www.booking.odevaere.com Open in urlscan Pro
54.70.111.180  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.booking.odevaere.com/	2 KB 2 KB	395ms 162ms	Document text/html	54.70.111.180 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.booking.odevaere.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.70.111.180 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-70-111-180.us-west-2.compute.amazonaws.com Software nginx/1.16.1 / Resource Hash 5b0f06eb2868e3a7954798bbdb227a4af99c29cf97fb12a0be3095f38618f68b Security Headers Name Value Content-Security-Policy script-src 'self' https://* 'unsafe-inline' 'unsafe-eval';style-src 'self' https://* blob: 'unsafe-inline';img-src 'self' https://* data:;media-src 'self' https://*;connect-src 'self' https://* wss://*;frame-src 'self' https://*;frame-ancestors 'self' https://* http://localhost:*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Strict-Transport-Security max-age=15552000; includeSubDomains max-age=600 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language en-US,en;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection keep-alive Content-Encoding gzip Content-Security-Policy script-src 'self' https://* 'unsafe-inline' 'unsafe-eval';style-src 'self' https://* blob: 'unsafe-inline';img-src 'self' https://* data:;media-src 'self' https://*;connect-src 'self' https://* wss://*;frame-src 'self' https://*;frame-ancestors 'self' https://* http://localhost:*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Content-Type text/html; charset=utf-8 Cross-Origin-Resource-Policy same-origin Date Fri, 05 Apr 2024 12:44:09 GMT ETag W/"63d-kEHVO9nKDkCoeqtlM0RiJDyOCZM" Origin-Agent-Cluster ?1 Referrer-Policy no-referrer Server nginx/1.16.1 Strict-Transport-Security max-age=15552000; includeSubDomains max-age=600 Transfer-Encoding chunked X-Booking-Engine booking-engine-4 X-Content-Type-Options nosniff X-DNS-Prefetch-Control off X-Download-Options noopen X-Frame-Options SAMEORIGIN X-Permitted-Cross-Domain-Policies none X-XSS-Protection 0
GET H2	200	js Show response www.googletagmanager.com/gtag/	299 KB 98 KB	137ms 68ms	Script application/javascript	2607:f8b0:4006:81d::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-DZF2BQ8W47 Requested by Host: www.booking.odevaere.com URL: https://www.booking.odevaere.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 2b2d69d51881656e35f035e54f164f39022bdc4f7a8ce0248cdc01ad02ad771f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 05 Apr 2024 12:44:09 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 100366 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 05 Apr 2024 12:44:09 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	1 KB 1 KB	111ms 47ms	Script text/javascript	2607:f8b0:4006:822::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: www.booking.odevaere.com URL: https://www.booking.odevaere.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:822::2004 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash a58ff2de4d6a14e055a553e83a4e67aea6aaf589a57364305eec36105cce9ef3 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 05 Apr 2024 12:44:09 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Fri, 05 Apr 2024 12:44:09 GMT
GET H2	200	bundle.js Show response d2q3n06xhbi0am.cloudfront.net/	2 MB 435 KB	102ms 27ms	Script application/javascript	2600:9000:24f1:9a00:d:cb8c:3f80:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1711968015 Requested by Host: www.booking.odevaere.com URL: https://www.booking.odevaere.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:24f1:9a00:d:cb8c:3f80:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash b2d8d3a21904638a498213241ab28d6ad11e70004b9afd788b79f37215678abe Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id c79UbQL6SFmJC7ayxY9T.k1xgvHo199A content-encoding gzip via 1.1 25c8a58d4773aeef98fa0f0f950689bc.cloudfront.net (CloudFront) date Fri, 05 Apr 2024 10:41:14 GMT last-modified Mon, 01 Apr 2024 10:40:17 GMT server AmazonS3 x-amz-cf-pop JFK50-P4 age 7376 x-amz-server-side-encryption AES256 etag W/"37c03a66b2ca9f804deb01bf3b1e845b" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id GrLm1lhdiTnHOhxnx5ykzjzgb5f5iX4XmQt_rXr2JMev6NCOA2SOIQ==
