hackerone.com Open in urlscan Pro
2606:4700:4400::6812:24d6 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hackerone.com/reports/1033423
Submission: On March 12 via manual (March 12th 2024, 8:52:18 am UTC) from KE — Scanned from DE

Summary HTTP 43 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 43 HTTP transactions. The main IP is 2606:4700:4400::6812:24d6, located in United States and belongs to CLOUDFLARENET, US. The main domain is hackerone.com. The Cisco Umbrella rank of the primary domain is 113547.
TLS certificate: Issued by DigiCert EV RSA CA G2 on February 23rd 2024. Valid for: a year.

This is the only time hackerone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	2606:4700:440... 2606:4700:4400::6812:24d6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:1f18:24e... 2600:1f18:24e6:b902:ea3e:a4c8:1f02:565f	14618 (AMAZON-AES) (AMAZON-AES)
4	3.5.86.146 3.5.86.146	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:21f... 2600:9000:21f3:5c00:4:4c7d:87c0:93a1	16509 (AMAZON-02) (AMAZON-02)
43	5

31 2606:4700:4400::6812:24d6 (United States)

ASN13335 (CLOUDFLARENET, US)

hackerone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:24e6:b902:ea3e:a4c8:1f02:565f (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rum.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.5.86.146 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com

hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21f3:5c00:4:4c7d:87c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

profile-photos.hackerone-user-content.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	hackerone.com hackerone.com — Cisco Umbrella Rank: 113547	3 MB
4	amazonaws.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com — Cisco Umbrella Rank: 808314	6 KB
3	hackerone-user-content.com profile-photos.hackerone-user-content.com — Cisco Umbrella Rank: 827976	10 KB
3	browser-intake-datadoghq.com rum.browser-intake-datadoghq.com — Cisco Umbrella Rank: 2428	1 KB
43	4

	Domain	Requested by
31	hackerone.com	hackerone.com
4	hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
3	profile-photos.hackerone-user-content.com
3	rum.browser-intake-datadoghq.com	hackerone.com
43	4

This site contains links to these domains. Also see Links.

Domain
www.hackerone.com
www.facebook.com
twitter.com
www.linkedin.com
news.ycombinator.com
www.reddit.com
docs.hackerone.com
weblate.ucs.ru
www.troyhunt.com
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com

Subject Issuer	Validity	Valid
hackerone.com DigiCert EV RSA CA G2	`2024-02-23` - `2025-03-11`	a year	crt.sh
*.browser-intake-datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-17` - `2024-06-18`	a year	crt.sh
*.s3-us-west-2.amazonaws.com Amazon RSA 2048 M01	`2024-01-23` - `2024-12-31`	a year	crt.sh
profile-photos.hackerone-user-content.com Amazon RSA 2048 M01	`2023-04-16` - `2024-05-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hackerone.com/reports/1033423
Frame ID: A75F5EDF182F9453C35E5FD5518ADBD2
Requests: 56 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mail.ru | Report #1033423 - Django Debug=True Leaks admin email addresss and serval system information | HackerOneMenuMenuMenuMenuMenuMenuMenuMenu

Page Statistics

43
Requests

95 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

3143 kB
Transfer

11417 kB
Size

6
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hackerone.com/
Title: Learn more about HackerOne

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fhackerone.com%2Freports%2F1033423

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fhackerone.com%2Freports%2F1033423&text=Django%20Debug%3DTrue%20Leaks%20admin%20email%20addresss%20and%20serval%20system%20information%20

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https%3A%2F%2Fhackerone.com%2Freports%2F1033423

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fhackerone.com%2Freports%2F1033423&t=Django%20Debug%3DTrue%20Leaks%20admin%20email%20addresss%20and%20serval%20system%20information%20

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fhackerone.com%2Freports%2F1033423&title=Django%20Debug%3DTrue%20Leaks%20admin%20email%20addresss%20and%20serval%20system%20information%20

Search URL Search Domain Scan URL

URL: https://docs.hackerone.com/hackers/id-verification.html

Search URL Search Domain Scan URL

URL: https://weblate.ucs.ru/
Title: https://weblate.ucs.ru

Search URL Search Domain Scan URL

URL: https://weblate.ucs.ru/widgets/platformx/-/svg-badge.svg
Title: https://weblate.ucs.ru/widgets/platformx/-/svg-badge.svg

Search URL Search Domain Scan URL

URL: https://www.troyhunt.com/graphic-demonstration-of-information/
Title: https://www.troyhunt.com/graphic-demonstration-of-information/

Search URL Search Domain Scan URL

URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/db7Umd2czNcVy5n7NppFzRDY?response-content-disposition=attachment%3B%20filename%3D%22Screenshot_2020-11-13_11-44-49.png%22%3B%20filename%2A%3DUTF-8%27%27Screenshot_2020-11-13_11-44-49.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ2B3KFEZQ%2F20240312%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240312T085212Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDgaCXVzLXdlc3QtMiJGMEQCIE0jyOjF3sNTtkRkG6RVkPKEtg9TIWMFhcw8C1fPIctcAiBATiMpfkasozEjeRoClPlbs0GFtRhzF9XSRE2%2B0FGLlCqyBQhBEAMaDDAxMzYxOTI3NDg0OSIMUFAieu3XdXf1BNeZKo8Fm1cYu53nKWTPrl8W00sYUfeJrCmNCxlYmACyv2Cynahd4jiej5Ko8kpMuE60D%2BzBJlFO%2Bj1bNk%2B5IbuaeDSNSgiOc5pn22zPHv84oX3W10HAZoqsPM8bgnXMnWwK9PVA0tHY1yt93JTHls4qz0zyBi3zP%2FPMFX8eUDLxXToi%2BWhUYpQQIffPscOH7MP9phHPjmQinNDQintFox18NdVJzu7Vzs8rQm%2Bqi8LGN8sorqf6V%2BvIPGweWF52SZGgm8WnHJgNLkBECfULn8SErJq%2BeirdUv50YWQeCAvtLubQnFjqKJ2V15LxuxiAjppWAdt0P5o%2Fa3ukdDb8%2FU9kQDgABDQyvBO62EE4kh9W%2B%2FvBXZ0D%2BVHrX%2FlRTxMPlCVdlOAsYJzqqQ35KI%2FIACw25jvDFVRylnVL%2B64RvhlEtM%2BdxHM82kKUw6cB%2Bh9nF7%2BSqVz53TnyEysAKJJwnAKHm0SjjFUGZyUXfzZkkbYhtqzDjGgPH1vQUBIBM2chHR2UCazrdGli0QdN1cFJlNzzZHFYUDod8SqYy%2FizC%2F1Jgf7XowlyHW%2BRfuRjnKGbTH%2BE7qhf4UZRnWGZ7ajcSqb%2BiTRgC1vbFioFzOGGNM8zemMzN%2BkhKMVF7sxsupERc%2FBi3kSpwOey2MhVoWZT%2FftRaeflu%2BPDEZKDgLdgoLwhk%2BFiEDJyRocgmzS54DWVpXol%2BWEV3tucokBrK23jr9WHy4gO7WlKUadNrTpOCTYDZU6q84e%2F%2FR12WzcHxTQ0aRysdmvHik2T5cP8jftZHhOOVeQsgVxBGiqco6kaaevge2OY2OkVDDmHXag2rG0aLH6qiUUhnaYEirST97xKCqHBeUV5Wnc3ewfqNv7R4KDqKeYVwjDckMCvBjqyAaIaOXQnMDfCj0PVcQgbQyaqckPDKelCgoogh8UU6MDp%2F1V00mPeXztVbhKF9fmidtbCNvdgjFxECZ9CQCDiqUd0cbrRb4UaY16I0r8DamX3k999PbwCjKIw2%2Fz6fet%2B3GUihGs6JqWMTq%2BdaP8NbCRev%2BRucIXZ6ZUS2KJgohjR21kffMr2srtnyZ7DYpTPOdQFxlmxeMr8uQmr63gb9fpeiGXl2IF1%2B6EDwwcGPVld5C8%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=3f07b773fd5b88e2c76afad64fb8fc40d717e477d4bd6fac58250d6c4a795cc3
Title: Screenshot_2020-11-13_11-44-49.png

