goldmanbagels.bottle.com Open in urlscan Pro
3.232.242.170  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response goldmanbagels.bottle.com/	2 KB 2 KB	380ms 110ms	Document text/html	3.232.242.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://goldmanbagels.bottle.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.232.242.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-232-242-170.compute-1.amazonaws.com Software Cowboy / Express Resource Hash a5570c4b61c009fa54e0e8602489402ca6d84c063b72253555e647b5f6185e57 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Cache-Control public, max-age=0 Connection keep-alive Content-Length 1645 Content-Type text/html; charset=UTF-8 Date Tue, 28 Mar 2023 00:25:59 GMT Etag W/"66d-1870ec38b88" Last-Modified Thu, 23 Mar 2023 13:58:29 GMT Server Cowboy Via 1.1 vegur X-Powered-By Express
GET H/1.1	200 OK	chunk-vendors.20aefa46.js Show response goldmanbagels.bottle.com/js/	641 KB 641 KB	112ms 111ms	Script application/javascript	3.232.242.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://goldmanbagels.bottle.com/js/chunk-vendors.20aefa46.js Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.232.242.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-232-242-170.compute-1.amazonaws.com Software Cowboy / Express Resource Hash 0e84309260e7f2e4cb435cb8ff54d6ecce81eb9444c66efc12fe6bb9fed613f5 Request headers Referer https://goldmanbagels.bottle.com/ Origin https://goldmanbagels.bottle.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 00:25:59 GMT Via 1.1 vegur Last-Modified Thu, 23 Mar 2023 13:58:29 GMT Server Cowboy X-Powered-By Express Etag W/"a04a0-1870ec38b88" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 656544
GET H/1.1	200 OK	app.a37706fa.js Show response goldmanbagels.bottle.com/js/	328 KB 328 KB	333ms 111ms	Script application/javascript	3.232.242.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://goldmanbagels.bottle.com/js/app.a37706fa.js Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.232.242.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-232-242-170.compute-1.amazonaws.com Software Cowboy / Express Resource Hash d6293564a4665bca49db1b32da0ca88314458e27fb3210bf7615a08fdcd19135 Request headers Referer https://goldmanbagels.bottle.com/ Origin https://goldmanbagels.bottle.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 00:25:59 GMT Via 1.1 vegur Last-Modified Thu, 23 Mar 2023 13:58:29 GMT Server Cowboy X-Powered-By Express Etag W/"51e9b-1870ec38b88" Content-Type application/javascript; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 335515
GET H/1.1	200 OK	chunk-vendors.865d56e3.css goldmanbagels.bottle.com/css/	30 KB 30 KB	332ms 111ms	Stylesheet text/css	3.232.242.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://goldmanbagels.bottle.com/css/chunk-vendors.865d56e3.css Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.232.242.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-232-242-170.compute-1.amazonaws.com Software Cowboy / Express Resource Hash 638a8bc98ee933932d6488e4d69d81d7209dc8676c6da02267ad3699a35a60e9 Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 00:25:59 GMT Via 1.1 vegur Last-Modified Thu, 23 Mar 2023 13:58:07 GMT Server Cowboy X-Powered-By Express Etag W/"781b-1870ec33598" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 30747
GET H/1.1	200 OK	app.8afb6da1.css goldmanbagels.bottle.com/css/	65 KB 65 KB	331ms 110ms	Stylesheet text/css	3.232.242.170 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://goldmanbagels.bottle.com/css/app.8afb6da1.css Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.232.242.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-232-242-170.compute-1.amazonaws.com Software Cowboy / Express Resource Hash ea72fad91d78d952bc31c36e80133404c2752e22f7a9369d936267fc4ce87974 Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 00:25:59 GMT Via 1.1 vegur Last-Modified Thu, 23 Mar 2023 13:58:07 GMT Server Cowboy X-Powered-By Express Etag W/"1049f-1870ec33598" Content-Type text/css; charset=UTF-8 Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 66719
GET H2	200	/ Show response js.stripe.com/v3/	452 KB 109 KB	105ms 26ms	Script text/javascript	65.9.95.108 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/ Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.95.108 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-95-108.prg50.r.cloudfront.net Software Cloudfront / Resource Hash 90dd7783bb8bc2625f9c2c9ce2a08f7f63d36fcf7c1e84a4ee039d8a2aaf8bd5 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Tue, 28 Mar 2023 00:25:59 GMT via 1.1 5a9253ffd4a04a82b061e7ef23f713d4.cloudfront.net (CloudFront) x-amz-cf-pop PRG50-C1 age 47 x-cache Hit from cloudfront last-modified Mon, 27 Mar 2023 20:31:39 GMT server Cloudfront etag W/"13e9ecc648677c907a67e3392a727a2e" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 timing-allow-origin * x-amz-cf-id ObC1QZGNaZPOH3hrw6cfzI0sjaxopyahxnDBtX7cDviy1dJaJ7wXCA==