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/	499 KB 199 KB	97ms 32ms	Script text/javascript	2607:f8b0:4004:c09::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer Origin https://www.booking.odevaere.com accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 05 Apr 2024 12:41:40 GMT content-encoding gzip x-content-type-options nosniff age 149 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 203369 x-xss-protection 0 last-modified Fri, 29 Mar 2024 04:30:36 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 05 Apr 2025 12:41:40 GMT
POST H2	200	/ Show response sentry.hostaway.eu/api/6/envelope/	2 B 317 B	295ms 86ms	Fetch application/json	34.216.122.92 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://sentry.hostaway.eu/api/6/envelope/?sentry_key=119dc6692f8e50e8d2e40fb28227c1bc&sentry_version=7&sentry_client=sentry.javascript.react%2F7.93.0 Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1711968015 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.216.122.92 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-216-122-92.us-west-2.compute.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security “max-age=31536000” Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://www.booking.odevaere.com/ accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 05 Apr 2024 12:44:09 GMT strict-transport-security “max-age=31536000” server nginx/1.18.0 (Ubuntu) vary origin, access-control-request-method, access-control-request-headers content-type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after cross-origin-resource-policy cross-origin content-length 2
GET H2	200	v3 Show response js.stripe.com/	600 KB 148 KB	144ms 39ms	Script text/javascript	18.164.96.21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3 Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1711968015 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.164.96.21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-164-96-21.jfk50.r.cloudfront.net Software Cloudfront / Resource Hash 7af405acf7f87f8815733d97ff7dacdb09b76bbe81f9c7730b1bae1580dd5068 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 05 Apr 2024 12:43:37 GMT content-encoding br via 1.1 241db89625f6ef70a00b0e19e0cfc332.cloudfront.net (CloudFront) strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff age 33 x-amz-cf-pop JFK50-P5 x-cache Hit from cloudfront last-modified Fri, 05 Apr 2024 02:07:15 GMT server Cloudfront etag W/"0f55c0ab959792025ed0d49c2ab4922b" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 timing-allow-origin * x-amz-cf-id mkLiiSQdPRhs_y7nPbnPr2gdxODkZ9GV1FMJ-zeLT9uor_HUhkmK2Q==
GET H2	200	languages Show response booking-engine2.hostaway.com/bookingEngines/www.booking.odevaere.com/	92 B 261 B	299ms 100ms	Fetch application/json	54.69.91.159 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://booking-engine2.hostaway.com/bookingEngines/www.booking.odevaere.com/languages Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1711968015 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.69.91.159 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-69-91-159.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 9cd127fecbaa18af7882a8716f8b0b0a85c62143b62385caefb7f3f448d7222c Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Accept application/json Referer accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * date Fri, 05 Apr 2024 12:44:09 GMT cache-control no-cache, private content-encoding gzip server nginx vary Accept-Encoding content-type application/json
GET H2	200	www.booking.odevaere.com Show response booking-engine2.hostaway.com/bookingEngines/	92 B 260 B	285ms 106ms	Fetch application/json	54.69.91.159 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://booking-engine2.hostaway.com/bookingEngines/www.booking.odevaere.com Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1711968015 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.69.91.159 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-69-91-159.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 9cd127fecbaa18af7882a8716f8b0b0a85c62143b62385caefb7f3f448d7222c Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Accept application/json Referer accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * date Fri, 05 Apr 2024 12:44:09 GMT cache-control no-cache, private content-encoding gzip server nginx vary Accept-Encoding content-type application/json