Search URL Search Domain Scan URL

URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/oEUfSvh2P9gV3oVMpsi2oFtM?response-content-disposition=attachment%3B%20filename%3D%22Screenshot_2020-11-13_11-42-18.png%22%3B%20filename%2A%3DUTF-8%27%27Screenshot_2020-11-13_11-42-18.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ2B3KFEZQ%2F20240312%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240312T085212Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDgaCXVzLXdlc3QtMiJGMEQCIE0jyOjF3sNTtkRkG6RVkPKEtg9TIWMFhcw8C1fPIctcAiBATiMpfkasozEjeRoClPlbs0GFtRhzF9XSRE2%2B0FGLlCqyBQhBEAMaDDAxMzYxOTI3NDg0OSIMUFAieu3XdXf1BNeZKo8Fm1cYu53nKWTPrl8W00sYUfeJrCmNCxlYmACyv2Cynahd4jiej5Ko8kpMuE60D%2BzBJlFO%2Bj1bNk%2B5IbuaeDSNSgiOc5pn22zPHv84oX3W10HAZoqsPM8bgnXMnWwK9PVA0tHY1yt93JTHls4qz0zyBi3zP%2FPMFX8eUDLxXToi%2BWhUYpQQIffPscOH7MP9phHPjmQinNDQintFox18NdVJzu7Vzs8rQm%2Bqi8LGN8sorqf6V%2BvIPGweWF52SZGgm8WnHJgNLkBECfULn8SErJq%2BeirdUv50YWQeCAvtLubQnFjqKJ2V15LxuxiAjppWAdt0P5o%2Fa3ukdDb8%2FU9kQDgABDQyvBO62EE4kh9W%2B%2FvBXZ0D%2BVHrX%2FlRTxMPlCVdlOAsYJzqqQ35KI%2FIACw25jvDFVRylnVL%2B64RvhlEtM%2BdxHM82kKUw6cB%2Bh9nF7%2BSqVz53TnyEysAKJJwnAKHm0SjjFUGZyUXfzZkkbYhtqzDjGgPH1vQUBIBM2chHR2UCazrdGli0QdN1cFJlNzzZHFYUDod8SqYy%2FizC%2F1Jgf7XowlyHW%2BRfuRjnKGbTH%2BE7qhf4UZRnWGZ7ajcSqb%2BiTRgC1vbFioFzOGGNM8zemMzN%2BkhKMVF7sxsupERc%2FBi3kSpwOey2MhVoWZT%2FftRaeflu%2BPDEZKDgLdgoLwhk%2BFiEDJyRocgmzS54DWVpXol%2BWEV3tucokBrK23jr9WHy4gO7WlKUadNrTpOCTYDZU6q84e%2F%2FR12WzcHxTQ0aRysdmvHik2T5cP8jftZHhOOVeQsgVxBGiqco6kaaevge2OY2OkVDDmHXag2rG0aLH6qiUUhnaYEirST97xKCqHBeUV5Wnc3ewfqNv7R4KDqKeYVwjDckMCvBjqyAaIaOXQnMDfCj0PVcQgbQyaqckPDKelCgoogh8UU6MDp%2F1V00mPeXztVbhKF9fmidtbCNvdgjFxECZ9CQCDiqUd0cbrRb4UaY16I0r8DamX3k999PbwCjKIw2%2Fz6fet%2B3GUihGs6JqWMTq%2BdaP8NbCRev%2BRucIXZ6ZUS2KJgohjR21kffMr2srtnyZ7DYpTPOdQFxlmxeMr8uQmr63gb9fpeiGXl2IF1%2B6EDwwcGPVld5C8%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=3950db5bf1e42cfd12a22a84d964f1b5012b891f00e8a9d6b3d1598cc49c5259
Title: Screenshot_2020-11-13_11-42-18.png

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 1033423 Show response
hackerone.com/reports/ 4 KB
4 KB 304ms
266ms Document
text/html 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/1033423

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

857c2b0d18bffeff9ea0a26c51fd2112b1dcc06405f078e78945c0d69c948836

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com 'nonce-rXGiXBq7FouVVfN1c+O+sSndTwTFE1/4UBeg+fL1Bkw=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
cf-cache-status: DYNAMIC
cf-ray: 86328be6f88f1da8-FRA
content-disposition: inline; filename="response.html"
content-encoding: br
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com 'nonce-rXGiXBq7FouVVfN1c+O+sSndTwTFE1/4UBeg+fL1Bkw=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 08:52:09 GMT
etag: W/"857c2b0d18bffeff9ea0a26c51fd2112"
expect-ct: enforce, max-age=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
user-authenticated: false
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-request-id: 3b1eccf5-29d2-430e-8ba0-406f9710c88e
x-xss-protection: 1; mode=block

GET
H2 200 main_css-BaHDxWAO.css
hackerone.com/assets/static/ 456 KB
74 KB 30ms
29ms Stylesheet
text/css 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/main_css-BaHDxWAO.css

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1033423

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91788bd8a49c497b2f6aa68ecd97543895659618dedacd3c57fa159152cdcb03

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1033423
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 930677
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 01 Mar 2024 14:17:21 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328be8aad11da8-FRA
expires: Fri, 12 Apr 2024 08:52:09 GMT

GET
H2 200 main_js-7OCSBTjc.css
hackerone.com/assets/static/ 146 KB
20 KB 50ms
49ms Stylesheet
text/css 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/main_js-7OCSBTjc.css

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1033423

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98a99311aa2a2e0e12a0285da336f733103e650c8c509c58d54637ff4671ddf9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1033423
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 546953
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Mar 2024 00:52:29 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328be8aad31da8-FRA
expires: Fri, 12 Apr 2024 08:52:09 GMT

GET
H2 200 constants-11b7e7f6b9294280fcd1c7eb0a95185e62d0963117ca7783efff386b4cbf80a7.js Show response
hackerone.com/assets/ 96 KB
26 KB 37ms
36ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/constants-11b7e7f6b9294280fcd1c7eb0a95185e62d0963117ca7783efff386b4cbf80a7.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1033423

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba557e77d51e07bac81ad4ac51572e45862953f16f099b858d8a93bde2d85903

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1033423
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 207
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Mar 2024 08:42:33 GMT
server: cloudflare
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328be8aad61da8-FRA
expires: Fri, 12 Apr 2024 08:52:09 GMT

GET
H2 200 main_js-1q_CLMfC.js Show response
hackerone.com/assets/static/ 2 MB
476 KB 32ms
32ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/main_js-1q_CLMfC.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1033423

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73afc2f0f236ae6556c84d2e6e369752bfbe4b8f1d708e946d766631d1b21acc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/reports/1033423
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 40650
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 21:26:43 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328be8aad91da8-FRA
expires: Fri, 12 Apr 2024 08:52:09 GMT

GET
H2 200 vendor-oo1gpDIC.js Show response
hackerone.com/assets/static/ 8 MB
2 MB 63ms
62ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/reports/1033423

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a291019e91165836da18d24725906c50fab2635b3d00e2c67984f276ff2dec80

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/main_js-1q_CLMfC.js
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 80720
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 10:25:14 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328be99bf01da8-FRA
expires: Fri, 12 Apr 2024 08:52:09 GMT

GET
H2 200 gates Show response
hackerone.com/ 2 B
2 KB 378ms
377ms XHR
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/gates

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackerone.com/reports/1033423
X-CSRF-Token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response.json"
x-xss-protection: 1; mode=block
x-request-id: c93ae2f3-0e27-4eea-82c1-3e992d2ce98a
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"44136fa355b3678a1146ad16f7e8649e"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf0cd8b1da8-FRA

POST
H2 200 graphql Show response
hackerone.com/ 20 B
832 B 231ms
230ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88ecf92326f1ff8da3d81eb38e1a84528de5661b7ec30b895ba82c43118380af

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type: application/json
x-product-feature: other
accept: */*
x-product-area: other
Referer: https://hackerone.com/reports/1033423

Response headers

date: Tue, 12 Mar 2024 08:52:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 4daccef3-73ca-4334-8ca4-16ae328087f9
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"88ecf92326f1ff8da3d81eb38e1a8452"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf358d31da8-FRA

POST
H2 200 graphql Show response
hackerone.com/ 22 KB
3 KB 375ms
375ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

282426ddfa10468debb6f87bcb34b324849871961bdf24a903cb604d3bc12985

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type: application/json
x-product-feature: other
accept: */*
x-product-area: other
Referer: https://hackerone.com/reports/1033423

