Submitted URL: https://disa.mil/network-services/UCCO
Effective URL: https://storefront.disa.mil/kinetic/disa/service-catalog
Submission: On February 14 via manual from IN — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 64 HTTP transactions. The main IP is 214.74.24.66, located in United States and belongs to DNIC-ASBLK-27032-27159, US. The main domain is storefront.disa.mil.
TLS certificate: Issued by TrustID Server CA O1 on March 26th 2020. Valid for: 2 years.
This is the only time storefront.disa.mil was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 156.112.108.76 5307 (DNIC-ASBL...)
63 214.74.24.66 27064 (DNIC-ASBL...)
64 2
Apex Domain
Subdomains
Transfer
64 disa.mil
disa.mil — Cisco Umbrella Rank: 28030
storefront.disa.mil
5 MB
64 1
Domain Requested by
63 storefront.disa.mil storefront.disa.mil
1 disa.mil 1 redirects
64 2
Subject Issuer Validity Valid
storefront.disa.mil
TrustID Server CA O1
2020-03-26 -
2022-03-26
2 years crt.sh

This page contains 1 frames:

Primary Page: https://storefront.disa.mil/kinetic/disa/service-catalog
Frame ID: C0B4E958E245D202645E9F5D64FAF6E2
Requests: 64 HTTP requests in this frame

Screenshot

Page Title

Storefront - DoD Information Network (DoDIN) APL Testing and Certification

Page URL History Show full URLs

  1. https://disa.mil/network-services/UCCO HTTP 301
    https://storefront.disa.mil/kinetic/disa/service-catalog Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

64
Requests

98 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

5005 kB
Transfer

8464 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://disa.mil/network-services/UCCO HTTP 301
    https://storefront.disa.mil/kinetic/disa/service-catalog Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

64 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request service-catalog
storefront.disa.mil/kinetic/disa/
Redirect Chain
  • https://disa.mil/network-services/UCCO
  • https://storefront.disa.mil/kinetic/disa/service-catalog
2 KB
4 KB
Document
General
Full URL
https://storefront.disa.mil/kinetic/disa/service-catalog
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
f5499697c206772e41695dee3d2a43f7db9daffc425d9c288121ec7e0564b2b7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Access-Control-Allow-Credentials
true true
Access-Control-Max-Age
3600
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
X-XSS-Protection
1; mode=block
Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
DENY
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
vary
Origin
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Content-Type
text/html;charset=UTF-8
Content-Language
en
Date
Mon, 14 Feb 2022 08:21:43 GMT
Keep-Alive
timeout=60
Connection
keep-alive
Transfer-Encoding
chunked

