ddddb7e96f6c1e15a13ec04779252081c35a0fc44bed8e3cf5a2aef8fd

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 17:51:58 GMT
content-encoding
gzip
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront)
last-modified
Mon, 25 Mar 2024 14:57:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
170682
etag
"5c4fbbcb54bbe7c449ba10a66f35a7f9"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1390590
x-amz-cf-id
6kHeQ2nzNrSb4ZDEjvndDkrWbwCcVg1Eb6Wom9d17-ijMX0WfaEnLw==
Verlag-Light.otf
d28f3w0x9i80nq.cloudfront.net/restaurantFiles/ff1159c0-5262-4c02-b394-3dadb13bde43/ 		163 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://d28f3w0x9i80nq.cloudfront.net/restaurantFiles/ff1159c0-5262-4c02-b394-3dadb13bde43/Verlag-Light.otf
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:ba00:17:d7f6:d580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f65093c8c7baa512b98a11e2bfb9b7b6f8de764301af7460c1c1609ef56d5a21

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
Origin
https://hipcityveg.toast.site
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:41 GMT
content-encoding
gzip
via
1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
last-modified
Fri, 02 Feb 2024 12:41:53 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
x-amz-server-side-encryption
AES256
etag
W/"d78568461ae964676b643db8a66da62d"
access-control-max-age
0
access-control-allow-methods
GET
content-type
font/otf
access-control-allow-origin
*
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding,Origin
x-amz-cf-id
-TD7vScc7DNTiQL4zVKInpzttPvYJcVW738yau1eDRAsJS7IxeRxfQ==
Verlag-Bold.otf
d28f3w0x9i80nq.cloudfront.net/restaurantFiles/ff1159c0-5262-4c02-b394-3dadb13bde43/ 		164 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://d28f3w0x9i80nq.cloudfront.net/restaurantFiles/ff1159c0-5262-4c02-b394-3dadb13bde43/Verlag-Bold.otf
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:ba00:17:d7f6:d580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d851dc6c840d4cec78e832b8a20831cfddc8882c9d5f11e95b31980f71dfdfc

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
Origin
https://hipcityveg.toast.site
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:41 GMT
content-encoding
gzip
via
1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
last-modified
Fri, 02 Feb 2024 12:41:53 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
x-amz-server-side-encryption
AES256
etag
W/"9c6548c5500714092f1d1e2f7e3c58cc"
access-control-max-age
0
access-control-allow-methods
GET
content-type
font/otf
access-control-allow-origin
*
x-cache
RefreshHit from cloudfront
vary
Accept-Encoding,Origin
x-amz-cf-id
99dfvLW6Yk0uhNxABk7Zm7kI4y4yfT_osfK6EL2Yc5fUFB7bXAG5qA==
current-location.svg
d28f3w0x9i80nq.cloudfront.net/icons/ 		1 KB
860 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d28f3w0x9i80nq.cloudfront.net/icons/current-location.svg
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:ba00:17:d7f6:d580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
94428d5627e6309074da9e92619b776d05e2ff4510c910584daaee9e88296d80

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 05:46:51 GMT
content-encoding
gzip
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront)
last-modified
Fri, 02 Feb 2024 12:25:34 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
41389
x-amz-server-side-encryption
AES256
etag
W/"f3c8d63c015be8c2e54418b9097bd7b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
x-amz-cf-id
fdPbxYd_OQEoaj2DVRNa6XtfKj5oVRnZKzRNcA3RB0lJWs44dAkNVQ==
caret-down.svg
d28f3w0x9i80nq.cloudfront.net/icons/ 		246 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d28f3w0x9i80nq.cloudfront.net/icons/caret-down.svg
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:ba00:17:d7f6:d580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5e463607f7471209135c6c5785da77c2daf8afb971fa6c4cbcf6d737c5116107

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 07:02:48 GMT
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront)
last-modified
Fri, 02 Feb 2024 12:25:32 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
36832
x-amz-server-side-encryption
AES256
etag
"b5711788b6f4c8074bca2d4808458fa4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
accept-ranges
bytes
content-length
246
x-amz-cf-id
Lexe-PUiVpBT6VeueEGqQ2uVJhNZqY3GWpzLLOAC2SUjWgiuWrcXkw==
powered-by-toast.svg
d28f3w0x9i80nq.cloudfront.net/icons/ 		11 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d28f3w0x9i80nq.cloudfront.net/icons/powered-by-toast.svg
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:ba00:17:d7f6:d580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0f72b139e2153ed280980870f9a6e9de233f55cdedd3bae8060c7331c3af5909

