urlscan.io logo urlscan.io
SecurityTrails logo

secure.aha.io Open in urlscan Pro
54.84.62.26  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ryeuiloksjkl-llc.aha.io/
Effective URL: https://secure.aha.io/session/new?requested_domain=ryeuiloksjkl-llc
Submission: On September 29 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 54.84.62.26, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is secure.aha.io. The Cisco Umbrella rank of the primary domain is 65252.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on March 8th 2022. Valid for: a year.
This is the only time secure.aha.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 54.86.67.19 14618 (AMAZON-AES)
1 54.84.62.26 14618 (AMAZON-AES)
6 2600:9000:249... 16509 (AMAZON-02)
7 2
Apex Domain
Subdomains		 Transfer
9 aha.io
ryeuiloksjkl-llc.aha.io
secure.aha.io — Cisco Umbrella Rank: 65252
cdn.aha.io — Cisco Umbrella Rank: 79723
2 MB
7 1
Domain Requested by
6 cdn.aha.io secure.aha.io
2 ryeuiloksjkl-llc.aha.io 2 redirects
1 secure.aha.io
7 3

This site contains links to these domains. Also see Links.

Domain
aha.io
www.aha.io
Subject Issuer Validity Valid
*.aha.io
Sectigo RSA Organization Validation Secure Server CA		 2022-03-08 -
2023-04-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://secure.aha.io/session/new?requested_domain=ryeuiloksjkl-llc
Frame ID: 2F0514C25282D79020090D9493CB8429
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in to your workspace | Aha!

Page URL History Show full URLs

  1. https://ryeuiloksjkl-llc.aha.io/ HTTP 302
    https://ryeuiloksjkl-llc.aha.io/session/new HTTP 302
    https://secure.aha.io/session/new?requested_domain=ryeuiloksjkl-llc Page URL

Page Statistics

7
Requests

100 %
HTTPS

33 %
IPv6

1
Domains

3
Subdomains

2
IPs

1
Countries

1859 kB
Transfer

9351 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ryeuiloksjkl-llc.aha.io/ HTTP 302
    https://ryeuiloksjkl-llc.aha.io/session/new HTTP 302
    https://secure.aha.io/session/new?requested_domain=ryeuiloksjkl-llc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request new
secure.aha.io/session/
Redirect Chain
  • https://ryeuiloksjkl-llc.aha.io/
  • https://ryeuiloksjkl-llc.aha.io/session/new
  • https://secure.aha.io/session/new?requested_domain=ryeuiloksjkl-llc
5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.aha.io/session/new?requested_domain=ryeuiloksjkl-llc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.84.62.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-62-26.compute-1.amazonaws.com
Software
openresty /
Resource Hash
9f0dee48bf29e46ec73700f4cc0cd5c29c42e67f344be4b691af628daa27e0b8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://cdn.aha.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://push-iad-prod1.aha.io https://www.google.com https://www.gstatic.com https://js.recurly.com https://player.vimeo.com https://www.google-analytics.com https://www.googleadservices.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://secure.aha.io https://push-iad-prod1.aha.io https://www.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com; connect-src 'self' https://aha.io https://push-iad-prod1.aha.io wss://push-iad-prod1.aha.io https://secure.aha.io https://cdn.aha.io wss://cdn.aha.io https://accounts.google.com https://sentry.io https://rum-http-intake.logs.datadoghq.com https://api.recurly.com https://www.google-analytics.com https://stats.g.doubleclick.net https: https://big.aha.io; frame-src 'self' https://www.aha.io https://player.vimeo.com https://docs.google.com https://api.recurly.com https://big.ideas.aha.io https://big.aha.io https://fast.wistia.net https://*.duosecurity.com https://www.aha.io https://*.ideas.aha.io https://secure.aha.io:443; img-src 'self' data: blob: https: https://aha.io https://secure.aha.io https://cdn.aha.io; font-src 'self' data: https://aha.io https://cdn.aha.io https://fonts.gstatic.com; object-src 'self' https://www.gstatic.com; report-uri /csp_report;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