Redirect headers

Date
Mon, 14 Feb 2022 08:21:42 GMT
Strict-transport-security
max-age=31557600; includeSubDomains
Cache-control
no-cache, no-store
Pragma
no-cache
Content-type
text/html
Expires
-1
Location
https://storefront.disa.mil/kinetic/disa/service-catalog#/forms/dod-information-network-dodin-apl-testing-and-certification
X-frame-options
SAMEORIGIN
X-content-type-options
nosniff
X-xss-protection
1; mode=block
Content-length
0
Via
1.1 https-www.disa.mil
core.combined.css.h603625281.pack
storefront.disa.mil/kinetic/
16 KB
6 KB
Stylesheet
General
Full URL
https://storefront.disa.mil/kinetic/core.combined.css.h603625281.pack
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/disa/service-catalog
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
9fc310e04bfff5b7eb771c14c5ba03d81dff1fce2bfb6219fb58379abc928450
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
Origin
Content-Length
4587
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 12 Feb 2032 08:21:43 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:43 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
text/css;charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
private
Access-Control-Allow-Credentials
true, true
ETag
pack603625281
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
core.combined.js.h939685815.pack
storefront.disa.mil/kinetic/
416 KB
120 KB
Script
General
Full URL
https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/disa/service-catalog
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
808fd672ad4f518dabd66dc5ebd973234ab02da49f7bbae4aa967ce152f97955
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 12 Feb 2032 08:21:43 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:43 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
text/javascript;charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
private
Access-Control-Allow-Credentials
true, true
ETag
pack939685815
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
bundle.js
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
3 MB
683 KB
Script
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/disa/service-catalog
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
7e0b92b12ad050a4f2999fcb36be36344fd87b8b166da65c97f1021113b5e399
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:43 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
0.bundle.js
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
366 KB
102 KB
Script
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/0.bundle.js
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
a7033adbb3038783454c9fd8c01268a6d1b4f83981fb8fe1f9a5d2b39cacdb12
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:44 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
space
storefront.disa.mil/kinetic/disa/app/api/v1/
6 KB
7 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/space?include=attributes,kapps,kapps.attributes
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
6bca028253eae98e403a05b0d8a96d71d16e372cd309216698d95bf23703b81c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
me
storefront.disa.mil/kinetic/disa/app/api/v1/
0
1 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/me?include=attributes,profileAttributes,memberships
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
0
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:44 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
categories
storefront.disa.mil/kinetic/disa/app/api/v1/kapps/service-catalog/
23 KB
24 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/kapps/service-catalog/categories?include=attributes
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
0c1ae204111aef7f1b8b966cb7ff5a2ac34f503a0650da24f5786b06885b177e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:44 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
forms
storefront.disa.mil/kinetic/disa/app/api/v1/kapps/service-catalog/
65 KB
67 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/kapps/service-catalog/forms?include=categorizations,attributes
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
49fe7abeb57b067fa1c5fa0ac4f0a5bddc05d2a7c7f0e7b4da65436061392133
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:44 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
af7ae505a9eed503f8b8e6982036873e.woff2
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
75 KB
77 KB
Font
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/af7ae505a9eed503f8b8e6982036873e.woff2
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/disa/service-catalog
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
Origin
https://storefront.disa.mil
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
77160
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:44 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
font/woff2
Access-Control-Allow-Origin
https://storefront.disa.mil, https://storefront.disa.mil
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
submissions
storefront.disa.mil/kinetic/disa/app/api/v1/kapps/admin/forms/validation-rules/
5 KB
7 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/kapps/admin/forms/validation-rules/submissions?include=values
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
48792976ea2afbc64dca60fc7f2299a8229ba8d9614c37c62b4fff22c5dfde97
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:44 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
c8d703fb937dd6eaf47555c7ec77813b.png
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
11 KB
12 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/c8d703fb937dd6eaf47555c7ec77813b.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
b81074564e2153aeeeb4d687e76efb2336a43e929ea1648982a925e89f4ac8f5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
10817
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
2fa00a2e0084e4f9b1976c0ba057dbd2.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
193 KB
194 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/2fa00a2e0084e4f9b1976c0ba057dbd2.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
41e0de82b6a329b2819624d0f94359679445f493535e5daf6bc408412554ab9b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
197653
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
ccf03ba1d47adaa8e5a5e00da5b1a0c6.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
124 KB
126 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/ccf03ba1d47adaa8e5a5e00da5b1a0c6.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
a356a1c04d364e91d54914011d7233c74f3d2803ce5b5c667737db40f4a96689
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
127174
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
858985c87226e089ce229ad823fc172c.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
109 KB
110 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/858985c87226e089ce229ad823fc172c.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
417bc909caff570c16a0e1b3078c520622c38f337983c0ff7ad707f7c6f82c4c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
111345
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
86d20c9360b0c67b7b40ae01f44415d5.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
121 KB
122 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/86d20c9360b0c67b7b40ae01f44415d5.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