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 03:53:37 GMT
content-encoding
gzip
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront)
last-modified
Fri, 02 Feb 2024 12:25:43 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
48183
x-amz-server-side-encryption
AES256
etag
W/"a009395177cbec7e92834912230cb056"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
x-amz-cf-id
nxfQRBLPnaSquJkTPfG1XrVB8aizvscgrLuf62VQR3WUPpqn2LvlIw==
anchor
www.google.com/recaptcha/enterprise/ Frame 842B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfD-H8mAAAAAK-gw-dLyIgoh1TpBg2VuSZi5SJA&co=aHR0cHM6Ly9oaXBjaXR5dmVnLnRvYXN0LnNpdGU6NDQz&hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=onp8vli37v31
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-j_qphnFRvS5I2KjeiEyXkw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hipcityveg.toast.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-j_qphnFRvS5I2KjeiEyXkw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 27 Mar 2024 17:16:39 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
59e4bfdd6292ac0ac9174386
app.launchdarkly.com/sdk/goals/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/goals/59e4bfdd6292ac0ac9174386
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
GET
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
age
0
allow
GET, OPTIONS, HEAD
content-encoding
gzip
content-length
23
date
Wed, 27 Mar 2024 17:16:40 GMT
ld-region
us-east-1
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
x-served-by
cache-fra-etou8220022-FRA
x-timer
S1711559801.920664,VS0,VE1
eyJrZXkiOiJzaXRlcy13ZWIifQ
app.launchdarkly.com/sdk/evalx/59e4bfdd6292ac0ac9174386/contexts/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/evalx/59e4bfdd6292ac0ac9174386/contexts/eyJrZXkiOiJzaXRlcy13ZWIifQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
GET
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
age
0
allow
GET, OPTIONS, HEAD
content-encoding
gzip
content-length
23
date
Wed, 27 Mar 2024 17:16:40 GMT
ld-region
us-east-1
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
x-served-by
cache-fra-etou8220022-FRA
x-timer
S1711559801.920665,VS0,VE1
/
o37442.ingest.sentry.io/api/6180756/envelope/ 		2 B
299 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o37442.ingest.sentry.io/api/6180756/envelope/?sentry_key=6d67e6de629842998b120b40164bd25b&sentry_version=7&sentry_client=sentry.javascript.react%2F7.13.0
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 27 Mar 2024 17:16:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
59e4bfdd6292ac0ac9174386
app.launchdarkly.com/sdk/goals/ 		2 B
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/goals/59e4bfdd6292ac0ac9174386
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.0.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer
https://hipcityveg.toast.site/
X-LaunchDarkly-Wrapper
react-client-sdk/3.0.1
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
via
1.1 varnish
date
Wed, 27 Mar 2024 17:16:40 GMT
content-md5
d751713988987e9331980363e24189ce
age
0
x-cache
HIT
content-length
26
x-served-by
cache-fra-etou8220022-FRA
x-timer
S1711559801.934828,VS0,VE1
etag
"d751713988987e9331980363e24189ce"
ld-region
us-east-1
access-control-max-age
300
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0
vary
Accept-Encoding
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
x-cache-hits
1
eyJrZXkiOiJzaXRlcy13ZWIifQ
app.launchdarkly.com/sdk/evalx/59e4bfdd6292ac0ac9174386/contexts/ 		72 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/evalx/59e4bfdd6292ac0ac9174386/contexts/eyJrZXkiOiJzaXRlcy13ZWIifQ
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f5f33350461e33acb66a5e20a27851499629a8894efa7b075e1eedc41226a2df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.0.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer
https://hipcityveg.toast.site/
X-LaunchDarkly-Wrapper
react-client-sdk/3.0.1
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
via
1.1 varnish
date
Wed, 27 Mar 2024 17:16:40 GMT
age
0
x-cache
HIT
content-length
9804
x-served-by
cache-fra-etou8220022-FRA
x-timer
S1711559801.934832,VS0,VE3
etag
"348db"
ld-region
us-east-1
access-control-max-age
300
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0
vary
Accept-Encoding, Authorization
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
x-cache-hits
1
pageturn.wav
d28f3w0x9i80nq.cloudfront.net/audio/ 		0
0
59e4bfdd6292ac0ac9174386
app.launchdarkly.com/sdk/goals/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/goals/59e4bfdd6292ac0ac9174386