GET H2	200	css2 fonts.googleapis.com/	21 KB 2 KB	111ms 48ms	Stylesheet text/css	2607:f8b0:4006:80e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Montserrat:wght@700;800&family=Open+Sans:wght@400;600;700&display=swap Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1711968015 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 11f001c298228beee3352c841664099bf6132bf13d509d30721b70753163a527 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Fri, 05 Apr 2024 12:44:09 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 05 Apr 2024 12:44:09 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 05 Apr 2024 12:44:09 GMT
POST H2	204	collect www.google-analytics.com/g/	0 261 B	105ms 41ms	Ping text/plain	2607:f8b0:4006:820::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/g/collect?v=2&tid=G-DZF2BQ8W47&gtm=45je4430v878943392za200&_p=1712321049157&gcd=13l3l3l3l1&npa=0&dma=0&cid=235813033.1712321050&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1712321049&sct=1&seg=0&dl=https%3A%2F%2Fwww.booking.odevaere.com%2F&dt=Page%20Not%20Found&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=851 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-DZF2BQ8W47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Fri, 05 Apr 2024 12:44:09 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.booking.odevaere.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	m-outer-3437aaddcdf6922d623e172c2d6f9278.html js.stripe.com/v3/ Frame C3F6	0 0	99ms 35ms	Document text/html	18.164.96.21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.164.96.21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-164-96-21.jfk50.r.cloudfront.net Software Cloudfront / Resource Hash Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 accept-language en-US,en;q=0.9 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes access-control-allow-origin * age 2277 cache-control max-age=31536000 content-length 200 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Fri, 05 Apr 2024 12:06:18 GMT etag "3437aaddcdf6922d623e172c2d6f9278" last-modified Thu, 28 Mar 2024 20:07:12 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 ab734ad5d81cc9d470b6176a05dd968e.cloudfront.net (CloudFront) x-amz-cf-id 9WVge1d8gMZNqXh_JkFhM3gmfYBBRUkiIp9hHtq7-iQuH831uzWjBA== x-amz-cf-pop JFK50-P5 x-cache Hit from cloudfront x-content-type-options nosniff
POST H2	200	/ Show response sentry.hostaway.eu/api/6/envelope/	2 B 316 B	90ms 90ms	Fetch application/json	34.216.122.92 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://sentry.hostaway.eu/api/6/envelope/?sentry_key=119dc6692f8e50e8d2e40fb28227c1bc&sentry_version=7&sentry_client=sentry.javascript.react%2F7.93.0 Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1711968015 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.216.122.92 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-216-122-92.us-west-2.compute.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Strict-Transport-Security “max-age=31536000” Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://www.booking.odevaere.com/ accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 05 Apr 2024 12:44:09 GMT strict-transport-security “max-age=31536000” server nginx/1.18.0 (Ubuntu) vary origin, access-control-request-method, access-control-request-headers content-type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after cross-origin-resource-policy cross-origin content-length 2
POST H2	200	/ Show response sentry.hostaway.eu/api/6/envelope/	41 B 356 B	90ms 90ms	Fetch application/json	34.216.122.92 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://sentry.hostaway.eu/api/6/envelope/?sentry_key=119dc6692f8e50e8d2e40fb28227c1bc&sentry_version=7&sentry_client=sentry.javascript.react%2F7.93.0 Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1711968015 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.216.122.92 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-216-122-92.us-west-2.compute.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 8e37d9b7c2a22097c8f83844d21145d87e73bcc9bcd12e9488c38b066d081a5a Security Headers Name Value Strict-Transport-Security “max-age=31536000” Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://www.booking.odevaere.com/ accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 05 Apr 2024 12:44:09 GMT strict-transport-security “max-age=31536000” server nginx/1.18.0 (Ubuntu) vary origin, access-control-request-method, access-control-request-headers content-type application/json access-control-allow-origin * access-control-expose-headers x-sentry-error,x-sentry-rate-limits,retry-after cross-origin-resource-policy cross-origin content-length 41