c5c237aa5c948074ef42acad678aef16a9522c17356d00b0d33a66aacfd69d62
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
123759
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
5c8c2a2fa003980d28451cbdd844e6ef.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
58 KB
59 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/5c8c2a2fa003980d28451cbdd844e6ef.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
8025c26c93882d14e82713f24bbb77042bc5df61956a54538b5c89c1ee61e62a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
59416
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
5570589483149d8a812fb209d0199397.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
201 KB
203 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/5570589483149d8a812fb209d0199397.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
d4a07ef5a53fafba22ecf67e7b23811fcf428f0e6d949f0c43e8c6da591daee4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
206287
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
0364e5d05d54807fa3b47480bbba1253.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
90 KB
91 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/0364e5d05d54807fa3b47480bbba1253.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
24816a271b00ec0e19a0f5476518bd3adb350f707c76c2825ea4c84a50fdc28d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
91680
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
ac9438f13eff71aed6d3fd830e00b3ca.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
93 KB
94 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/ac9438f13eff71aed6d3fd830e00b3ca.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
ca9de4f15a844a72c04c90607d2c80012bd01604896112c45a0e4bf1b97b858d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
94926
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
84b55748666a7420fec9eddb1c615f60.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
49 KB
50 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/84b55748666a7420fec9eddb1c615f60.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
dfb8e3282e3a84fb728b5d71857a138a01144f5c3143b7170c71e14ed27b05e1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
49824
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
7421073097feea667f5a1e0935aa618f.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
106 KB
107 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/7421073097feea667f5a1e0935aa618f.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
a67a2894d65259d480f32b65696235954f5c066a597283ac92455ec9213358f8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
108136
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
c0c1078c7ad5355b1dab9b0877d46711.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
173 KB
174 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/c0c1078c7ad5355b1dab9b0877d46711.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
68efb8eed1dd5eca2ee38cc4b97161fc6f01705daa6444f9dc6f9ef9aeeade6a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
176924
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
93d3a1eca03b6897dd3e21b83ba02f40.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
43 KB
44 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/93d3a1eca03b6897dd3e21b83ba02f40.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
e27aba399a25425087792856251618ccc63a74e2a8643f182916f9049d7b2dd7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
43654
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
6e5b82a5ee0e4977ec03eb97eae1c9d6.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
163 KB
164 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/6e5b82a5ee0e4977ec03eb97eae1c9d6.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
ea03e96463740e83dccbffb516832076afdb30ff249fcd9a102bdd796700c6b3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
166804
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
9b7c104a98d4374c240d39ed7a8bd0ff.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
170 KB
172 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/9b7c104a98d4374c240d39ed7a8bd0ff.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
8fd670de1c9e6bffde2df3f1f79af4cb20e3ce0b8b5b93c33c7164b8eff6c506
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
174454
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
d27ecb7bcc791dd6a8c687d6262a3de8.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
89 KB
91 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/d27ecb7bcc791dd6a8c687d6262a3de8.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
67004a57c7c4c31d2227cf19af38b5c5c7c5a4d6d64a4357208a0ccca0db68be
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
91448
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
07384f7cf9d1348986127a3e00a0e34e.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
108 KB
109 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/07384f7cf9d1348986127a3e00a0e34e.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
303cd9ab5c7660c14d16cad80340fbc80a7e8a5bf9d301f50c4737812b652902
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
110692
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
ee6e3ef7d88e1bcbaba17d726ef0c0fc.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
96 KB
97 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/ee6e3ef7d88e1bcbaba17d726ef0c0fc.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
a1801c8a1d69e9fcf3db0b9edad113c08090a9bc7215be489bb7bb06f3056dae
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
97985
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
32ebc1493a8a3b7c8b859da2428d796a.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
66 KB
68 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/32ebc1493a8a3b7c8b859da2428d796a.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
f5bd2a631bfd6ee85cd425ab7228585a438035ba45f50205792946161fa97f77
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
67858
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
ab2d75e69aef779f7787b23a57f5290b.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
122 KB
123 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/ab2d75e69aef779f7787b23a57f5290b.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
88368666363306e4bff36e3453b38b74e9d15412987ec21d7de9955ac9ea4b2b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
125075
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
3a42fce18c7c7f228f609551669cb4af.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
58 KB
59 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/3a42fce18c7c7f228f609551669cb4af.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
ecf2037cd9a98c4619cd86244cb7bc2ff4a21e9097152456df502ebed7c148be
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
58915
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
a3a40737b8ef3121b4e9d7c622b73c33.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
115 KB
116 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/a3a40737b8ef3121b4e9d7c622b73c33.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
0a96cfcba142cafe184a3207ce8af023635e062bb10041f0ae27f07968310b02
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
117908
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
df32a531e7727885cb72682dda55ecfc.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
