urlscan.io logo urlscan.io
SecurityTrails logo

account.protonvpn.com Open in urlscan Pro
185.159.159.143  Public Scan

Go To Rescan Add Verdict Report
URL: https://account.protonvpn.com/favicon.ico
Submission: On November 01 via api from LU — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 185.159.159.143, located in Switzerland and belongs to PROTONVPN, CH. The main domain is account.protonvpn.com. The Cisco Umbrella rank of the primary domain is 448119.
TLS certificate: Issued by R3 on September 16th 2023. Valid for: 3 months.
This is the only time account.protonvpn.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 185.159.159.143 209103 (PROTONVPN)
2 185.159.159.145 209103 (PROTONVPN)
19 3
Apex Domain
Subdomains		 Transfer
19 protonvpn.com
account.protonvpn.com — Cisco Umbrella Rank: 448119
account-api.protonvpn.com
1 MB
19 1
Domain Requested by
17 account.protonvpn.com account.protonvpn.com
2 account-api.protonvpn.com account.protonvpn.com
19 2

This site contains links to these domains. Also see Links.

Domain
protonvpn.com
Subject Issuer Validity Valid
protonmail.com
R3		 2023-09-16 -
2023-12-15		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://account.protonvpn.com/favicon.ico
Frame ID: FDC68A29D60A1DB3346A057DD4BD7BAC
Requests: 18 HTTP requests in this frame

Frame: https://account-api.protonvpn.com/challenge/v4/html?Type=0&Name=unauth
Frame ID: 3FD0E5F62AF010B9AE181948C9C2532F
Requests: 1 HTTP requests in this frame

Frame: https://account-api.protonvpn.com/challenge/v4/html?Type=0&Name=login
Frame ID: FD94056D39BFFE0336521DFB291CE15A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Proton VPN: Sign-inProtonProton MailProton CalendarProton DriveProton VPNProton Pass

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

1475 kB
Transfer

5155 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request favicon.ico
account.protonvpn.com/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
7b63b2bfb18e78bbc40bf30eed7bbdafb1623133f36520209b114b267bae7408
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://account.protonvpn.com/favicon.ico

Response headers

accept-ranges
bytes
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
1765
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
content-type
text/html; charset=UTF-8
date
Wed, 01 Nov 2023 08:49:28 GMT
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
expires
Wed, 11 Jan 1984 05:00:00 GMT
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
pragma
no-cache
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
deny
x-permitted-cross-domain-policies
none
x-xss-protection
0
index.010ef3d0.css
account.protonvpn.com/assets/ 		283 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/index.010ef3d0.css?v=5.0.56.0
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
04866c48b555635d33202b92b5e0c55c64e38249720246c0e6698222c9225d9a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
44270
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
etag
"46a73-608a5ae68e540-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
text/css
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
runtime.9e01b279.js
account.protonvpn.com/assets/ 		25 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/runtime.9e01b279.js?v=5.0.56.0
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
bef7826e9019684c0a48d54e79b8e2b63aa20195d74d3c1e047013c242152ab1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13207
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
etag
"653b-608a5ae68e540-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
pre.269855ba.js
account.protonvpn.com/assets/ 		892 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/pre.269855ba.js?v=5.0.56.0
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
35e32ce3e2468f3df6ac6d456e972039dfac9ff2a527a0dbc9812ab8bc777ed1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
484
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
etag
"37c-608a5ae68e540-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
index.e5aa94d6.js
account.protonvpn.com/assets/ 		3 MB
745 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/index.e5aa94d6.js?v=5.0.56.0
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
450c8f5e8945d2822c87d83378f6995f34a4132e9660da54f2ea1c37305213c9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
etag
"33664c-608a5ae68e540-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
unsupported.923056bc.js
account.protonvpn.com/assets/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/unsupported.923056bc.js?v=5.0.56.0
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
5e21bb21d3ff7bc49004d7b2404a60773759a9798de30ab5ae3d79058e0f15a7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3360
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
etag
"1fb4-608a5ae68e540-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cfdbcf80c99a2666e810de78f93932251c3a30ddec9bec29d5087bd7047af31