cache-control
no-store
content-encoding
gzip
content-security-policy
default-src 'self' https://cdn.aha.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://push-iad-prod1.aha.io https://www.google.com https://www.gstatic.com https://js.recurly.com https://player.vimeo.com https://www.google-analytics.com https://www.googleadservices.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://secure.aha.io https://push-iad-prod1.aha.io https://www.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com; connect-src 'self' https://aha.io https://push-iad-prod1.aha.io wss://push-iad-prod1.aha.io https://secure.aha.io https://cdn.aha.io wss://cdn.aha.io https://accounts.google.com https://sentry.io https://rum-http-intake.logs.datadoghq.com https://api.recurly.com https://www.google-analytics.com https://stats.g.doubleclick.net https: https://big.aha.io; frame-src 'self' https://www.aha.io https://player.vimeo.com https://docs.google.com https://api.recurly.com https://big.ideas.aha.io https://big.aha.io https://fast.wistia.net https://*.duosecurity.com https://www.aha.io https://*.ideas.aha.io https://secure.aha.io:443; img-src 'self' data: blob: https: https://aha.io https://secure.aha.io https://cdn.aha.io; font-src 'self' data: https://aha.io https://cdn.aha.io https://fonts.gstatic.com; object-src 'self' https://www.gstatic.com; report-uri /csp_report;
content-type
text/html; charset=utf-8
date
Thu, 29 Sep 2022 10:51:55 GMT
etag
W/"9f0dee48bf29e46ec73700f4cc0cd5c2"
expires
Fri, 01 Jan 1970 00:00:00 GMT
feature-policy
geolocation 'none'; microphone 'none'; payment 'none'
link
<https://cdn.aha.io/assets/application_library_styles-7510676cad3c942a92c954c7dc212eb3.css>; rel=preload; as=style; nopush,<https://cdn.aha.io/assets/application-9bc2b3f2f463ba7b8da9efa4c42b935e.css>; rel=preload; as=style; nopush,<https://cdn.aha.io/assets/runtime-60073e1cd71d92c1ecb4636a736a1f8d.js>; rel=preload; as=script; nopush,<https://cdn.aha.io/assets/vendor-e9929903fc03aff00e60abb07cc4866b.js>; rel=preload; as=script; nopush,<https://cdn.aha.io/assets/external_app-c758c011e2c9dde1780024560a4034ca.js>; rel=preload; as=script; nopush
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=63072000; includeSubdomains;
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
62a94d30-f8bd-4d05-a3ba-b19bd3d6b689
x-robots-tag
noindex,nofollow
x-runtime
0.045209
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-store
content-security-policy
default-src 'self' https://cdn.aha.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://push-iad-prod3.aha.io https://www.google.com https://www.gstatic.com https://js.recurly.com https://player.vimeo.com https://www.google-analytics.com https://www.googleadservices.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://secure.aha.io https://push-iad-prod3.aha.io https://www.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com; connect-src 'self' https://aha.io https://push-iad-prod3.aha.io wss://push-iad-prod3.aha.io https://secure.aha.io https://cdn.aha.io wss://cdn.aha.io https://accounts.google.com https://sentry.io https://rum-http-intake.logs.datadoghq.com https://api.recurly.com https://www.google-analytics.com https://stats.g.doubleclick.net https: https://big.aha.io; frame-src 'self' https://www.aha.io https://player.vimeo.com https://docs.google.com https://api.recurly.com https://big.ideas.aha.io https://big.aha.io https://fast.wistia.net https://www.aha.io https://*.ideas.aha.io https://secure.aha.io:443; img-src 'self' data: blob: https: https://aha.io https://secure.aha.io https://cdn.aha.io; font-src 'self' data: https://aha.io https://cdn.aha.io https://fonts.gstatic.com; object-src 'self' https://www.gstatic.com; report-uri /csp_report;
content-type
text/html; charset=utf-8
date
Thu, 29 Sep 2022 10:51:54 GMT
expires
Fri, 01 Jan 1970 00:00:00 GMT
feature-policy
geolocation 'none'; microphone 'none'; payment 'none'
location
https://secure.aha.io/session/new?requested_domain=ryeuiloksjkl-llc
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
openresty
strict-transport-security
max-age=63072000; includeSubdomains;
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
d1018f66-937e-4fa9-95d4-003f86e9b249
x-runtime
0.031075
x-xss-protection
1; mode=block
application_library_styles-7510676cad3c942a92c954c7dc212eb3.css
cdn.aha.io/assets/ 		1 MB
228 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/application_library_styles-7510676cad3c942a92c954c7dc212eb3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:5400:0:b320:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
168310e97767bd3902e11552dee298e39941b962a0ad66ce822ff64a21408895