GET H/1.1	200 OK	favicon.ico www.booking.odevaere.com/	0 1 KB	87ms 86ms	Other text/html	54.70.111.180 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.booking.odevaere.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.70.111.180 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-70-111-180.us-west-2.compute.amazonaws.com Software nginx/1.16.1 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy script-src 'self' https://* 'unsafe-inline' 'unsafe-eval';style-src 'self' https://* blob: 'unsafe-inline';img-src 'self' https://* data:;media-src 'self' https://*;connect-src 'self' https://* wss://*;frame-src 'self' https://*;frame-ancestors 'self' https://* http://localhost:*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=600 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer accept-language en-US,en;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Fri, 05 Apr 2024 12:44:10 GMT Content-Security-Policy script-src 'self' https://* 'unsafe-inline' 'unsafe-eval';style-src 'self' https://* blob: 'unsafe-inline';img-src 'self' https://* data:;media-src 'self' https://*;connect-src 'self' https://* wss://*;frame-src 'self' https://*;frame-ancestors 'self' https://* http://localhost:*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests X-Content-Type-Options nosniff Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=600 X-Permitted-Cross-Domain-Policies none X-DNS-Prefetch-Control off Cross-Origin-Resource-Policy same-origin Connection keep-alive Content-Length 0 X-XSS-Protection 0 Referrer-Policy no-referrer Server nginx/1.16.1 ETag W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk" X-Download-Options noopen X-Frame-Options SAMEORIGIN Content-Type text/html; charset=utf-8 Origin-Agent-Cluster ?1 X-Booking-Engine booking-engine-6

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| gtag1 object| dataLayer object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| _global object| _sentryDebugIds string| _sentryDebugIdIdentifier object| SENTRY_RELEASE object| __SENTRY__ object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| recaptcha object| webpackChunkStripeJSouter function| noop function| Stripe

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.odevaere.com/	1970-01-21 05:14:41	Name: _ga Value: GA1.1.235813033.1712321050
			.odevaere.com/	1970-01-21 05:14:41	Name: _ga_DZF2BQ8W47 Value: GS1.1.1712321049.1.0.1712321049.0.0.0
			m.stripe.com/	1970-01-21 05:14:41	Name: m Value: d0ab1096-2630-49d3-aba4-af89a027a14be6d859
			.www.booking.odevaere.com/	1970-01-21 04:24:17	Name: __stripe_mid Value: ea5eaadc-cce7-4755-85f2-0fb2cf2c00b8a41f76
			.www.booking.odevaere.com/	1970-01-20 19:38:42	Name: __stripe_sid Value: 01c381b8-b7e1-45d5-b89f-1aab33d17bd84676f5

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.booking.odevaere.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' https://* 'unsafe-inline' 'unsafe-eval';style-src 'self' https://* blob: 'unsafe-inline';img-src 'self' https://* data:;media-src 'self' https://*;connect-src 'self' https://* wss://*;frame-src 'self' https://*;frame-ancestors 'self' https://* http://localhost:*;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains max-age=600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

booking-engine2.hostaway.com
d2q3n06xhbi0am.cloudfront.net
fonts.googleapis.com
js.stripe.com
sentry.hostaway.eu
www.booking.odevaere.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
18.164.96.21
2600:9000:24f1:9a00:d:cb8c:3f80:21
2607:f8b0:4004:c09::5e
2607:f8b0:4006:80e::200a
2607:f8b0:4006:81d::2008
2607:f8b0:4006:820::200e
2607:f8b0:4006:822::2004
34.216.122.92
54.69.91.159
54.70.111.180
11f001c298228beee3352c841664099bf6132bf13d509d30721b70753163a527
2b2d69d51881656e35f035e54f164f39022bdc4f7a8ce0248cdc01ad02ad771f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
5b0f06eb2868e3a7954798bbdb227a4af99c29cf97fb12a0be3095f38618f68b
7af405acf7f87f8815733d97ff7dacdb09b76bbe81f9c7730b1bae1580dd5068
8e37d9b7c2a22097c8f83844d21145d87e73bcc9bcd12e9488c38b066d081a5a
8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137
9cd127fecbaa18af7882a8716f8b0b0a85c62143b62385caefb7f3f448d7222c
a58ff2de4d6a14e055a553e83a4e67aea6aaf589a57364305eec36105cce9ef3
b2d8d3a21904638a498213241ab28d6ad11e70004b9afd788b79f37215678abe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855