Response headers

date: Tue, 12 Mar 2024 08:52:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 30d716af-e48b-4d37-bec9-d0a5257197bb
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"282426ddfa10468debb6f87bcb34b324"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf368e81da8-FRA

POST
H2 200 graphql Show response
hackerone.com/ 141 B
2 KB 324ms
324ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e2dc32075dacd201748d3160634a6812f1de3a71b0de4b0cf173906b0fe8e15

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
content-type: application/json
x-product-feature: other
accept: */*
x-product-area: other
Referer: https://hackerone.com/reports/1033423

Response headers

date: Tue, 12 Mar 2024 08:52:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: c84a03d8-ead6-447c-83e7-2777700033ff
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"8e2dc32075dacd201748d3160634a681"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf368ea1da8-FRA

GET
H2 200 report_page-XRUcueVN.js Show response
hackerone.com/assets/static/ 532 B
409 B 27ms
26ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/report_page-XRUcueVN.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f3b75f89be1e27e30298bc1f1b0a77018528c76d20b9cc0b09c8b9c6dcd71fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 40645
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 21:26:44 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328bf5fcde1da8-FRA
expires: Fri, 12 Apr 2024 08:52:11 GMT

GET
H2 200 read_reports-OHIsZUNO.js Show response
hackerone.com/assets/static/ 549 B
1 KB 26ms
25ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/read_reports-OHIsZUNO.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1950996ae34f030d30aa738c5e87850673c4d1601fc5cc3e1175175d9c92b8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 40646
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 21:26:44 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328bf5fce01da8-FRA
expires: Fri, 12 Apr 2024 08:52:11 GMT

GET
H2 200 program_health_acknowledgement-BEMIIf2y.js Show response
hackerone.com/assets/static/ 2 KB
655 B 31ms
30ms Script
application/javascript 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/program_health_acknowledgement-BEMIIf2y.js

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fca1023bd46b386f77bac219c64fe7b664cd65d0c24b9040a03d233033d41327

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 40646
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 21:26:44 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328bf5fce11da8-FRA
expires: Fri, 12 Apr 2024 08:52:11 GMT

GET
DATA 200
OK truncated Show response
/ 411 B
411 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a937e8fff43bf4057b049796432089c5f83d0d8ecb8e2a6e19da8a5c9470d46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 376 B
376 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92bbaeb64dc94116d6f270f965f2916ae3a5d0b3d05d1709994cee3a2b709272

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 341 B
341 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0f5da988d203fc493b3097cf501cfecd161a3c3b7956855d53f46dd5443d300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 175 B
175 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 335eaf4a743bde828e754369e60430c9065a6120515c65a513c1e79e43d94f74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 250 B
250 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cbe51afb6c301a5fb43e9379fa8556f85128582194e3e7e61b2a59d002811071

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 329 B
329 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f492a8c1bf95c719129c0bb7a71383a4273eb73b2a253299f9b213462a485415

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 graphql Show response
hackerone.com/ 413 B
2 KB 263ms
262ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e822aa988f1d318cad828550ba0ef4cae4356606dd4cf839a42609043174dce1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 7389271751936815584
x-datadog-trace-id: 4838680181514286165

Response headers

date: Tue, 12 Mar 2024 08:52:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 9e5be186-917b-4097-90ec-c44b0a32a1f2
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"e822aa988f1d318cad828550ba0ef4ca"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf62d261da8-FRA

GET
H2 200 effra-regular-_-HyuG5R.woff
hackerone.com/assets/static/ 26 KB
26 KB 38ms
37ms Font
application/font-woff 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/effra-regular-_-HyuG5R.woff

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/main_css-BaHDxWAO.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/main_css-BaHDxWAO.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 977
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 21:26:44 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/font-woff
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328bf63d351da8-FRA
expires: Fri, 12 Apr 2024 08:52:11 GMT

GET
H2 200 effra-medium-ajQ6Ioxv.woff
hackerone.com/assets/static/ 24 KB
24 KB 43ms
43ms Font
application/font-woff 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/effra-medium-ajQ6Ioxv.woff

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/main_css-BaHDxWAO.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/main_css-BaHDxWAO.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 48833
content-encoding: br
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 17:00:21 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/font-woff
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
cf-ray: 86328bf63d371da8-FRA
expires: Fri, 12 Apr 2024 08:52:11 GMT

GET
DATA 200
OK truncated
/ 1 KB
1 KB Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc7b85e9777c59d6e9c305bce55eafa1e4194f0dc4ac35d2c72beef126178d3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 1033423.json Show response
hackerone.com/reports/ 10 KB
4 KB 278ms
278ms XHR
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/1033423.json

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68a081ea481563afb2d2600143a5f17fde15e34881cd88d459ee863133897e5a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

X-CSRF-Token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackerone.com/reports/1033423
X-Requested-With: XMLHttpRequest
x-datadog-parent-id: 6011557018131584633
x-datadog-trace-id: 5773497666709698726

Response headers

date: Tue, 12 Mar 2024 08:52:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response.json"
x-xss-protection: 1; mode=block
x-request-id: 9a16f5cc-924b-4294-b3db-b2dd6a167408
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"68a081ea481563afb2d2600143a5f17f"
user-authenticated: false
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf80f731da8-FRA

GET
DATA 200
OK truncated Show response
/ 296 B
296 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fdf44bb7f8f8798a320a5fbec612455934615e4a78dbac00d7e5eb77784fc4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 264 B
264 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55d759c1c5c06ab6984f11a11fbb7b99b526c874bb3b415ce05e8cae35ced85d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 248 B
248 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5906f41d51b82b25367a86308c08a191ab44f4a256ff4873595a1671ee415a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST graphql
hackerone.com/ 0
0

POST
H2 200 graphql Show response
hackerone.com/ 5 KB
4 KB 537ms
537ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

673b7f1fa6eab5d22604b6c7fa32f5d64921325369dfbe1f1ffe441aad736e4d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 981973735088277834
x-datadog-trace-id: 358559421855609678

Response headers

date: Tue, 12 Mar 2024 08:52:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 32fbe2e7-29e6-453d-97c9-fb209702755a
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"673b7f1fa6eab5d22604b6c7fa32f5d6"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf81f911da8-FRA

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 53 B
344 B 576ms
246ms Fetch
application/json 2600:1f18:24e6:b902:ea3e:a4c8:1f02:565f
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Acore%2Cversion%3A793dd3c035c455feb3f215d9561e5baf7ac1da39&dd-api-key=pub5197cece87412c3d9702c8fa913a829d&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=37ba067a-44a3-4fd4-842e-6fa30b55fc9b&batch_time=1710233532178

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b902:ea3e:a4c8:1f02:565f Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

e7cc7ce121fa3c645e0becdeafadffc426aa3ee73812eec3c43ae49acb2af17c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hackerone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 08:52:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: 37ba067a-44a3-4fd4-842e-6fa30b55fc9b

POST
H2 200 events Show response
hackerone.com/ 32 B
872 B 795ms
794ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/events

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4751646586d363200e083435198e1aabb8b590c03089e5614c4d9096d18edc9d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
Content-Type: application/json
Accept: */*
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 3787728266511641028
x-datadog-trace-id: 4535456588314588081

Response headers

date: Tue, 12 Mar 2024 08:52:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: a1edc115-4b96-43d6-bdde-e792da31498b
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"4751646586d363200e083435198e1aab"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf969ba1da8-FRA

GET
H2 200 participants Show response
hackerone.com/reports/1033423/ 9 KB
3 KB 771ms
770ms XHR
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/reports/1033423/participants

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19d4fe2d2bba7b576a0e3556117b026e00daf1cf58529d2c0ad7864212399805

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

X-CSRF-Token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://hackerone.com/reports/1033423
X-Requested-With: XMLHttpRequest
x-datadog-parent-id: 3408699844355138688
x-datadog-trace-id: 5857298794306459588

Response headers

date: Tue, 12 Mar 2024 08:52:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response.json"
x-xss-protection: 1; mode=block
x-request-id: fede3c17-9fc4-4051-8f9e-b2d683a47826
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"19d4fe2d2bba7b576a0e3556117b026e"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf9da441da8-FRA

GET
DATA 200
OK truncated Show response
/ 1 KB
1 KB XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d81e5ad0b39f1d51bed6e0f423deedb15b60dc2602105a73e20e36cba728991c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 graphql Show response
hackerone.com/ 616 B
1 KB 334ms
333ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