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

Content-Type
image/svg+xml
Inter-roman-var.ba4caefcdf5b36b438db.woff2
account.protonvpn.com/assets/ 		222 KB
223 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/Inter-roman-var.ba4caefcdf5b36b438db.woff2?v=5.0.56.0
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.010ef3d0.css?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:29 GMT
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
content-length
227180
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
etag
"3776c-608a5ae68e540"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
x-frame-options
deny
content-type
font/woff2
access-control-allow-origin
https://account.protonvpn.com
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
en-US.b22d5ba2.chunk.js
account.protonvpn.com/assets/date-fns/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/date-fns/en-US.b22d5ba2.chunk.js?v=5.0.56.0
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/runtime.9e01b279.js?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
e0ab082ebf69c2732ac43e9831cc202f03b5fa28edf5724135f3b48f0e235fb5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2642
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
etag
"239d-608a5ae68e540-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
crypto-worker.3971b89e.chunk.js
account.protonvpn.com/assets/ 		534 KB
170 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/crypto-worker.3971b89e.chunk.js?v=5.0.56.0
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
7d50284bd09048587677840be35681f31b7dc1f3cb68495f1245962149ac3e4f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
etag
"856da-608a5ae68e540-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
crypto-worker.3971b89e.chunk.js
account.protonvpn.com/assets/ 		534 KB
170 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/crypto-worker.3971b89e.chunk.js?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
7d50284bd09048587677840be35681f31b7dc1f3cb68495f1245962149ac3e4f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
etag
"856da-608a5ae68e540-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
html
account-api.protonvpn.com/challenge/v4/ Frame 3FD0 		119 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account-api.protonvpn.com/challenge/v4/html?Type=0&Name=unauth
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.e5aa94d6.js?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.145 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
23e6a425e5cfffe7a85af7038c3937530107ba64e8fc24afedb906c4fe644fc5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZUIRGV8C7OS9cTnFB8iyoQAAAV0' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; font-src 'self' https://account.protonvpn.com data:; img-src http: https: data: blob: cid:; frame-src https:; connect-src https: wss:; media-src https:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://account.protonvpn.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://account.protonvpn.com/favicon.ico

Response headers

access
application/vnd.protonmail.api+json;apiversion=4
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
content-encoding
gzip
content-length
42996
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZUIRGV8C7OS9cTnFB8iyoQAAAV0' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; font-src 'self' https://account.protonvpn.com data:; img-src http: https: data: blob: cid:; frame-src https:; connect-src https: wss:; media-src https:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://account.protonvpn.com;
content-type
text/html; charset=UTF-8
date
Wed, 01 Nov 2023 08:49:29 GMT
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
expires
Fri, 04 May 1984 22:15:00 GMT
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
0
sessions
account.protonvpn.com/api/auth/v4/ 		198 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/auth/v4/sessions
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.e5aa94d6.js?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
ec2ff5fa374459c073a15fbc6f4bc6916135a75a2e1600081feacbe02de74476
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
x-pm-locale
en_US
Content-Type
application/json
accept
application/vnd.protonmail.v1+json
x-enforce-unauthsession
true
Referer
https://account.protonvpn.com/favicon.ico
x-pm-appversion
web-vpn-settings@5.0.56.0

Response headers

date
Wed, 01 Nov 2023 08:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=4
content-length
185
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
access-control-allow-origin
https://account.protonvpn.com
access-control-expose-headers
Date, Retry-After
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
access-control-allow-credentials
true
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
expires
Fri, 04 May 1984 22:15:00 GMT
cookies
account.protonvpn.com/api/core/v4/auth/ 		66 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/core/v4/auth/cookies
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.e5aa94d6.js?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
ade86e87eaa46a2e716c4154fafe182088102d1fa9b5df0964c6d9f4de9cfab5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
Authorization
Bearer loxglsvlx642tenl3ee4pw2j7lzegij7
x-pm-locale
en_US
x-pm-uid
cltvp5ekqrn76j2nyuhb4kbuc3ixf2x2
Content-Type
application/json
accept
application/vnd.protonmail.v1+json
Referer
https://account.protonvpn.com/favicon.ico
x-pm-appversion
web-vpn-settings@5.0.56.0

Response headers

date
Wed, 01 Nov 2023 08:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=4
content-length
84
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
access-control-allow-origin
https://account.protonvpn.com
access-control-expose-headers
Date, Retry-After
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
access-control-allow-credentials
true
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
expires
Fri, 04 May 1984 22:15:00 GMT
html
account-api.protonvpn.com/challenge/v4/ Frame FD94 		120 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account-api.protonvpn.com/challenge/v4/html?Type=0&Name=login
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.e5aa94d6.js?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.145 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
8e6e51ad13a712e9d3709a217b53a1ef58dc960cc531d9e3180826a5b43dad1c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZUIRGqjYwNk2uxzLseCjgwAABo8' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; font-src 'self' https://account.protonvpn.com data:; img-src http: https: data: blob: cid:; frame-src https:; connect-src https: wss:; media-src https:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://account.protonvpn.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://account.protonvpn.com/favicon.ico