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 10:44:57 GMT
content-encoding
gzip
via
1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
last-modified
Tue, 27 Sep 2022 16:20:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P6
age
431
x-amz-server-side-encryption
AES256
etag
W/"7510676cad3c942a92c954c7dc212eb3"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
x-amz-cf-id
Cv3_vUVypr4t5CMrajI3evCA6ssuEdTxpBGIfPUI-lxTMMsdpKXleg==
application-9bc2b3f2f463ba7b8da9efa4c42b935e.css
cdn.aha.io/assets/ 		1 MB
191 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/application-9bc2b3f2f463ba7b8da9efa4c42b935e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:5400:0:b320:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c0b9a1d2570a316426123ba160920c10cdf64b2f5c3882401ca0797ecda5dc03

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 10:43:43 GMT
content-encoding
gzip
via
1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
last-modified
Tue, 27 Sep 2022 16:21:32 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P6
age
530
x-amz-server-side-encryption
AES256
etag
W/"9bc2b3f2f463ba7b8da9efa4c42b935e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
x-amz-cf-id
MJEf0QdCtK7ifIoleU0rIm1H5HTBSQ2Vhj-_zrtyJ2QfZwM76FvCAA==
runtime-60073e1cd71d92c1ecb4636a736a1f8d.js
cdn.aha.io/assets/ 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/runtime-60073e1cd71d92c1ecb4636a736a1f8d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:5400:0:b320:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ce1a0cd9dbb66d8b43e580a1c7c6a3be62c85e4c03fb9210600a4aca08af3bea

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 10:30:57 GMT
content-encoding
gzip
via
1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
last-modified
Wed, 28 Sep 2022 22:19:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P6
age
1273
x-amz-server-side-encryption
AES256
etag
W/"f09fa3d82c95b008e48c38b5f8864333"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
X-iHtrfdpCHRJ_B8DflGzrMK7AZ8tr49OjG7Xr3EpAny5nsKilGWRQ==
vendor-e9929903fc03aff00e60abb07cc4866b.js
cdn.aha.io/assets/ 		7 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/vendor-e9929903fc03aff00e60abb07cc4866b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:5400:0:b320:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b61804f005a09719b9089f262a6abf407f60cc5c9d44a0a63ecc547d7603dea7

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 10:05:09 GMT
content-encoding
gzip
via
1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
last-modified
Tue, 27 Sep 2022 16:21:14 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P6
age
2838
x-amz-server-side-encryption
AES256
etag
W/"761460def3425a1c4c160b9c8491bf15"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
iwX3g0fMXADU-IUGzUIgIizYt0-RuF_Prb2hY0SOGMwF2twV7RU0Ig==
external_app-c758c011e2c9dde1780024560a4034ca.js
cdn.aha.io/assets/ 		148 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.aha.io/assets/external_app-c758c011e2c9dde1780024560a4034ca.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:5400:0:b320:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e0d665e22d2f9bb0ca9ee0f1ba8db7a05040d262dea4b933473981ae1aafa36