294357de549fed732f659abba6a46e477e5bc043e9a7f70a1ee71818d92e36db

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 6802848198235699751
x-datadog-trace-id: 3765786075972720077

Response headers

date: Tue, 12 Mar 2024 08:52:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: a63c46a9-fa84-466c-9627-a0de0ba5b50f
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"294357de549fed732f659abba6a46e47"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf9ea5f1da8-FRA

POST
H2 200 graphql Show response
hackerone.com/ 1 KB
1 KB 529ms
528ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f048c44e8cfe82a6a916e38475f98bf31d1eefc698e19cd73f9d3789916b1012

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 6800038595017431468
x-datadog-trace-id: 8673440124015682475

Response headers

date: Tue, 12 Mar 2024 08:52:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: f917c69f-e2fe-48b9-8dfd-acf8a166aecc
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"f048c44e8cfe82a6a916e38475f98bf3"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf9ea661da8-FRA

POST
H2 200 graphql Show response
hackerone.com/ 22 KB
4 KB 546ms
545ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1269033512c540bec3fbfe75de9dbacbeac7d3a11a9eac8c49e9dfa76d8dddd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 8259147918605712302
x-datadog-trace-id: 5012277263904058933

Response headers

date: Tue, 12 Mar 2024 08:52:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 2b818916-f4f2-4f87-b12b-4cff3efef8a0
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"f1269033512c540bec3fbfe75de9dbac"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf9ea6c1da8-FRA

POST
H2 200 graphql Show response
hackerone.com/ 184 B
2 KB 391ms
390ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d976ebc81ba627f7175c2fc6ce43253f931cea6696f02dd1a8150cbbf968ae9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 7901176584627324664
x-datadog-trace-id: 2704555838499589317

Response headers

date: Tue, 12 Mar 2024 08:52:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 65281819-e005-4644-83e6-3e22d12959aa
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"8d976ebc81ba627f7175c2fc6ce43253"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bf9ea721da8-FRA

GET
H2 200 hackerone-FLaJ5TJx.ttf
hackerone.com/assets/static/ 10 KB
11 KB 39ms
37ms Font
application/octet-stream 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/assets/static/hackerone-FLaJ5TJx.ttf

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/main_css-BaHDxWAO.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hackerone.com/assets/static/main_css-BaHDxWAO.css
Origin: https://hackerone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 977
content-length: 10596
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 21:26:44 GMT
server: cloudflare
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/octet-stream
expect-ct: enforce, max-age=86400
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 86328bf9fa821da8-FRA
expires: Fri, 12 Apr 2024 08:52:12 GMT

GET
H/1.1 200
OK 3c7b305354c9073c106ae3d1701798defaaf5be844fb8fdfa49ca62f991a2c2c
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/okpq4hyn6f2zbqxj2z39pn6x076n/ 854 B
1 KB 613ms
228ms Image
image/jpeg 3.5.86.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/okpq4hyn6f2zbqxj2z39pn6x076n/3c7b305354c9073c106ae3d1701798defaaf5be844fb8fdfa49ca62f991a2c2c?response-content-disposition=inline%3B%20filename%3D%22Sanskar.jpg%22%3B%20filename%2A%3DUTF-8%27%27Sanskar.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQQW3ELUEC%2F20240312%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240312T085212Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDgaCXVzLXdlc3QtMiJIMEYCIQCcW9eSbr5n18GlNqIlF5%2FkTqIPYxIP%2BnUXTbnJlmo5aAIhAKO81kglI%2FEP2C4L7c7qP6WFXpROYQi%2FnyB8rwGyFoyMKrIFCEEQAxoMMDEzNjE5Mjc0ODQ5IgzRRVoLFZNxtK1SG7UqjwV4ysSTyzaqdYYZHgInS64l6%2FITdLaWFqXVM4KxZOgW6pilbDPxEEimqfeO2gwg0h4cx6HEyUwQ63VzLoN1v8dEqNnUUhgRXrOjhwYx7z9U%2Ft6d%2BTjTP2yP7dQknYna2Arr3bq7Xvletr2swvZpkc%2BgfMiJhUbkf9OERdgOf4E%2B%2Fr9bLke6RtbN8FSeVSbUl0oPdn4p9QrThoQw6ajASiG9KAOSxshXUSLIOV44zB%2FimfHDgBIPAq78Igpr7yv2KCsGrpOiPJ0ptAjnwLZwY1I80rOkkan23BD5cjChRmxN8g3yKJzuLRkoh%2Bv4liAwH4xqxjXyL%2BqDiRksOeXES6im7UdCGB%2BTNes4R5FgQui5aBXw1ci5YCta3fAwLgz0LDqrW4%2FFcVYY5B5ysOkOfXUt0Y2qjYVAJ%2Fg3X7PKZWniO8HlOrHk7bD0QpzbHSD2KfDVithpaXTkteOn32GnDQqdW4ME57uTQg%2BkPn8QUQx%2BBwcnb5eAXaLuIVpt3wzjWKr9NlRSMKvglhsadNWFtZCnrpWCv3J%2BcUCrjDSsNgOiT3CkR9E%2BWgu4DGvFm3kDpCXhhYAFHsSe7nhJ1smE8I5iby9CpWeM8QmmBTQJRdoL4COSgh%2F5CvOGS6O4tcYZv61fWM3voXuSovaKtqW0viXD87ZWITxMm3Xqxr4PkbVW8PEo68RW%2Fqe0aF83HPpTFExzrYJvyYIRMNhIzEFk9DfVu9ViPj2f5DXQNrfEH4YL8ISAUNvozh%2FL72d2duhu9tAoQW5M5X2dfTixqADjt%2BCPsh3i13DnP7dJVsz3uQ5maXnJrL2NXALrldRwfXqv9C8IiRcl4fOBXPmLZNKBTk7KLjpA5fXjmXGHtaO%2BMdBaMLidwK8GOrABbdLQMbhNY5ySs1NFReqRlSKWZ55BLSUjS1RYFpwUM3I5yW7VhoXRBFBGr4F7h7QK%2F4TfXSaXb8u%2Fr9QFenclVDZsMe8O3ZqucOQy0KAllYHvvdgsD6IXjMrj95zVvE1xaAnPixm2nCL5nSFedCA8egn1IarPxRb6jk9MalZ%2FO4tNdsLXSf4fJRXAnIhbKzLj1emBsEH3MLS%2FSVH7fmtGWXD1R%2BKQvaFBfGEpoqAHwzo%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=9c4bac495b869b1ce4b0d095caa969b49eae1e0bad3b80990a330fe1df58a835
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.86.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: e120ebe2541c057135c15e0385545b4329679758f73600020d41b344f0870992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Tue, 12 Mar 2024 08:52:14 GMT
x-amz-version-id: pxXyzpWUqN6KwRNnh3SYzv5jxzTAKDXT
Last-Modified: Tue, 23 May 2023 08:44:08 GMT
Server: AmazonS3
x-amz-request-id: Q4GQQAYWMPA3DCD1
ETag: "2579f7f2cca6618965f005bb68d2871e"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Cache-Control: private, no-cache, no-store, must-revalidate
x-amz-replication-status: COMPLETED
Content-Disposition: inline; filename="Sanskar.jpg"; filename*=UTF-8''Sanskar.jpg
Accept-Ranges: bytes
Content-Length: 854
x-amz-id-2: 2i2m6U/CkqCPc1HMhqBKgaNnyDsF4TOqLRWVzXm/sfZnnnbkrlVh6EQN4p7ftSG+su4CFFm1UkxryuSiHj7Uug==

POST
H2 200 graphql Show response
hackerone.com/ 230 B
2 KB 414ms
414ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eef9d948372681830a8e8e23c4be35604a8f5042cf52abef81d48024c6ba0745

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 2086205426237052234
x-datadog-trace-id: 1139218115009259574

Response headers

date: Tue, 12 Mar 2024 08:52:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: c7b1155a-1679-4611-a40a-ae3425413275
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"eef9d948372681830a8e8e23c4be3560"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bfbbcfe1da8-FRA

POST
H2 200 graphql Show response
hackerone.com/ 616 B
2 KB 302ms
302ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

294357de549fed732f659abba6a46e477e5bc043e9a7f70a1ee71818d92e36db

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 2406038129372087986
x-datadog-trace-id: 2865129422240375709