110 KB
111 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/df32a531e7727885cb72682dda55ecfc.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
e7e6607c99af736881d202583416792cc02496f6c78a6e4cb61428c85c8e5ceb
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
112598
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
0a2b740f92bfb9a5c0733e23ad466a96.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
139 KB
140 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/0a2b740f92bfb9a5c0733e23ad466a96.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
bb74e0ab20f68bfd74ba3d240a188fcdef4059c373147f7ccbdbe4949cb6d522
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
142374
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
f83160b012871d7c242d0bae03df10f1.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
58 KB
59 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/f83160b012871d7c242d0bae03df10f1.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
ebd7652acbf7d39e4d4d3570765f03546d34829f8034bf9ca576adcf5e3b28b4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
59418
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
5a2daa1cbca431aaec431e02bded6440.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
106 KB
107 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/5a2daa1cbca431aaec431e02bded6440.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
4d19476d270f9f36a814c395c2a68e72eeaa7a00ebe400656f667ca357464ecb
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
108457
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
0b128cbc8cea9a0fb5c13e211678ddce.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
193 KB
194 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/0b128cbc8cea9a0fb5c13e211678ddce.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
17d029daa279ec419f71ea77cb648680d1cca5cf46d9449e21f62959c5606bb4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
197674
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
db54e3eb5e0ecbaa086868a8432fe8c6.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
130 KB
131 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/db54e3eb5e0ecbaa086868a8432fe8c6.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
58e8c6a1179467d0eb9339922afaee76c4563849d7c31e45bc52b1b0fcaf639b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
133037
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
cdf57f849de325e2d6bef21d1f67b9bb.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
165 KB
166 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/cdf57f849de325e2d6bef21d1f67b9bb.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
b7df0e6d4e87ed72b387936ffd54bec898cef96d72a85ef56a0c63a423264806
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
168490
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
489a4912568ee9c6705c4caf2f70e4b9.jpg
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
95 KB
97 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/489a4912568ee9c6705c4caf2f70e4b9.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
08d1bcb5670784474f621b84d09a787dd9d24643f8002ae66f1e13ef43afd279
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
97562
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
submissions
storefront.disa.mil/kinetic/disa/app/api/v1/kapps/admin/forms/announcements/
6 KB
7 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/kapps/admin/forms/announcements/submissions?include=details,values&type=Datastore&limit=10&q=values[Status]+%3D+%22active%22
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
00c10e9460b8eafa16f30d40e185d0d98af0504fc4da89cd7d02d7c4ce724c35
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
submissions
storefront.disa.mil/kinetic/disa/app/api/v1/kapps/service-catalog/
53 B
1 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/kapps/service-catalog/submissions?include=details,values,form,form.attributes,form.kapp,form.kapp.attributes,form.kapp.space.attributes&type=Service&limit=10&q=(+values[Requested+For]+%3D+%22anonymous%22+OR+submittedBy+%3D+%22anonymous%22)
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
14caf7f1195c1ecaad38930735cc8a7f0cf87d60ce3e6bb913720b69b636a009
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
submissions
storefront.disa.mil/kinetic/disa/app/api/v1/kapps/service-catalog/forms/data-page-approval/
898 B
2 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/kapps/service-catalog/forms/data-page-approval/submissions?include=details,values&type=Service&limit=1&q=values[Data+Page+Form+Slug]+%3D+%22dod-information-network-dodin-apl-testing-and-certification%22
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
e1dbba87f8e5bd3e76b3a485cc364394a46d2393522d85075a503436b074f1b4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
submissions
storefront.disa.mil/kinetic/disa/app/api/v1/kapps/admin/forms/active-help/
53 B
1 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/kapps/admin/forms/active-help/submissions?include=values&q=values[Status]+%3D+%22active%22+AND+values[Page]+%3D+%22%2Fforms%2Fdod-information-network-dodin-apl-testing-and-certification%22
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
14caf7f1195c1ecaad38930735cc8a7f0cf87d60ce3e6bb913720b69b636a009
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
dataPages.js
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/
7 KB
3 KB
Script
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/dataPages.js
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
a309db31955883ecf5f5c8eeeebbf984b3b77f43a714d69c024d905199b2df28
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:46 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
dod-information-network-dodin-apl-testing-and-certification
storefront.disa.mil/kinetic/disa/service-catalog/
14 KB
16 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/service-catalog/dod-information-network-dodin-apl-testing-and-certification?&embedded
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
7abdbb6d2ff9af9d922e8654c0c1cc920924dd66e1aa9219622cba0ceecb0866
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
text/html, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Language
en
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Content-Type
text/html;charset=UTF-8
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
9d72186992f4e0cf118f8f0502ac4bea.png
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
1 KB
2 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/9d72186992f4e0cf118f8f0502ac4bea.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
e63cc8301c657e28db2cc134f9455cfcdef71ebd8d5c8a8fb2b28918bf026b1f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
1144
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
3f7811ac90f9b06e2aea79a140188a11.png
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
1 KB
2 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/3f7811ac90f9b06e2aea79a140188a11.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
4171c9c5a0fdd16e57d329e77d5c212dcee85bd4cd627a288df97bc224ed4103
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
1180
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
695277a398c416221ed70065ac4a48ad.png
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