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
GET
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
age
0
allow
GET, OPTIONS, HEAD
content-encoding
gzip
content-length
23
date
Wed, 27 Mar 2024 17:16:41 GMT
ld-region
us-east-1
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
2
x-served-by
cache-fra-etou8220022-FRA
x-timer
S1711559801.166089,VS0,VE0
eyJrZXkiOiIxY2QxYTE5OC1mNTQwLTRkZGUtYTI0Zi1lNzM1OGEwZGVkNDYifQ
app.launchdarkly.com/sdk/evalx/59e4bfdd6292ac0ac9174386/contexts/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/evalx/59e4bfdd6292ac0ac9174386/contexts/eyJrZXkiOiIxY2QxYTE5OC1mNTQwLTRkZGUtYTI0Zi1lNzM1OGEwZGVkNDYifQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
GET
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
age
0
allow
GET, OPTIONS, HEAD
content-encoding
gzip
content-length
23
date
Wed, 27 Mar 2024 17:16:41 GMT
ld-region
us-east-1
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
2
x-served-by
cache-fra-etou8220022-FRA
x-timer
S1711559801.166812,VS0,VE0
59e4bfdd6292ac0ac9174386
app.launchdarkly.com/sdk/goals/ 		2 B
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/goals/59e4bfdd6292ac0ac9174386
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.0.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer
https://hipcityveg.toast.site/
X-LaunchDarkly-Wrapper
react-client-sdk/3.0.1
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
via
1.1 varnish
date
Wed, 27 Mar 2024 17:16:41 GMT
content-md5
d751713988987e9331980363e24189ce
age
0
x-cache
HIT
content-length
26
x-served-by
cache-fra-etou8220022-FRA
x-timer
S1711559801.176511,VS0,VE0
etag
"d751713988987e9331980363e24189ce"
ld-region
us-east-1
access-control-max-age
300
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0
vary
Accept-Encoding
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
x-cache-hits
2
eyJrZXkiOiIxY2QxYTE5OC1mNTQwLTRkZGUtYTI0Zi1lNzM1OGEwZGVkNDYifQ
app.launchdarkly.com/sdk/evalx/59e4bfdd6292ac0ac9174386/contexts/ 		72 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/evalx/59e4bfdd6292ac0ac9174386/contexts/eyJrZXkiOiIxY2QxYTE5OC1mNTQwLTRkZGUtYTI0Zi1lNzM1OGEwZGVkNDYifQ
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
97cf3734d1044a1fe54fba3cf1937b279257bdf859316723e8e32c3fcee1f9e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.0.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer
https://hipcityveg.toast.site/
X-LaunchDarkly-Wrapper
react-client-sdk/3.0.1
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
via
1.1 varnish
date
Wed, 27 Mar 2024 17:16:41 GMT
age
0
x-cache
MISS
content-length
9767
x-served-by
cache-fra-etou8220022-FRA
x-timer
S1711559801.176808,VS0,VE106
etag
"348db"
ld-region
us-east-1
access-control-max-age
300
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0
vary
Accept-Encoding, Authorization
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
x-cache-hits
0
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 27 Mar 2024 17:16:41 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58040
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=7, rtx=0, c=12, mss=1294, tbw=2780, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
nkH7YsaLgh9eHPZ5X9928+2fGL4M1iLdLyX+7cqflGKbtGrmryrDl6OA0rMGgBpjnAbbgiPWlaieUeFMmIMMxA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
maps.googleapis.com/maps/api/ 		232 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyDx-1bQhTqW3DUEPNMTk-yegz1c9YQdzUs&libraries=places,geocoding
Requested by
Host: d28f3w0x9i80nq.cloudfront.net
URL: https://d28f3w0x9i80nq.cloudfront.net/app/public_1711378370.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
839c598cd3754252262cecc9f7d84befcac10dbfede3db0061a2ec2a11c3720b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Accept-Language, Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77682
x-xss-protection
0
graphql
ws-api.toasttab.com/do-federated-gateway/v1/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ws-api.toasttab.com/do-federated-gateway/v1/graphql
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
500425360ad4a7d921a3c00f9bdab3cb62167b71f0f86393643b3a9105bc9436
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
apollographql-client-name
sites-web-client
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
application/json
accept
*/*
Referer
https://hipcityveg.toast.site/
apollographql-client-version
0.0.164
x-graphql-operation
Customer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
etag
W/"6f5-bg82KrDWTTPcap5A6cMi8RgMU7Q"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://hipcityveg.toast.site