Response headers

access
application/vnd.protonmail.api+json;apiversion=4
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
content-encoding
gzip
content-length
43078
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZUIRGqjYwNk2uxzLseCjgwAABo8' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; font-src 'self' https://account.protonvpn.com data:; img-src http: https: data: blob: cid:; frame-src https:; connect-src https: wss:; media-src https:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://account.protonvpn.com;
content-type
text/html; charset=UTF-8
date
Wed, 01 Nov 2023 08:49:30 GMT
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
expires
Fri, 04 May 1984 22:15:00 GMT
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
0
host.png
account.protonvpn.com/assets/ 		42 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.protonvpn.com/assets/host.png
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.010ef3d0.css?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:30 GMT
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
referrer-policy
strict-origin-when-cross-origin
x-permitted-cross-domain-policies
none
etag
"2a-608a5ae68e540"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
x-frame-options
deny
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
content-type
image/png
accept-ranges
bytes
content-length
42
x-xss-protection
0
%68%6f%73%74.%70%6e%67
account.protonvpn.com/%61%73%73%65%74%73/ 		42 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.protonvpn.com/%61%73%73%65%74%73/%68%6f%73%74.%70%6e%67
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.010ef3d0.css?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 08:49:30 GMT
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Thu, 26 Oct 2023 21:59:09 GMT
referrer-policy
strict-origin-when-cross-origin
x-permitted-cross-domain-policies
none
etag
"2a-608a5ae68e540"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
x-frame-options
deny
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
content-type
image/png
accept-ranges
bytes
content-length
42
x-xss-protection
0
frontend
account.protonvpn.com/api/feature/v2/ 		835 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/feature/v2/frontend?sessionId=784017307&appName=-&environment=default
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.e5aa94d6.js?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
bd209728e37903c010d4ac86150ea6b20518984c18bdaa5b9b5b4c15f30e18e4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
Authorization
-
x-pm-locale
en_US
x-pm-uid
cltvp5ekqrn76j2nyuhb4kbuc3ixf2x2
Content-Type
application/json
accept
application/vnd.protonmail.v1+json, application/json
Referer
https://account.protonvpn.com/favicon.ico
If-None-Match
x-pm-appversion
web-vpn-settings@5.0.56.0

Response headers

date
Wed, 01 Nov 2023 08:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=2
content-length
204
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
expires
Fri, 04 May 1984 22:15:00 GMT
features
account.protonvpn.com/api/core/v4/ 		290 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/core/v4/features?Code=TrustedDeviceRecovery%2CKeyTransparencyWebAccount&Limit=2
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.e5aa94d6.js?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
ef77bbd5c5f0ced4daa173f798ac735d93d4e8d80b26bb5604328b72e58b3be5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept
application/vnd.protonmail.v1+json
Referer
https://account.protonvpn.com/favicon.ico
accept-language
de-CH,de;q=0.9
x-pm-appversion
web-vpn-settings@5.0.56.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
x-pm-locale
en_US
x-pm-uid
cltvp5ekqrn76j2nyuhb4kbuc3ixf2x2

Response headers

date
Wed, 01 Nov 2023 08:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=4
content-length
187
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
expires
Fri, 04 May 1984 22:15:00 GMT
available
account.protonvpn.com/api/domains/ 		54 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/domains/available?Type=login
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.e5aa94d6.js?v=5.0.56.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
3ba9fce180e0a7fe534adb72b6fc0240bbf47de8eebc5daaf4b66eeca712a434
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept
application/vnd.protonmail.v1+json
Referer
https://account.protonvpn.com/favicon.ico
accept-language
de-CH,de;q=0.9
x-pm-appversion
web-vpn-settings@5.0.56.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
x-pm-locale
en_US
x-pm-uid
cltvp5ekqrn76j2nyuhb4kbuc3ixf2x2

Response headers

date
Wed, 01 Nov 2023 08:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=3
content-length
67
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
expires
Fri, 04 May 1984 22:15:00 GMT

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture object| webpackChunkproton_vpn_settings object| SENTRY_RELEASE function| clearImmediate function| setImmediate object| __SENTRY__ number| protonSupportedBrowser

6 Cookies

Domain/Path Name / Value
account.protonvpn.com/api/auth/refresh Name: REFRESH-cltvp5ekqrn76j2nyuhb4kbuc3ixf2x2
Value: %7B%22ResponseType%22%3A%22token%22%2C%22ClientID%22%3A%22WebVPNSettings%22%2C%22GrantType%22%3A%22refresh_token%22%2C%22RefreshToken%22%3A%22bm6hw3d3i2cesbuy2q4bogo7porvguwn%22%2C%22UID%22%3A%22cltvp5ekqrn76j2nyuhb4kbuc3ixf2x2%22%2C%22RedirectURI%22%3A%22https%3A%5C%2F%5C%2Fmail.proton.me%22%7D
account.protonvpn.com/api/ Name: AUTH-cltvp5ekqrn76j2nyuhb4kbuc3ixf2x2
Value: hwhbozkpzwh6c7ojhvdwkxp7o263rud7
.protonvpn.com/ Name: Session-Id
Value: ZUIRGO5-sXjAa0ewYW6mOwAAANc
account.protonvpn.com/ Name: Tag
Value: default
account.protonvpn.com/ Name: Domain
Value: protonvpn.com
account-api.protonvpn.com/ Name: Tag
Value: vpn-a

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0