Response headers

date: Tue, 12 Mar 2024 08:52:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 2ea289c7-fee0-48de-9568-8b04053021dd
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"294357de549fed732f659abba6a46e47"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bfd4f231da8-FRA

GET
DATA 200
OK truncated Show response
/ 1 KB
1 KB XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8ff8698547e8661b00586afd69a0ec33afed5295b56155de4277c35c6ee0181

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated Show response
/ 249 B
249 B XHR
image/svg+xml

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d929696601027530d25aef9fe88cec0f354722da372643f780f7dd2e8ff3d31

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/okpq4hyn6f2zbqxj2z39pn6x076n/3c7b305354c9073c106ae3d1701798defaaf5be844fb8fdfa49ca62f991a2c2c?response-content-disposition=inline%3B%20filename%3D%22Sanskar.jpg%22%3B%20filename%2A%3DUTF-8%27%27Sanskar.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ2B3KFEZQ%2F20240312%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240312T085212Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDgaCXVzLXdlc3QtMiJGMEQCIE0jyOjF3sNTtkRkG6RVkPKEtg9TIWMFhcw8C1fPIctcAiBATiMpfkasozEjeRoClPlbs0GFtRhzF9XSRE2%2B0FGLlCqyBQhBEAMaDDAxMzYxOTI3NDg0OSIMUFAieu3XdXf1BNeZKo8Fm1cYu53nKWTPrl8W00sYUfeJrCmNCxlYmACyv2Cynahd4jiej5Ko8kpMuE60D%2BzBJlFO%2Bj1bNk%2B5IbuaeDSNSgiOc5pn22zPHv84oX3W10HAZoqsPM8bgnXMnWwK9PVA0tHY1yt93JTHls4qz0zyBi3zP%2FPMFX8eUDLxXToi%2BWhUYpQQIffPscOH7MP9phHPjmQinNDQintFox18NdVJzu7Vzs8rQm%2Bqi8LGN8sorqf6V%2BvIPGweWF52SZGgm8WnHJgNLkBECfULn8SErJq%2BeirdUv50YWQeCAvtLubQnFjqKJ2V15LxuxiAjppWAdt0P5o%2Fa3ukdDb8%2FU9kQDgABDQyvBO62EE4kh9W%2B%2FvBXZ0D%2BVHrX%2FlRTxMPlCVdlOAsYJzqqQ35KI%2FIACw25jvDFVRylnVL%2B64RvhlEtM%2BdxHM82kKUw6cB%2Bh9nF7%2BSqVz53TnyEysAKJJwnAKHm0SjjFUGZyUXfzZkkbYhtqzDjGgPH1vQUBIBM2chHR2UCazrdGli0QdN1cFJlNzzZHFYUDod8SqYy%2FizC%2F1Jgf7XowlyHW%2BRfuRjnKGbTH%2BE7qhf4UZRnWGZ7ajcSqb%2BiTRgC1vbFioFzOGGNM8zemMzN%2BkhKMVF7sxsupERc%2FBi3kSpwOey2MhVoWZT%2FftRaeflu%2BPDEZKDgLdgoLwhk%2BFiEDJyRocgmzS54DWVpXol%2BWEV3tucokBrK23jr9WHy4gO7WlKUadNrTpOCTYDZU6q84e%2F%2FR12WzcHxTQ0aRysdmvHik2T5cP8jftZHhOOVeQsgVxBGiqco6kaaevge2OY2OkVDDmHXag2rG0aLH6qiUUhnaYEirST97xKCqHBeUV5Wnc3ewfqNv7R4KDqKeYVwjDckMCvBjqyAaIaOXQnMDfCj0PVcQgbQyaqckPDKelCgoogh8UU6MDp%2F1V00mPeXztVbhKF9fmidtbCNvdgjFxECZ9CQCDiqUd0cbrRb4UaY16I0r8DamX3k999PbwCjKIw2%2Fz6fet%2B3GUihGs6JqWMTq%2BdaP8NbCRev%2BRucIXZ6ZUS2KJgohjR21kffMr2srtnyZ7DYpTPOdQFxlmxeMr8uQmr63gb9fpeiGXl2IF1%2B6EDwwcGPVld5C8%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=7218de36784b4b01560ce37bd5af1f95c3911c39b1e2263905360af859262652
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.86.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: e120ebe2541c057135c15e0385545b4329679758f73600020d41b344f0870992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Tue, 12 Mar 2024 08:52:14 GMT
x-amz-version-id: pxXyzpWUqN6KwRNnh3SYzv5jxzTAKDXT
Last-Modified: Tue, 23 May 2023 08:44:08 GMT
Server: AmazonS3
x-amz-request-id: Q4GWTTSCYGDQJT3C
ETag: "2579f7f2cca6618965f005bb68d2871e"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Cache-Control: private, no-cache, no-store, must-revalidate
x-amz-replication-status: COMPLETED
Content-Disposition: inline; filename="Sanskar.jpg"; filename*=UTF-8''Sanskar.jpg
Accept-Ranges: bytes
Content-Length: 854
x-amz-id-2: ZEUWoNlQSnzYGL9GmAQ2FClrRs366e9TvMWmAS2Z50XjTp62qVjglWaO62uj6yw+i5wDkiyqk5CqLs0+bq+IPQ==

POST
H2 200 graphql Show response
hackerone.com/ 353 B
1 KB 284ms
284ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9eecd5af6a8d6e7896ccffc12e41aa20b8b9663c65b5711dd5c0d3ee1a9c3c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 7254266325692892011
x-datadog-trace-id: 7351306875006479973

Response headers

date: Tue, 12 Mar 2024 08:52:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: bc0dbd49-3ea3-4a19-a815-3c76821444c9
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"f9eecd5af6a8d6e7896ccffc12e41aa2"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bfd7f6c1da8-FRA

POST
H2 200 graphql Show response
hackerone.com/ 60 KB
6 KB 991ms
991ms Fetch
application/json 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hackerone.com/graphql

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3112293b796ef9ae8fdb1d79c9d3a4250ed2a4ce5d7d13ae7d8383432a73f3a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-csrf-token: LC3sNbS3VBDEgJlFPC4C3sPXq9UtSbfBBJDUe5+AaklVHbmHEzv4w66JWWz/uhWDUYQ8DuYtP4OEModLyyEv4g==
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
x-datadog-sampling-priority: 1
content-type: application/json
x-product-feature: details
accept: */*
x-product-area: reports
Referer: https://hackerone.com/reports/1033423
x-datadog-parent-id: 8765295010969700085
x-datadog-trace-id: 7640534836509114153

Response headers

date: Tue, 12 Mar 2024 08:52:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: *; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
content-disposition: inline; filename="response."
x-xss-protection: 1; mode=block
x-request-id: 8a961675-d309-4773-a750-1b2e682ac109
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"a3112293b796ef9ae8fdb1d79c9d3a42"
user-authenticated: false
vary: Accept
x-frame-options: DENY
content-type: application/json; charset=utf-8
x-download-options: noopen
cache-control: no-store
expect-ct: enforce, max-age=86400
cf-ray: 86328bfd7f711da8-FRA

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 53 B
343 B 221ms
221ms Fetch
application/json 2600:1f18:24e6:b902:ea3e:a4c8:1f02:565f
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Acore%2Cversion%3A793dd3c035c455feb3f215d9561e5baf7ac1da39&dd-api-key=pub5197cece87412c3d9702c8fa913a829d&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=c5d6c585-fbba-45d2-a6f9-afbc02d96a47&batch_time=1710233533040

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b902:ea3e:a4c8:1f02:565f Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

db2d56b1823f0dc4ebd3303329803f91b08a5603f1322f5f3731d1b78b23b46e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hackerone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 08:52:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: c5d6c585-fbba-45d2-a6f9-afbc02d96a47