1 KB
3 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/695277a398c416221ed70065ac4a48ad.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
a76ef74a7dd8ca6ab7bc772617ccd4fe2f9e9ff1e3a5229f6e1aa94fab6b8308
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
1265
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
db855933312f4b8478671126920e1840.png
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
338 B
2 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/db855933312f4b8478671126920e1840.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
99a862bfd79b5964942b2c80aadb1059124c9a2a1156ac5454005c2597877c89
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
338
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
370a02960edeedcde9f455a08aebce71.png
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
447 B
2 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/370a02960edeedcde9f455a08aebce71.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
9d770e3a4719194208b685e4a7d7d72d84cb0c7100b7a3015449ecc19452df82
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
447
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
53870a715c64edf651c39e6183157e13.png
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
337 B
2 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/53870a715c64edf651c39e6183157e13.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
4c73c0d4ba0409e09afa20fda2258927b9461039261d17aa54a5582a11aeafdd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
337
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
249a67e94b580a46db53bbe52245465c.png
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/
3 KB
4 KB
Image
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/249a67e94b580a46db53bbe52245465c.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
a0af7950e6b99c093024bdd55ea9650fdea759bb2a36af60c6ad517da4dfafc0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Connection
keep-alive
vary
Origin
Content-Length
2725
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:50 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:45 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
dataPages.css
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/
4 KB
3 KB
Stylesheet
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/dataPages.css
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
56839f9eee5303ffff0f6efe08617ebe72db0ddda3865a4c4841a99d304b53a0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:46 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
text/css
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
jquery-ui.js
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/jquery-ui/
527 KB
125 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/jquery-ui/jquery-ui.js?_=1644826903677
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
0bad7e3a8031272f74e25e91d73f50a3e90f9726df30b38823b94f956ea82c67
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:46 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
ckeditor.js
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/ckeditor/
556 KB
166 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/ckeditor/ckeditor.js?_=1644826903678
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
78dc106885a4919e67eb2abf342dd499f53b215f3c34c3eeb9f8aa655590f100
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:38 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:46 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
jquery.js
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/ckeditor/adapters/
3 KB
3 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/ckeditor/adapters/jquery.js?_=1644826903679
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
4234eebb1d73eef4fefe0c8db2a0171e8af5a003ff6a2b546e586e8ed851e88f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:38 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:47 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
dataPages.js
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/
7 KB
3 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/dataPages.js?_=1644826903680
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
a309db31955883ecf5f5c8eeeebbf984b3b77f43a714d69c024d905199b2df28
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:46 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:47 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
dataPages-Author.js
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/
24 KB
7 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/dataPages-Author.js?_=1644826903681
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
9ffd08190c2b6893d13453ecab1c67e9dcd92123d6cb977ef0458e293d4847ec
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:46 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:47 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
dataPages-Approval.js
storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/
18 KB
5 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/libraries/data-pages/dataPages-Approval.js?_=1644826903682
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
d2aaa00341b6c311097888e948dbe16492768d45377f39baaa155aaf2867137a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Connection
keep-alive
vary
origin,accept-encoding
X-XSS-Protection
1; mode=block
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Last-Modified
Fri, 27 Aug 2021 22:31:46 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:47 GMT
Access-Control-Max-Age
3600
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Accept-Ranges
bytes
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
submissions
storefront.disa.mil/kinetic/disa/app/api/v1/kapps/admin/forms/page-tooltip/
144 KB
146 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/app/api/v1/kapps/admin/forms/page-tooltip/submissions?include=values&q=(values%5Bservice-name%5D%20%3D%20%22dod-information-network-dodin-apl-testing-and-certification%22%20OR%20values%5Bservice-name%5D%20%3D%20%22ALL%22)%20AND%20values%5BStatus%5D%20%3D%20%22active%22&limit=1000
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/app/bundles/disa/request-ce-bundle-disa-service-catalog/static/bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
3874e1d979c5c72842727d6a6bc2b56a485a9544059ff9899488cf8538046f6c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:47 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Data%20Pages%20Template
storefront.disa.mil/kinetic/disa/service-catalog/dod-information-network-dodin-apl-testing-and-certification/bridgedResources/
10 KB
11 KB
XHR
General
Full URL
https://storefront.disa.mil/kinetic/disa/service-catalog/dod-information-network-dodin-apl-testing-and-certification/bridgedResources/Data%20Pages%20Template?attributes=
Requested by
Host: storefront.disa.mil
URL: https://storefront.disa.mil/kinetic/core.combined.js.h939685815.pack
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
214.74.24.66 , United States, ASN27064 (DNIC-ASBLK-27032-27159, US),
Reverse DNS
Software
/
Resource Hash
c2530d5d386a8d8d78b5d7ed883608d07453173b0acc52df06fe34447949d841
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, */*; q=0.01
Referer
https://storefront.disa.mil/kinetic/disa/service-catalog
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/json