access-control-allow-credentials
true
cf-ray
86b1079899d43a8a-FRA
graphql
ws-api.toasttab.com/do-federated-gateway/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws-api.toasttab.com/do-federated-gateway/v1/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
apollographql-client-name,apollographql-client-version,content-type,x-graphql-operation
Access-Control-Request-Method
POST
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
apollographql-client-name,apollographql-client-version,content-type,x-graphql-operation
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://hipcityveg.toast.site
cf-cache-status
DYNAMIC
cf-ray
86b10795ebb59143-FRA
date
Wed, 27 Mar 2024 17:16:41 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin, Access-Control-Request-Headers
x-powered-by
Express
462472248294664
connect.facebook.net/signals/config/ 		65 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/462472248294664?v=2.9.151&r=stable&domain=hipcityveg.toast.site&hme=8ce74e881727851b4427183947937854816d72704925561b9de6420cd43214ee&ex_m=66%2C111%2C98%2C102%2C57%2C3%2C92%2C65%2C15%2C90%2C83%2C48%2C50%2C157%2C160%2C171%2C167%2C168%2C170%2C28%2C93%2C49%2C72%2C169%2C152%2C155%2C164%2C165%2C172%2C120%2C14%2C47%2C176%2C175%2C122%2C17%2C32%2C36%2C1%2C40%2C61%2C62%2C63%2C67%2C87%2C16%2C13%2C89%2C86%2C85%2C99%2C101%2C35%2C100%2C29%2C25%2C153%2C156%2C129%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C53%2C58%2C60%2C70%2C94%2C26%2C71%2C8%2C7%2C75%2C45%2C20%2C96%2C95%2C9%2C19%2C18%2C77%2C82%2C44%2C43%2C81%2C37%2C39%2C80%2C52%2C78%2C31%2C41%2C34%2C69%2C0%2C88%2C4%2C84%2C76%2C79%2C2%2C33%2C59%2C38%2C97%2C42%2C74%2C64%2C103%2C56%2C55%2C30%2C91%2C54%2C51%2C46%2C73%2C68%2C23%2C104
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d96f3687f16ae93a5a39a35f1da412c6f5ded13e0983645730bb4893dc1a5fea
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 27 Mar 2024 17:16:41 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=14, rtx=0, c=56, mss=1294, tbw=63209, tp=-1, tpl=-1, uplat=62, ullat=0
pragma
public
x-fb-debug
32eZvVI2n0ElNE8aP4WkYOC6EsYJngsXwxMwEEhbGHoGScYa3hhqonEhF89n8kuVTXSab7pMF+qqxekjTBVd2A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
eyJrZXkiOiIxY2QxYTE5OC1mNTQwLTRkZGUtYTI0Zi1lNzM1OGEwZGVkNDYifQ
clientstream.launchdarkly.com/eval/59e4bfdd6292ac0ac9174386/ 		72 KB
0 		EventSource
General
Check archive.org
Download Go to
Full URL
https://clientstream.launchdarkly.com/eval/59e4bfdd6292ac0ac9174386/eyJrZXkiOiIxY2QxYTE5OC1mNTQwLTRkZGUtYTI0Zi1lNzM1OGEwZGVkNDYifQ
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.235.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aa1ba9bef7b18c265.awsglobalaccelerator.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept
text/event-stream
Cache-Control
no-cache
Referer
https://hipcityveg.toast.site/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:41 GMT
strict-transport-security
max-age=31536000
ld-region
eu-west-1
access-control-max-age
300
access-control-allow-methods
GET,OPTIONS
content-type
text/event-stream; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-content-length
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Cache-Control,X-Requested-With,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper
/
www.facebook.com/tr/ 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=462472248294664&ev=PageView&dl=https%3A%2F%2Fhipcityveg.toast.site%2F&rl=&if=false&ts=1711559801320&sw=800&sh=600&v=2.9.151&r=stable&ec=0&o=4126&fbp=fb.1.1711559801319.1510230781&cs_est=true&ler=empty&cdl=API_unavailable&it=1711559801236&coo=false&rqm=GET
Requested by
Host: hipcityveg.toast.site
URL: https://hipcityveg.toast.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=7, rtx=0, c=10, mss=1294, tbw=2771, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 27 Mar 2024 17:16:41 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.10 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f10.1e100.net
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://hipcityveg.toast.site
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
common.js
maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/ 		255 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDx-1bQhTqW3DUEPNMTk-yegz1c9YQdzUs&libraries=places,geocoding
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dcbc8ab915e52c51519bbdeddbb0f03f64271724603a19396fc22d11191fb711
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 22:30:53 GMT
content-encoding
br
x-content-type-options
nosniff
age
153948
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56900
x-xss-protection
0
last-modified