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/okpq4hyn6f2zbqxj2z39pn6x076n/3c7b305354c9073c106ae3d1701798defaaf5be844fb8fdfa49ca62f991a2c2c?response-content-disposition=inline%3B%20filename%3D%22Sanskar.jpg%22%3B%20filename%2A%3DUTF-8%27%27Sanskar.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQUARVMUZK%2F20240312%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240312T085213Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDkaCXVzLXdlc3QtMiJGMEQCIEGAfmG4Xb1HF%2BG0N8RJsxB%2BKnh87RB8Dh%2FNT%2FvChXb2AiAloxqZMnHzCFK8DZNE4jNi7guiKOSQiBSEKnostmxz1iqyBQhCEAMaDDAxMzYxOTI3NDg0OSIMmXi8dBfG81dIE1GsKo8FFn5e%2FabRWoF%2BUxk4hgvUP5BRR450U62WU6tJyldlWnPX%2FMeEvWGYJ4PPXj4RNsvNKY%2BIBx7S9tc0jk%2BD4pELsmqn56BAK2Nlr5Q%2FYQDo9koZfEO556FWFzghN6DSJD390o89zmHpbT3Ueb9ZdoSJtx4DIf%2FeMD2y%2FnjbN%2FpY%2Fdko9KvmGmCfEw8HyhX308wNowHH3OAq5CjmTSM9HzLicPfjMIBK6hgOCo1gDWyJJJPBVE7VwHi%2B82wFgujI5b7DSh0fkGDt5LLG9I9%2FupBflOH1u23MOz3RekofiwJckibTBQiqQUp99%2FHHOLhgbGvN7%2BE4BUe1C%2Fx7jL3zpLdXOb0jaXqKPwfv6LQNiOyk9w2LRGbAJdGh%2FobBd4PCenq9W3ypMqmFcuucnO3zuHeT6qoahMBSzBjZTr%2BCB4iLrquGTrZmSvtuudI7JYnZIHceDUnYrU3jdH6wuCYP1sKoYoKIWc1XdlOmP%2BzfQMp34tGOcyNVTPWqXKgRUhr2e90AJNNH%2BDBI9y1DjRgP6YWQ158ZqqypMhqySvv6NSEUQa92ZkSQF3a55HLHRrEys%2F8dO8YMygIdsqdqoJ6HRqB6fcgIx3vbteIwoD8gc0IMWWy%2FEnNzfaK1bJ9SRuxZj1uznls%2BP7255dFCFD5k2Zixc3A9Bi8pn0WZ9LLdzvx%2ByxoI7H5ocOP84NxrQqFdLRJSPFfdTY8ooD2lZfIv3NdCSRGLgX4FQsCnoTL0qssD%2BFkHXheGkgTpHASkJKEmqno3PSwyCBslEOWm65diiH3PcyvuOuHCU17HzsezjXvKWyy1t1jIrPVw6xIY4sekVH77W1Db3tG%2B7v3w0GKjwekcGit0f3jMnLU9B0r3vJxA5jD2p8CvBjqyAYdxnOfY1Fh3xuTVSq4Wb23a6TEBf7HOOwiIo%2B5cd0FS1tW3SpqEF8se60FfMSioqpP894l3tYFVG7nSeZNQff99YZegZBZYQdRszKlEnLmtErv6uZ6A%2BwE5fEvcA7NfKfEwxhuOftTCloLMoxOYVI%2F6cA7dVpe%2FtWMXD1VThKQg0wotjW9KNMbzzY4XRUB7ESCP%2BLkwWl16J9FocmExYZQPSME05L7iMzYcoPqatW2X9pM%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=686f77ef88f16f1ebf989b26fd008afbcb15f5af53da2d2252b6eec9e1452012
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.86.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: e120ebe2541c057135c15e0385545b4329679758f73600020d41b344f0870992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Tue, 12 Mar 2024 08:52:14 GMT
x-amz-version-id: pxXyzpWUqN6KwRNnh3SYzv5jxzTAKDXT
Last-Modified: Tue, 23 May 2023 08:44:08 GMT
Server: AmazonS3
x-amz-request-id: Q4GT59KY01X36TXC
ETag: "2579f7f2cca6618965f005bb68d2871e"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Cache-Control: private, no-cache, no-store, must-revalidate
x-amz-replication-status: COMPLETED
Content-Disposition: inline; filename="Sanskar.jpg"; filename*=UTF-8''Sanskar.jpg
Accept-Ranges: bytes
Content-Length: 854
x-amz-id-2: zhv+4XEm/gwRhRJ/yKZDt3LR5bDw+15W+DRNlvcUA/oqFj42rwkt+FbzSF1E2pF0P0Kk/qhxvikLj6EzhBiozQ==

GET
H2 200 default-25f7248a18bdf9e2dc8310319b148d66cff430fa0fade6c5f25fee1b8d7f27ed.png
hackerone.com/assets/avatars/ 5 KB
5 KB 33ms
33ms Image
image/png 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hackerone.com/assets/avatars/default-25f7248a18bdf9e2dc8310319b148d66cff430fa0fade6c5f25fee1b8d7f27ed.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1033423
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:13 GMT
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1297276
cf-polished: status=not_needed
content-length: 4711
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 14 Feb 2024 01:52:58 GMT
server: cloudflare
expect-ct: enforce, max-age=86400
x-download-options: noopen
x-frame-options: DENY
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 86328bfec9451da8-FRA
expires: Fri, 12 Apr 2024 08:52:13 GMT

GET
H2 200 3c7b305354c9073c106ae3d1701798defaaf5be844fb8fdfa49ca62f991a2c2c
profile-photos.hackerone-user-content.com/variants/000/003/152/f71d69995e3032fd2225ed83dd75c81e8158a865_original.jpg/ 5 KB
6 KB 97ms
18ms Image
image/jpeg 2600:9000:21f3:5c00:4:4c7d:87c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://profile-photos.hackerone-user-content.com/variants/000/003/152/f71d69995e3032fd2225ed83dd75c81e8158a865_original.jpg/3c7b305354c9073c106ae3d1701798defaaf5be844fb8fdfa49ca62f991a2c2c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:5c00:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 98ffdbff94c6168c8361dcef0239e9ea045d7deb923022469d3cd1d29500c2a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id: oBnnCsc4jnaXHaAikTR4J8u0jF52lgou
date: Tue, 12 Mar 2024 08:52:13 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 502
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 5484
last-modified: Tue, 23 May 2023 07:56:41 GMT
server: AmazonS3
etag: "c949caf58fa5d298f220a2c7e6d3a2aa"
vary: Accept-Encoding
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: 0z0orDNIXibTViMaZ2l8PQKISdv90oaKls_a7JTgTp1O0SAmCcQfaw==

GET
H2 200 3c7b305354c9073c106ae3d1701798defaaf5be844fb8fdfa49ca62f991a2c2c
profile-photos.hackerone-user-content.com/variants/000/004/836/57b93fd96b524d0ed13eef717ecd070ad8468f86_original.jpg/ 1 KB
2 KB 95ms
16ms Image
image/jpeg 2600:9000:21f3:5c00:4:4c7d:87c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://profile-photos.hackerone-user-content.com/variants/000/004/836/57b93fd96b524d0ed13eef717ecd070ad8468f86_original.jpg/3c7b305354c9073c106ae3d1701798defaaf5be844fb8fdfa49ca62f991a2c2c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:5c00:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2b550996d9ca03dcfff39fc265258af7b3037300bf0f177790466c70646dc65d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id: b1I7mo8cihh9AGafDYiX7KDS0Cr3_8DX
date: Tue, 12 Mar 2024 08:52:13 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 502
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 1458
last-modified: Tue, 23 May 2023 07:56:41 GMT
server: AmazonS3
etag: "5c9144ceb85dec89227e3acd608f19c0"
vary: Accept-Encoding
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: GfTUi2wSS6YpUVAR92kn0LgYDwwg6FdnThKhpgrmd2eYlQiO8jUhgA==

GET
H2 200 default-25f7248a18bdf9e2dc8310319b148d66cff430fa0fade6c5f25fee1b8d7f27ed.png
hackerone.com/assets/avatars/ 5 KB
6 KB 33ms
33ms Image
image/png 2606:4700:4400::6812:24d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hackerone.com/assets/avatars/default-25f7248a18bdf9e2dc8310319b148d66cff430fa0fade6c5f25fee1b8d7f27ed.png

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:24d6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/reports/1033423
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:52:14 GMT
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com; connect-src 'self' data: errors.hackerone.net *.browser-intake-datadoghq.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com; img-src 'self' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com profile-photos.hackerone-user-content.com flagcdn.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com; object-src blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 1297277
cf-polished: status=not_needed
content-length: 4711
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 14 Feb 2024 01:52:58 GMT
server: cloudflare
expect-ct: enforce, max-age=86400
x-download-options: noopen
x-frame-options: DENY
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 86328c03eff41da8-FRA
expires: Fri, 12 Apr 2024 08:52:14 GMT