Response headers

Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security
max-age=31557600; includeSubDomains; preload
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
vary
Origin
X-XSS-Protection
1; mode=block
Pragma
no-cache
Access-Control-Allow-Headers
X-Requested-With, Content-Type, Accept, Authorization
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-FRAME-OPTIONS
DENY
Date
Mon, 14 Feb 2022 08:21:47 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
PATCH, PUT, POST, GET, HEAD, OPTIONS, DELETE
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true, true
Keep-Alive
timeout=60
X-Content-Security-Policy
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Data%20Pages%20Content
storefront.disa.mil/kinetic/disa/service-catalog/dod-information-network-dodin-apl-testing-and-certification/bridgedResources/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
storefront.disa.mil
URL
https://storefront.disa.mil/kinetic/disa/service-catalog/dod-information-network-dodin-apl-testing-and-certification/bridgedResources/Data%20Pages%20Content?attributes=

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| Bindings object| KD function| $ function| jQuery function| moment function| _ object| Kinetic function| K object| bundle function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| __$$GLOBAL_REWIRE_REGISTRY__ function| __rewire_reset_all__ number| __$$GLOBAL_REWIRE_NEXT_MODULE_ID__ function| BootstrapTable function| TableHeaderColumn function| InsertModalHeader function| InsertModalBody function| InsertModalFooter function| InsertButton function| DeleteButton function| ShowSelectedOnlyButton function| ExportCSVButton function| ClearSearchButton function| SearchField function| ButtonGroup function| SizePerPageDropDown function| typeAheadSearch object| typeaheadConfigurations object| DataViewer function| fieldModifiers object| CKEDITOR object| DataPages function| createApprovalParentRecord