Mon, 18 Mar 2024 20:45:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 25 Mar 2025 22:30:53 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/ 		181 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDx-1bQhTqW3DUEPNMTk-yegz1c9YQdzUs&libraries=places,geocoding
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
149a94c6dc9cf86314c0ceb88a77aa5dc17fadcb94610ed4bcd11b3b2f5ad7bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 07:44:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
120725
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57234
x-xss-protection
0
last-modified
Mon, 18 Mar 2024 20:45:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Mar 2025 07:44:36 GMT
geocoder.js
maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/geocoder.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDx-1bQhTqW3DUEPNMTk-yegz1c9YQdzUs&libraries=places,geocoding
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
811b7639412b995fc10d1623bd542358611ba2ad20cb3229c1dd2ddf29e96cbc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 22:30:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
153946
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1824
x-xss-protection
0
last-modified
Mon, 18 Mar 2024 20:45:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 25 Mar 2025 22:30:55 GMT
controls.js
maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/ 		94 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/controls.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDx-1bQhTqW3DUEPNMTk-yegz1c9YQdzUs&libraries=places,geocoding
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
76cc89814f2c5d2c1e73d3da0cfd84736724328cffbfdb8ad7bcf3b87f0602bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 22:30:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
153947
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25252
x-xss-protection
0
last-modified
Mon, 18 Mar 2024 20:45:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 25 Mar 2025 22:30:54 GMT
places_impl.js
maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/ 		55 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/56/5/intl/de_ALL/places_impl.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDx-1bQhTqW3DUEPNMTk-yegz1c9YQdzUs&libraries=places,geocoding
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b7c3b253a7ea408cd105e16e0e9014511105ac3823dfb80aae8a9f50b80e381
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 22:30:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
153945
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18030
x-xss-protection
0
last-modified
Mon, 18 Mar 2024 20:45:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 25 Mar 2025 22:30:56 GMT
httpapi
api2.amplitude.com/2/ 		94 B
309 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.191.245 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-186-191-245.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
d0344a5f406b2f8af68169e0acbde239f43d303aa3f18e5a9fca6214a515c68c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
*/*
Referer
https://hipcityveg.toast.site/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:42 GMT
strict-transport-security
max-age=15768000
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
trace-id
Root=1-6604547a-4a491c6947c507446c283ec9
content-length
94
httpapi
api2.amplitude.com/2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.186.191.245 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-186-191-245.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
*
access-control-max-age
86400
content-length
0
date
Wed, 27 Mar 2024 17:16:42 GMT
strict-transport-security
max-age=15768000
59e4bfdd6292ac0ac9174386
events.launchdarkly.com/events/diagnostic/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/diagnostic/59e4bfdd6292ac0ac9174386
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
107.21.166.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-166-65.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
POST
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-max-age
300
date
Wed, 27 Mar 2024 17:16:42 GMT
strict-transport-security
max-age=31536000
59e4bfdd6292ac0ac9174386
events.launchdarkly.com/events/diagnostic/ 		0
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/diagnostic/59e4bfdd6292ac0ac9174386
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
107.21.166.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-166-65.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.0.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://hipcityveg.toast.site/