GET
H2 200 f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc
profile-photos.hackerone-user-content.com/variants/000/004/836/57b93fd96b524d0ed13eef717ecd070ad8468f86_original.jpg/ 2 KB
2 KB 13ms
13ms Image
image/jpeg 2600:9000:21f3:5c00:4:4c7d:87c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://profile-photos.hackerone-user-content.com/variants/000/004/836/57b93fd96b524d0ed13eef717ecd070ad8468f86_original.jpg/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:5c00:4:4c7d:87c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f7ac6b7eb9f92f0421fbb677b63069525f1b10e424629e7a6885da2bc58ee40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-amz-version-id: MoRvorli_9D0KLOVaARXFBvvh5vW8JwV
date: Tue, 12 Mar 2024 08:52:14 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 502
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 2065
last-modified: Tue, 23 May 2023 07:56:43 GMT
server: AmazonS3
etag: "694f051824b5bddce75f6651d11ac3a7"
vary: Accept-Encoding
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: n6hHAZoZfo9QG0J43tAbAjf262EgYZVrBYJo4ionhml8qtshmIJHuA==

GET
H/1.1 200
OK f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc
hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/okpq4hyn6f2zbqxj2z39pn6x076n/ 1 KB
2 KB 211ms
211ms Image
image/jpeg 3.5.86.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/variants/okpq4hyn6f2zbqxj2z39pn6x076n/f4a495c04fdb224bac8ec64587537e511aa8c4925e7955bee0a19e0ed7d891dc?response-content-disposition=inline%3B%20filename%3D%22Sanskar.jpg%22%3B%20filename%2A%3DUTF-8%27%27Sanskar.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ77IHR6NY%2F20240312%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20240312T085213Z&X-Amz-Expires=3600&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDkaCXVzLXdlc3QtMiJIMEYCIQCEuUEsLwfkczNhILTEA7TyUddJ9%2Bf7QeBKAuOuyqFzjgIhALDm92SKPnIshPau7g42EUYDhirDFvwbEdHSEMc6qJlqKrIFCEIQAxoMMDEzNjE5Mjc0ODQ5IgwKoAEMtVoC8EKLGIAqjwXdN%2Fuak0uPI2bRZLdpm%2FIm1WMfKEibRw1qX0vsTpQQsdAs2AflAxtCYDgbS2P13vYOPRc4H4FWS2h88kQ1S9%2FK3cbNqFgdgOwwBbleDnh15s2e0eUm659f1EZ0589cY%2BhU0WcbV4RjwRJUnNTmU0WBWAxXDZLMMRs1AApCbvTFry%2BU1Ac6LoX%2BqcXzkGdCAZM0gnDNEdiFdMXrl6ib%2FpnBKsF1eYv374wzi1wo8R0Bbwc1DF6PkWEPIu8VsTnLA1Oe85MpdRFujk1y6CCWVBE1GLbr4pc3WuShcUB%2FCdmHvePz1Hva3fBEUgSHahnBZn7fUZGRePiLB5pI5gJLakNAva0QIGuRck7FfEmooDsbiEicGZtWAtOv7DrPiIUuNmiCihMO9zSYxnbRn%2BqxvWEKgzKWGqPpWUXdRmPLmb4klepi45w%2BjwdjtAgeU3cgV0brxfxwmAG9b%2BrC3%2BiPOpGmEnjZKxc9C3PYFrS%2FjnFkNuuvILGbJsVCCdFZRyPqcoF%2FbrsnCvBse26gFSF%2B5CEKiH1FvV%2BTK4mdLElCTS4MN%2BbF2umKoNdbKMSDRx78J%2Bc02eaC8eXywoWtpBtPP62YawVTJ%2FtgWy6B96ePc2V9GqBwjZCVid5dk288opXA8NUcHrvnO2HB6cd79rlSnIwbvjrK8nvJq%2FViepcQRJeCTQJnuLUK8C%2FO%2BFPkXxjd5tJgVyF%2F7dkUiz1qGVTfnwltxuMY8yLdX09tYjjo3zLleKZ9UUJNZy4RktYaEZ1OjpyZBpiA8l7aRSz%2Fl%2FhaD%2BCw7%2FoTYCOYWkn4RWE5fDlYTqfj9vwmfZ7CmnidP2UmRTd6v2hwu5NGVkLkxZMBoSqb6InBhJIKWqjdzmlJ7h2GMMahwK8GOrAB%2B8MNztRq%2FDm97y8ZWWdm9FiEn32L3W1DF1%2BX4%2BD4hFlKMGYjohwN2VAm1lL7HRL5BZF5oyHyyQbSPpP5QswQUVUTHnMlNSHKIo1fxyU4BBonwVjbSdMIcUSnKzCc3QjnEc%2BwfoaRFYsuNOdCCwB4o4xSRIRgWa0dL8rHLig6%2B7QG8KjG1MewM9RRXOGWUjWzT3ZnT1PSoRnzSKp9u2XZEzwSY%2Fu6lL6VSyJn9cpVTOo%3D&X-Amz-SignedHeaders=host&X-Amz-Signature=b6b9795e196ebec4f14f7c968f31a7e8c4609eec9a0e7befe616e89442033a75
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.86.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 452fb14a904b5195c6bb4516a6ded64508205eaef76f6df15359aaccbe00bf21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hackerone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Tue, 12 Mar 2024 08:52:15 GMT
x-amz-version-id: ef2Y8oqH.GYRDY_CTcDdxZ.W3GO4TfI0
Last-Modified: Tue, 23 May 2023 08:44:10 GMT
Server: AmazonS3
x-amz-request-id: 0CFRCHQAMG8WQ8M2
ETag: "093bfbb832de47c2337344d9136502fc"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Cache-Control: private, no-cache, no-store, must-revalidate
x-amz-replication-status: COMPLETED
Content-Disposition: inline; filename="Sanskar.jpg"; filename*=UTF-8''Sanskar.jpg
Accept-Ranges: bytes
Content-Length: 1157
x-amz-id-2: gCIOVtaukBlSHlJD+WRJQwfynXyUAoY91xxosa/cbdhiVP5Cq/zX5NiCDFL7zfYjAK1Gb0KlSHIaFkaXVhneQg==

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 53 B
342 B 215ms
215ms Fetch
application/json 2600:1f18:24e6:b902:ea3e:a4c8:1f02:565f
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aproduction%2Cservice%3Acore%2Cversion%3A793dd3c035c455feb3f215d9561e5baf7ac1da39&dd-api-key=pub5197cece87412c3d9702c8fa913a829d&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=3ca50101-229e-449e-a8e8-f95ed29c42b4&batch_time=1710233534100

Requested by

Host: hackerone.com
URL: https://hackerone.com/assets/static/vendor-oo1gpDIC.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b902:ea3e:a4c8:1f02:565f Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

b24e164ee58481fbd8ccad13df8f69b92fffbf0662a38389363f5dea725996ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hackerone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 08:52:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: 3ca50101-229e-449e-a8e8-f95ed29c42b4

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hackerone.com
URL: https://hackerone.com/graphql