4 Cookies

Domain/Path Name / Value
storefront.disa.mil/kinetic Name: JSESSIONID
Value: 1271A2F7049AD9AA0A642CC41EC5A323
storefront.disa.mil/kinetic Name: TS01ea2329
Value: 01d21c42801bec7dd9177a1c9d39e2e083e646d75396cc9efe0327cc0ac77c40b014b55f3807795c94dccad6bce88f54d0924aebfe
storefront.disa.mil/ Name: BIGipServerDISA_DSFPROD_storefront.disa.mil_POOL
Value: !e954SZtfHZpjP/mhdRR7ejNvOpeXwAvA1SxcCoOHCkOV1qDtsmGbQAZahmDbq+0xFkgE6FmVr8RzSpM=
storefront.disa.mil/ Name: TS01889029
Value: 01d21c42801bec7dd9177a1c9d39e2e083e646d75396cc9efe0327cc0ac77c40b014b55f3807795c94dccad6bce88f54d0924aebfe

1 Console Messages

Source Level URL
Text
security error URL: https://storefront.disa.mil/kinetic/disa/service-catalog#/forms/dod-information-network-dodin-apl-testing-and-certification
Message:
Unrecognized Content-Security-Policy directive 'reflected-xss'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Security-Policy default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self'; font-src 'self' data:; connect-src 'self'; form-action 'self'; reflected-xss block
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