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 10:01:35 GMT
content-encoding
gzip
via
1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
last-modified
Tue, 27 Sep 2022 16:20:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P6
age
3183
x-amz-server-side-encryption
AES256
etag
W/"e8f9b16c02b17567417e3545b1f27aa1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
BU-atZv5DkNaHoDI-gVoTWwNmSfgtGpU3ITKa1KEvpCGClLr7-ggUg==
aha-name.62ee9d95d696b758ac372ffe06d1424c.svg
cdn.aha.io/assets/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.aha.io/assets/aha-name.62ee9d95d696b758ac372ffe06d1424c.svg
Requested by
Host: secure.aha.io
URL: https://secure.aha.io/session/new?requested_domain=ryeuiloksjkl-llc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:5400:0:b320:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
65ff708f7649a911c0a3e573a56c50f5ffb51ff1dee3e3e8618d02dfc756fd8c

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://secure.aha.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Thu, 29 Sep 2022 10:43:49 GMT
content-encoding
gzip
via
1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
last-modified
Tue, 27 Sep 2022 16:20:41 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P6
age
509
x-amz-server-side-encryption
AES256
etag
W/"62ee9d95d696b758ac372ffe06d1424c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
x-amz-cf-id
Jud05SuqqCci98QV7skbRzAfZKmupSWZKnY26QzSTvcrFnb9Y_LeJA==

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| sentryRelease object| webpackChunkaha_app object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| $ function| jQuery function| moment object| __SENTRY__ object| Duo function| require object| Configatron

2 Cookies

Domain/Path Name / Value
ryeuiloksjkl-llc.aha.io/ Name: _aha_app_2
Value: 0EXwe%2F29Y9seednQNg%2FtAerGk9nsaJTnN1cp1mYMgfnt2O3YW7zLEtQ4k2Bl00EXTnwpnN31YbcMOynBjy1D0GLjrdhmvIVDcy1wd3eeEL532ML9Y0hSfoxwu7eFYqRz19bhrJagh%2BpcAQkdHHSEWdocUyEaWWrJ0Ja27TnT5eRhmQ%3D%3D--o82o0oGTnC733Lqm--%2BNk4k9%2BI9uYSZdWpOBCtXg%3D%3D
secure.aha.io/ Name: _aha_app_2
Value: GrShI6R3YGRSsiV%2BXKb%2F2cLBTuo3h1S%2Fdj%2BmxH2FOBmdSRKLzQrnbBhtuvB5PzPw7eBYWu2Yc81ZAjo6hjz7NsUrFXj5FzehqpdeIP1lqK9THVRIlt0Dq8BHv3dOK0zXm0TtwAimBtjksronpMmXz7yeyQpBEAK2RzeMTRipwdod9c0VtMBGmLAcRCGsf4zBD%2BU6RIR8q658d0W%2B%2BxxrIgJpms9MWhawW2JMtJTUSnYC08Bb3fWkehlp82d244ViKhpwJZZ1brfzFrXvQwJvc79F--fjy9H7Atj1EDSx%2Bo--lxs9bX4hqsgU%2B7G0sncJpg%3D%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://cdn.aha.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://push-iad-prod1.aha.io https://www.google.com https://www.gstatic.com https://js.recurly.com https://player.vimeo.com https://www.google-analytics.com https://www.googleadservices.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.aha.io https://aha.io https://secure.aha.io https://push-iad-prod1.aha.io https://www.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.gstatic.com; connect-src 'self' https://aha.io https://push-iad-prod1.aha.io wss://push-iad-prod1.aha.io https://secure.aha.io https://cdn.aha.io wss://cdn.aha.io https://accounts.google.com https://sentry.io https://rum-http-intake.logs.datadoghq.com https://api.recurly.com https://www.google-analytics.com https://stats.g.doubleclick.net https: https://big.aha.io; frame-src 'self' https://www.aha.io https://player.vimeo.com https://docs.google.com https://api.recurly.com https://big.ideas.aha.io https://big.aha.io https://fast.wistia.net https://*.duosecurity.com https://www.aha.io https://*.ideas.aha.io https://secure.aha.io:443; img-src 'self' data: blob: https: https://aha.io https://secure.aha.io https://cdn.aha.io; font-src 'self' data: https://aha.io https://cdn.aha.io https://fonts.gstatic.com; object-src 'self' https://www.gstatic.com; report-uri /csp_report;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block