X-LaunchDarkly-Wrapper
react-client-sdk/3.0.1
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:42 GMT
strict-transport-security
max-age=31536000
access-control-max-age
300
access-control-allow-methods
POST,OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length
0
favicon.ico
d28f3w0x9i80nq.cloudfront.net/restaurantImages/ff1159c0-5262-4c02-b394-3dadb13bde43/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://d28f3w0x9i80nq.cloudfront.net/restaurantImages/ff1159c0-5262-4c02-b394-3dadb13bde43/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:236e:ba00:17:d7f6:d580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f1c70b4375275b3948ed1c28be73c121415cdd83acc16e8a6756ea2376151498

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://hipcityveg.toast.site/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:43 GMT
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront)
last-modified
Mon, 05 Feb 2024 20:09:19 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
etag
"160083f11979bde98e30fbbc2658f2e0"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/vnd.microsoft.icon
accept-ranges
bytes
content-length
1799
x-amz-cf-id
8ksOtGE8CeeIVEI_fDG1PKvc0y8YPCnanVb6W2YqkO6gdshDtFpeAQ==
graphql
ws-api.toasttab.com/do-federated-gateway/v1/ 		2 KB
782 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ws-api.toasttab.com/do-federated-gateway/v1/graphql
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ca30dd52d71860f6fda639310e42057f7cd7aa0448fe2dd69b75ccc46b80f53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
apollographql-client-name
sites-web-client
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
application/json
accept
*/*
Referer
https://hipcityveg.toast.site/
apollographql-client-version
0.0.164
x-graphql-operation
Customer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
etag
W/"6f5-+e3P7iJUQVGrv/1gJy+/4CIfcpA"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://hipcityveg.toast.site
access-control-allow-credentials
true
cf-ray
86b1079cff183a8a-FRA
graphql
ws-api.toasttab.com/do-federated-gateway/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws-api.toasttab.com/do-federated-gateway/v1/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
apollographql-client-name,apollographql-client-version,content-type,x-graphql-operation
Access-Control-Request-Method
POST
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
apollographql-client-name,apollographql-client-version,content-type,x-graphql-operation
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://hipcityveg.toast.site
cf-cache-status
DYNAMIC
cf-ray
86b1079c0a869143-FRA
date
Wed, 27 Mar 2024 17:16:42 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin, Access-Control-Request-Headers
x-powered-by
Express
59e4bfdd6292ac0ac9174386
events.launchdarkly.com/events/bulk/ 		0
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/bulk/59e4bfdd6292ac0ac9174386
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
107.21.166.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-166-65.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-LaunchDarkly-Payload-ID
c8d94560-ec5d-11ee-b6f3-058aa02382f1
X-LaunchDarkly-Event-Schema
4
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.0.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://hipcityveg.toast.site/
X-LaunchDarkly-Wrapper
react-client-sdk/3.0.1
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:44 GMT
strict-transport-security
max-age=31536000
access-control-max-age
300
access-control-allow-methods
POST,OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length
0
59e4bfdd6292ac0ac9174386
events.launchdarkly.com/events/bulk/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/bulk/59e4bfdd6292ac0ac9174386
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
107.21.166.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-166-65.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
POST
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-max-age
300
date
Wed, 27 Mar 2024 17:16:44 GMT
strict-transport-security
max-age=31536000
59e4bfdd6292ac0ac9174386
events.launchdarkly.com/events/bulk/ 		0
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/bulk/59e4bfdd6292ac0ac9174386
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/us1/v5/datadog-rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
107.21.166.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-166-65.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-LaunchDarkly-Payload-ID
c8d96c70-ec5d-11ee-b6f3-058aa02382f1
X-LaunchDarkly-Event-Schema
4