disa.mil
storefront.disa.mil
storefront.disa.mil
156.112.108.76
214.74.24.66
00c10e9460b8eafa16f30d40e185d0d98af0504fc4da89cd7d02d7c4ce724c35
08d1bcb5670784474f621b84d09a787dd9d24643f8002ae66f1e13ef43afd279
0a96cfcba142cafe184a3207ce8af023635e062bb10041f0ae27f07968310b02
0bad7e3a8031272f74e25e91d73f50a3e90f9726df30b38823b94f956ea82c67
0c1ae204111aef7f1b8b966cb7ff5a2ac34f503a0650da24f5786b06885b177e
14caf7f1195c1ecaad38930735cc8a7f0cf87d60ce3e6bb913720b69b636a009
17d029daa279ec419f71ea77cb648680d1cca5cf46d9449e21f62959c5606bb4
24816a271b00ec0e19a0f5476518bd3adb350f707c76c2825ea4c84a50fdc28d
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
303cd9ab5c7660c14d16cad80340fbc80a7e8a5bf9d301f50c4737812b652902
3874e1d979c5c72842727d6a6bc2b56a485a9544059ff9899488cf8538046f6c
4171c9c5a0fdd16e57d329e77d5c212dcee85bd4cd627a288df97bc224ed4103
417bc909caff570c16a0e1b3078c520622c38f337983c0ff7ad707f7c6f82c4c
41e0de82b6a329b2819624d0f94359679445f493535e5daf6bc408412554ab9b
4234eebb1d73eef4fefe0c8db2a0171e8af5a003ff6a2b546e586e8ed851e88f
48792976ea2afbc64dca60fc7f2299a8229ba8d9614c37c62b4fff22c5dfde97
49fe7abeb57b067fa1c5fa0ac4f0a5bddc05d2a7c7f0e7b4da65436061392133
4c73c0d4ba0409e09afa20fda2258927b9461039261d17aa54a5582a11aeafdd
4d19476d270f9f36a814c395c2a68e72eeaa7a00ebe400656f667ca357464ecb
56839f9eee5303ffff0f6efe08617ebe72db0ddda3865a4c4841a99d304b53a0
58e8c6a1179467d0eb9339922afaee76c4563849d7c31e45bc52b1b0fcaf639b
67004a57c7c4c31d2227cf19af38b5c5c7c5a4d6d64a4357208a0ccca0db68be
68efb8eed1dd5eca2ee38cc4b97161fc6f01705daa6444f9dc6f9ef9aeeade6a
6bca028253eae98e403a05b0d8a96d71d16e372cd309216698d95bf23703b81c
78dc106885a4919e67eb2abf342dd499f53b215f3c34c3eeb9f8aa655590f100
7abdbb6d2ff9af9d922e8654c0c1cc920924dd66e1aa9219622cba0ceecb0866
7e0b92b12ad050a4f2999fcb36be36344fd87b8b166da65c97f1021113b5e399
8025c26c93882d14e82713f24bbb77042bc5df61956a54538b5c89c1ee61e62a
808fd672ad4f518dabd66dc5ebd973234ab02da49f7bbae4aa967ce152f97955
88368666363306e4bff36e3453b38b74e9d15412987ec21d7de9955ac9ea4b2b
8fd670de1c9e6bffde2df3f1f79af4cb20e3ce0b8b5b93c33c7164b8eff6c506
99a862bfd79b5964942b2c80aadb1059124c9a2a1156ac5454005c2597877c89
9d770e3a4719194208b685e4a7d7d72d84cb0c7100b7a3015449ecc19452df82
9fc310e04bfff5b7eb771c14c5ba03d81dff1fce2bfb6219fb58379abc928450
9ffd08190c2b6893d13453ecab1c67e9dcd92123d6cb977ef0458e293d4847ec
a0af7950e6b99c093024bdd55ea9650fdea759bb2a36af60c6ad517da4dfafc0
a1801c8a1d69e9fcf3db0b9edad113c08090a9bc7215be489bb7bb06f3056dae
a309db31955883ecf5f5c8eeeebbf984b3b77f43a714d69c024d905199b2df28
a356a1c04d364e91d54914011d7233c74f3d2803ce5b5c667737db40f4a96689
a67a2894d65259d480f32b65696235954f5c066a597283ac92455ec9213358f8
a7033adbb3038783454c9fd8c01268a6d1b4f83981fb8fe1f9a5d2b39cacdb12
a76ef74a7dd8ca6ab7bc772617ccd4fe2f9e9ff1e3a5229f6e1aa94fab6b8308
b7df0e6d4e87ed72b387936ffd54bec898cef96d72a85ef56a0c63a423264806
b81074564e2153aeeeb4d687e76efb2336a43e929ea1648982a925e89f4ac8f5
bb74e0ab20f68bfd74ba3d240a188fcdef4059c373147f7ccbdbe4949cb6d522
c2530d5d386a8d8d78b5d7ed883608d07453173b0acc52df06fe34447949d841
c5c237aa5c948074ef42acad678aef16a9522c17356d00b0d33a66aacfd69d62
ca9de4f15a844a72c04c90607d2c80012bd01604896112c45a0e4bf1b97b858d
d2aaa00341b6c311097888e948dbe16492768d45377f39baaa155aaf2867137a
d4a07ef5a53fafba22ecf67e7b23811fcf428f0e6d949f0c43e8c6da591daee4
dfb8e3282e3a84fb728b5d71857a138a01144f5c3143b7170c71e14ed27b05e1
e1dbba87f8e5bd3e76b3a485cc364394a46d2393522d85075a503436b074f1b4
e27aba399a25425087792856251618ccc63a74e2a8643f182916f9049d7b2dd7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e63cc8301c657e28db2cc134f9455cfcdef71ebd8d5c8a8fb2b28918bf026b1f
e7e6607c99af736881d202583416792cc02496f6c78a6e4cb61428c85c8e5ceb
ea03e96463740e83dccbffb516832076afdb30ff249fcd9a102bdd796700c6b3
ebd7652acbf7d39e4d4d3570765f03546d34829f8034bf9ca576adcf5e3b28b4
ecf2037cd9a98c4619cd86244cb7bc2ff4a21e9097152456df502ebed7c148be
f5499697c206772e41695dee3d2a43f7db9daffc425d9c288121ec7e0564b2b7
f5bd2a631bfd6ee85cd425ab7228585a438035ba45f50205792946161fa97f77