Domain: hackerone.com
URL: https://hackerone.com/graphql

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hackerone.com/	1970-01-21 03:49:29	Name: h1_device_id Value: 3191cdd8-985e-4c4d-993d-4bb70e962912
.hackerone.com/	1969-12-31 23:59:59	Name: _cfuvid Value: UwE8dlsQBeFspRua_bzQBXFnOdXV0qbOmcJLAuWDZqk-1710233529693-0.0.1.1-604800000
.hackerone.com/	1970-01-21 03:49:29	Name: AMP_MKTG_b7cba2c14c Value: JTdCJTdE
.hackerone.com/	1970-01-21 03:49:29	Name: AMP_b7cba2c14c Value: JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJiZDkwNTExNC01ZTJjLTQ1ODItODNlZC04YTEzNjlkYzk4ZGQlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzEwMjMzNTMxMTI0JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxMDIzMzUzMTgzNyUyQyUyMmxhc3RFdmVudElkJTIyJTNBMSU3RA==
hackerone.com/	1970-01-20 19:24:03	Name: __Host-session Value: aFNiNGM3cGJESUkwSU5SWUtQUnhXWHJMcCtnSWN3Qzc3S1N6TWhWcGJ0UW02Q0xRSWduZnp6SUZPMXRhQXZWNUVNNGdXNGY4WUl1aDVaWFZIeUducG9ZazQrSFBmTHVFV3VxQjJSWmYwNGQ0RzJWV0JveUlPeTQrSWl4ekFLVHhWS0NQVGlzVHhiQkZNSVJLYmJpRkhMV3RlZFpoa0JMaG8vSkJGQXQySzNXaVVQeXpmVXord2ZVd3o4TDZtOTc5QVFNOTRFTThUakVuWndUaDN2V2w2TFNiR0k5UmllVm02TkhBcU1leEdYZjl6Z0ppYkU2WHVqRnVhbTRwS0l1a0VuaHF4dUIwSWJPSUxOUXRxRWJZc28vNXA5TnlNOXJIN0hJdDRhQ2RGcnc9LS1SaXhpdEthckRxVHpzL2w1RjhkRDhBPT0%3D--17ce4c4f4ba0ab0cb8946654e7cac1879431a0df
hackerone.com/	1970-01-20 19:03:54	Name: _dd_s Value: rum=2&id=b3a20d73-1187-4ca6-a22c-ad381a887599&created=1710233531843&expire=1710234431843

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src www.youtube-nocookie.com a5s.hackerone-ext-content.com intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; connect-src 'self' data: errors.hackerone.net .browser-intake-datadoghq.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io via.intercom.io uploads.intercomcdn.com checkout.stripe.com; font-src 'self' fonts.intercomcdn.com js.intercomcdn.com fonts.gstatic.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io calendly.com messenger-apps.intercom.io; frame-ancestors 'none'; frame-src blob: hackerone.integration-configuration.com api-iam.intercom.io/messenger/web/metrics intercom-sheets.com a5s.hackerone-ext-content.com www.youtube.com youtube.com www.loom.com checkout.stripe.com b5s.hackerone-ext-content.com; img-src data: blob: ; media-src 'self' marketing-assets.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com js.intercomcdn.com hackerone.com video-messages.intercomcdn.com; object-src blob:; script-src 'self' js.intercomcdn.com widget.intercom.io/widget/zlmaz2pu checkout.stripe.com 'nonce-rXGiXBq7FouVVfN1c+O+sSndTwTFE1/4UBeg+fL1Bkw=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com checkout.stripe.com; report-uri https://errors.hackerone.net/api/30/security/?sentry_key=374aea95847f4040a69f9c8d49a3a59d&sentry_environment=production
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com
hackerone.com
profile-photos.hackerone-user-content.com
rum.browser-intake-datadoghq.com
hackerone.com
2600:1f18:24e6:b902:ea3e:a4c8:1f02:565f
2600:9000:21f3:5c00:4:4c7d:87c0:93a1
2606:4700:4400::6812:24d6
3.5.86.146
0a1950996ae34f030d30aa738c5e87850673c4d1601fc5cc3e1175175d9c92b8
0f3b75f89be1e27e30298bc1f1b0a77018528c76d20b9cc0b09c8b9c6dcd71fb
19d4fe2d2bba7b576a0e3556117b026e00daf1cf58529d2c0ad7864212399805
282426ddfa10468debb6f87bcb34b324849871961bdf24a903cb604d3bc12985
294357de549fed732f659abba6a46e477e5bc043e9a7f70a1ee71818d92e36db
2b550996d9ca03dcfff39fc265258af7b3037300bf0f177790466c70646dc65d
335eaf4a743bde828e754369e60430c9065a6120515c65a513c1e79e43d94f74
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
447f89ebd0d856515058930185bfe0eb54716368f39d2be50bde10bb296e8e89
452fb14a904b5195c6bb4516a6ded64508205eaef76f6df15359aaccbe00bf21
4751646586d363200e083435198e1aabb8b590c03089e5614c4d9096d18edc9d
55d759c1c5c06ab6984f11a11fbb7b99b526c874bb3b415ce05e8cae35ced85d
673b7f1fa6eab5d22604b6c7fa32f5d64921325369dfbe1f1ffe441aad736e4d
68a081ea481563afb2d2600143a5f17fde15e34881cd88d459ee863133897e5a
6f7ac6b7eb9f92f0421fbb677b63069525f1b10e424629e7a6885da2bc58ee40
71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918
73afc2f0f236ae6556c84d2e6e369752bfbe4b8f1d708e946d766631d1b21acc
7a937e8fff43bf4057b049796432089c5f83d0d8ecb8e2a6e19da8a5c9470d46
7d929696601027530d25aef9fe88cec0f354722da372643f780f7dd2e8ff3d31
857c2b0d18bffeff9ea0a26c51fd2112b1dcc06405f078e78945c0d69c948836
88ecf92326f1ff8da3d81eb38e1a84528de5661b7ec30b895ba82c43118380af
8d976ebc81ba627f7175c2fc6ce43253f931cea6696f02dd1a8150cbbf968ae9
8e2dc32075dacd201748d3160634a6812f1de3a71b0de4b0cf173906b0fe8e15
8fdf44bb7f8f8798a320a5fbec612455934615e4a78dbac00d7e5eb77784fc4e
91788bd8a49c497b2f6aa68ecd97543895659618dedacd3c57fa159152cdcb03
92bbaeb64dc94116d6f270f965f2916ae3a5d0b3d05d1709994cee3a2b709272
93102c54e14f85b42e97b24077e6cd2fc83d9be4b7a659bece4568d7af47863c
98a99311aa2a2e0e12a0285da336f733103e650c8c509c58d54637ff4671ddf9
98ffdbff94c6168c8361dcef0239e9ea045d7deb923022469d3cd1d29500c2a8
a291019e91165836da18d24725906c50fab2635b3d00e2c67984f276ff2dec80
a3112293b796ef9ae8fdb1d79c9d3a4250ed2a4ce5d7d13ae7d8383432a73f3a
a5906f41d51b82b25367a86308c08a191ab44f4a256ff4873595a1671ee415a1
a8ff8698547e8661b00586afd69a0ec33afed5295b56155de4277c35c6ee0181
ac29c7c90220cf0e4ac4bcf95ffb5249c9d075ac3c97e2e29f80926ff400863b
b0f5da988d203fc493b3097cf501cfecd161a3c3b7956855d53f46dd5443d300
b24e164ee58481fbd8ccad13df8f69b92fffbf0662a38389363f5dea725996ee
ba557e77d51e07bac81ad4ac51572e45862953f16f099b858d8a93bde2d85903
bc7b85e9777c59d6e9c305bce55eafa1e4194f0dc4ac35d2c72beef126178d3d
cbe51afb6c301a5fb43e9379fa8556f85128582194e3e7e61b2a59d002811071
d81e5ad0b39f1d51bed6e0f423deedb15b60dc2602105a73e20e36cba728991c
db2d56b1823f0dc4ebd3303329803f91b08a5603f1322f5f3731d1b78b23b46e
e120ebe2541c057135c15e0385545b4329679758f73600020d41b344f0870992
e7cc7ce121fa3c645e0becdeafadffc426aa3ee73812eec3c43ae49acb2af17c
e822aa988f1d318cad828550ba0ef4cae4356606dd4cf839a42609043174dce1
eef9d948372681830a8e8e23c4be35604a8f5042cf52abef81d48024c6ba0745
f048c44e8cfe82a6a916e38475f98bf31d1eefc698e19cd73f9d3789916b1012
f1269033512c540bec3fbfe75de9dbacbeac7d3a11a9eac8c49e9dfa76d8dddd
f492a8c1bf95c719129c0bb7a71383a4273eb73b2a253299f9b213462a485415
f9eecd5af6a8d6e7896ccffc12e41aa20b8b9663c65b5711dd5c0d3ee1a9c3c8
fca1023bd46b386f77bac219c64fe7b664cd65d0c24b9040a03d233033d41327

hackerone.com Open in urlscan Pro 2606:4700:4400::6812:24d6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

43 Requests

95 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

1 Countries

3143 kBTransfer

11417 kBSize

6 Cookies

12 Outgoing links

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hackerone.com Open in urlscan Pro
2606:4700:4400::6812:24d6 Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

95 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

3143 kB
Transfer

11417 kB
Size

6
Cookies

43 HTTP transactions
13 data transactions