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.0.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://hipcityveg.toast.site/
X-LaunchDarkly-Wrapper
react-client-sdk/3.0.1
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 17:16:44 GMT
strict-transport-security
max-age=31536000
access-control-max-age
300
access-control-allow-methods
POST,OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length
0
59e4bfdd6292ac0ac9174386
events.launchdarkly.com/events/bulk/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/bulk/59e4bfdd6292ac0ac9174386
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
107.21.166.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-166-65.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
POST
Origin
https://hipcityveg.toast.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-max-age
300
date
Wed, 27 Mar 2024 17:16:44 GMT
strict-transport-security
max-age=31536000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
d28f3w0x9i80nq.cloudfront.net
URL
https://d28f3w0x9i80nq.cloudfront.net/audio/pageturn.wav

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onpagereveal object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| __APOLLO_STATE__ object| __OO_STATE__ object| __TL_STATE__ boolean| __IS_MOBILE__ boolean| __IS_BOT__ string| __REFERRER__ string| __SSR_STATUS__ object| __SSR_ERR_MSG__ object| DD_RUM object| closure_lm_72495 object| webpackChunk_toasttab_toast_sites_web function| setImmediate function| clearImmediate object| regeneratorRuntime object| __SENTRY__ function| _ object| analyticsConnectorInstances function| fbq function| _fbq object| google object| module$exports$mapsapi$geometry$spherical object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView

5 Cookies

Domain/Path Name / Value
hipcityveg.toast.site/ Name: toast-sites-experiment-id
Value: c131c5ab-5a0d-4a0b-b931-9b91f8f966e5
.hipcityveg.toast.site/ Name: __cf_bm
Value: Q7bBpORkYYdwqgw7BJuSX1YPHdSTS2CDXsTj_3YlfCA-1711559799-1.0.1.1-4dpyDb0KrBY18PDxL.4DL8B7E96KgTvSDCcyCKBjI.tLuIntVG_K2OrARCRNVFGtuoc0Q6O8R33sMYvgqxtqpQ
.toast.site/ Name: _fbp
Value: fb.1.1711559801319.1510230781
.ws-api.toasttab.com/ Name: __cf_bm
Value: xMmmr9b7Pu82oV4E26U2jekFWwPwRhs6ldzc4uw2qj4-1711559802-1.0.1.1-MAevZrNUJrZqXyBIsthTKZXMQVu3QmvUMBoZGZSjadiVGGEY73_pHrn2Fk_Wbnx16weYz5jd5FVmXwC_NlNmIg
hipcityveg.toast.site/ Name: _dd_s
Value: rum=0&expire=1711560699885

3 Console Messages

Source Level URL
Text
other warning URL: https://connect.facebook.net/signals/config/462472248294664?v=2.9.151&r=stable&domain=hipcityveg.toast.site&hme=8ce74e881727851b4427183947937854816d72704925561b9de6420cd43214ee&ex_m=66%2C111%2C98%2C102%2C57%2C3%2C92%2C65%2C15%2C90%2C83%2C48%2C50%2C157%2C160%2C171%2C167%2C168%2C170%2C28%2C93%2C49%2C72%2C169%2C152%2C155%2C164%2C165%2C172%2C120%2C14%2C47%2C176%2C175%2C122%2C17%2C32%2C36%2C1%2C40%2C61%2C62%2C63%2C67%2C87%2C16%2C13%2C89%2C86%2C85%2C99%2C101%2C35%2C100%2C29%2C25%2C153%2C156%2C129%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C53%2C58%2C60%2C70%2C94%2C26%2C71%2C8%2C7%2C75%2C45%2C20%2C96%2C95%2C9%2C19%2C18%2C77%2C82%2C44%2C43%2C81%2C37%2C39%2C80%2C52%2C78%2C31%2C41%2C34%2C69%2C0%2C88%2C4%2C84%2C76%2C79%2C2%2C33%2C59%2C38%2C97%2C42%2C74%2C64%2C103%2C56%2C55%2C30%2C91%2C54%2C51%2C46%2C73%2C68%2C23%2C104(Line 107)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://hipcityveg.toast.site/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://hipcityveg.toast.site/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy worker-src 'self' blob:; child-src 'self' blob:; connect-src https://d28f3w0x9i80nq.cloudfront.net/ https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com o37442.ingest.sentry.io https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com http://localhost:36867/consumer-app-bff/v1/graphql http://localhost:36867/do-federated-gateway/v1/graphql https://bff-production.nv5.toast.ventures https://checkoutshopper-live.adyen.com https://www.google.com https://maps.googleapis.com https://www.google-analytics.com https://rs.fullstory.com https://graph.facebook.com/ https://events.launchdarkly.com https://app.launchdarkly.com https://clientstream.launchdarkly.com https://api2.amplitude.com/2/httpapi https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://google.com/ https://pay.google.com/; frame-src https://www.toasttab.com/ https://sites.nv5.toast.ventures https://sites.nv5.toast.ventures https://ws-api.toasttab.com:8443 https://ws-api.toasttab.com https://ws-preprod-api.eng.toasttab.com https://ws-sandbox-api.eng.toasttab.com https://d28f3w0x9i80nq.cloudfront.net/ https://docs.google.com https://www.google.com www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://cdn.userway.org/ https://business.untappd.com https://checkoutshopper-live.adyen.com https://pay.google.com/ https://google.com/; script-src-elem 'unsafe-inline' https://ws-api.toasttab.com:8443 https://d28f3w0x9i80nq.cloudfront.net/ https://browser-intake-datadoghq.com www.datadoghq-browser-agent.com https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ www.toasttab.com https://www.google-analytics.com analytics.google.com *.doubleclick.net *.facebook.net *.hotjar.com wss://*.hotjar.com https://www.facebook.com/signals/iwl.js https://*.paypal.com/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js https://google.com/ https://pay.google.com/; script-src nonce-d680f47ccbed6d0426b09c29afb6d915 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://www.toasttab.com/ https://browser.sentry-cdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://edge.fullstory.com https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/ https://cdnjs.cloudflare.com/ajax/libs/pdf.js/ https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js; style-src-elem 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; style-src 'unsafe-inline' https://d28f3w0x9i80nq.cloudfront.net/ https://unpkg.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net https://*.paypal.com/ https://cdn.equalweb.com/ https://access.equalweb.com/ https://cdn.userway.org/ https://api.userway.org/; media-src https://d28f3w0x9i80nq.cloudfront.net/ https://d1w7312wesee68.cloudfront.net/; img-src * data:; font-src *; default-src nonce-d680f47ccbed6d0426b09c29afb6d915 self https://d28f3w0x9i80nq.cloudfront.net/
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.amplitude.com
app.launchdarkly.com
clientstream.launchdarkly.com
connect.facebook.net
d28f3w0x9i80nq.cloudfront.net
events.launchdarkly.com
hipcityveg.toast.site
maps.googleapis.com
o37442.ingest.sentry.io
p.typekit.net
sites.nv5.toast.ventures
unpkg.com
use.typekit.net
ws-api.toasttab.com
www.datadoghq-browser-agent.com
www.facebook.com
www.google.com
www.gstatic.com
d28f3w0x9i80nq.cloudfront.net
107.21.166.65
13.33.218.24
142.250.186.132
151.101.194.217
157.230.66.5
172.217.18.10
2600:9000:236e:ba00:17:d7f6:d580:93a1
2606:4700:4400::6812:2628
2606:4700:7::a29f:9819
2606:4700::6810:7baf
2a00:1450:4001:80f::2003
2a00:1450:4001:829::200a
2a02:26f0:3500:16::215:148b
2a02:26f0:480:f::213:7ee1
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
3.33.235.18
34.120.195.249
54.186.191.245
047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4
0c97aaa0c7a407c9c55f16b421bf275abd3e3202b6e5a2e37d8b9d23a241c393
0ca30dd52d71860f6fda639310e42057f7cd7aa0448fe2dd69b75ccc46b80f53
0f72b139e2153ed280980870f9a6e9de233f55cdedd3bae8060c7331c3af5909
149a94c6dc9cf86314c0ceb88a77aa5dc17fadcb94610ed4bcd11b3b2f5ad7bd
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
500425360ad4a7d921a3c00f9bdab3cb62167b71f0f86393643b3a9105bc9436
5e463607f7471209135c6c5785da77c2daf8afb971fa6c4cbcf6d737c5116107
5f2f05be23992d6bcc111710018c2aaecca2cb8c1f9fb12b39542bcb62440173
62a9e74bf710eef13b81f56375fc7e24c8b91050fa9ba66a75e9a3f35aece8f5
6d851dc6c840d4cec78e832b8a20831cfddc8882c9d5f11e95b31980f71dfdfc
76cc89814f2c5d2c1e73d3da0cfd84736724328cffbfdb8ad7bcf3b87f0602bc
7f3e37b4785e6917cf5b2fd7a08b268b7224d235f69a247a87e9dc6f2ed4eb36
811b7639412b995fc10d1623bd542358611ba2ad20cb3229c1dd2ddf29e96cbc
839c598cd3754252262cecc9f7d84befcac10dbfede3db0061a2ec2a11c3720b
892cffa8e31fa838ae9ea46e4d5420e15c3c353e61336ba6b068bb5dd5ea2710
94428d5627e6309074da9e92619b776d05e2ff4510c910584daaee9e88296d80
97cf3734d1044a1fe54fba3cf1937b279257bdf859316723e8e32c3fcee1f9e8
9b7073ddddb7e96f6c1e15a13ec04779252081c35a0fc44bed8e3cf5a2aef8fd
9b7c3b253a7ea408cd105e16e0e9014511105ac3823dfb80aae8a9f50b80e381
aa4ddb0e0c3bda5d6e61d56a544a7ff9ea3691eaa5126187daa6ed1875ba93e7
c56685923519b27d80363921455351a366a3ddfeca60fc69c7ad6cd3d1a33bda
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d0344a5f406b2f8af68169e0acbde239f43d303aa3f18e5a9fca6214a515c68c
d96f3687f16ae93a5a39a35f1da412c6f5ded13e0983645730bb4893dc1a5fea
dcbc8ab915e52c51519bbdeddbb0f03f64271724603a19396fc22d11191fb711
ddfe34127ef2cbb5f5ac2a078561fdba8c0b1c827b463b8498a9818b46a09e0a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb9c366ac0be926a85d6faf5093093e07dd9c5cd36e2a0b1931b7c54402a9e51
f1c70b4375275b3948ed1c28be73c121415cdd83acc16e8a6756ea2376151498
f5f33350461e33acb66a5e20a27851499629a8894efa7b075e1eedc41226a2df
f65093c8c7baa512b98a11e2bfb9b7b6f8de764301af7460c1c1609ef56d5a21