GET H2	200	js Show response maps.googleapis.com/maps/api/	171 KB 56 KB	85ms 46ms	Script text/javascript	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/js?key=AIzaSyBQeJ3fzm_SpaFLkLYxeuhGRMVQ1Lv89UU&libraries=places Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software mafe / Resource Hash f68bc7a9fdcf9d4bdf240635442c69fcdcbae0e61e8a1e93e8d055df8d0e1a40 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:25:59 GMT content-encoding gzip server mafe vary Accept-Language x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control public, max-age=1800 cross-origin-resource-policy cross-origin server-timing gfet4t7; dur=32 timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 57341 x-xss-protection 0 expires Tue, 28 Mar 2023 00:55:59 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	107 KB 28 KB	28ms 10ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Tue, 28 Mar 2023 00:25:59 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27909 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug krKwTiY9bIPbQXWSCTKZ7itnfeK9FWnxx39yjYdEjPWldY5fUOCzGDhtRhudNYFslrCWVbLpVctfAYQ/boSOBA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 686109401 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	css2 fonts.googleapis.com/	55 KB 2 KB	64ms 26ms	Stylesheet text/css	2a00:1450:4001:80e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=EB+Garamond:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&family=Inter:wght@100;200;300;400;500;600;700;800;900&family=Manrope:wght@200;300;400;500;600;700;800&display=swap Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/css/app.8afb6da1.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 28a5e07b96e2002482e16614c69b96d4fbfb8a491ec046efdc0bd3be1421c68c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 28 Mar 2023 00:25:59 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 28 Mar 2023 00:25:59 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 28 Mar 2023 00:25:59 GMT
GET H2	200	gen_204 Show response maps.googleapis.com/maps/api/mapsjs/	3 B 363 B	62ms 27ms	XHR application/json	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBQeJ3fzm_SpaFLkLYxeuhGRMVQ1Lv89UU&libraries=places Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:25:59 GMT content-encoding gzip x-content-type-options nosniff server scaffolding on HTTPServer2 vary Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type application/json; charset=UTF-8 access-control-allow-origin https://goldmanbagels.bottle.com access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23 x-xss-protection 0
OPTIONS H/1.1	200 OK	tokens api.bottle.com/merchant/ Frame	0 0	372ms 106ms	Preflight	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.bottle.com/merchant/tokens Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://goldmanbagels.bottle.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Access-Control-Allow-Headers content-type Access-Control-Allow-Methods GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS Access-Control-Allow-Origin * Access-Control-Expose-Headers Access-Control-Max-Age 7200 Connection keep-alive Date Tue, 28 Mar 2023 00:25:59 GMT Server Cowboy Transfer-Encoding chunked Via 1.1 vegur
POST H/1.1	200 OK	tokens Show response api.bottle.com/merchant/	232 B 973 B	113ms 112ms	Fetch application/json	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.bottle.com/merchant/tokens Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/js/chunk-vendors.20aefa46.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash 39f5bb1b8ea34ea0f5368bb84aa24f8aa4d8305b5c137b3d4601e66fa97d052b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept application/json Referer https://goldmanbagels.bottle.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Content-Type application/json Response headers Date Tue, 28 Mar 2023 00:25:59 GMT Content-Encoding gzip X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000 Via 1.1 vegur Transfer-Encoding chunked Connection keep-alive X-Xss-Protection 1; mode=block X-Request-Id 6e246cf5-a8fc-4911-9760-77d65179fae0 X-Runtime 0.005047 Server Cowboy Etag W/"63571353d98192f69b7350aa174183b6" X-Frame-Options SAMEORIGIN Access-Control-Max-Age 7200 Access-Control-Allow-Methods GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS Access-Control-Allow-Origin * Access-Control-Expose-Headers Vary Accept-Encoding, Origin Cache-Control max-age=0, private, must-revalidate Content-Type application/json; charset=utf-8
GET H/1.1	200 OK	bottle-yellow.251df412.svg goldmanbagels.bottle.com/img/	3 KB 3 KB	111ms 111ms	Image image/svg+xml	3.232.242.170 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://goldmanbagels.bottle.com/img/bottle-yellow.251df412.svg Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.232.242.170 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-232-242-170.compute-1.amazonaws.com Software Cowboy / Express Resource Hash 22f8a5170a390c9cb30f0e9681c9a977cb04a84c07836bc6631d9add7ab1a202 Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 00:26:00 GMT Via 1.1 vegur Last-Modified Thu, 23 Mar 2023 13:58:07 GMT Server Cowboy X-Powered-By Express Etag W/"b2d-1870ec33598" Content-Type image/svg+xml Cache-Control public, max-age=0 Connection keep-alive Accept-Ranges bytes Content-Length 2861
GET H2	200	m-outer-93afeeb17bc37e711759584dbfc50d47.html Show response js.stripe.com/v3/ Frame 8F86	200 B 1 KB	23ms 23ms	Document text/html	65.9.95.108 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.95.108 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-95-108.prg50.r.cloudfront.net Software Cloudfront / Resource Hash f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://goldmanbagels.bottle.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 188 cache-control max-age=31536000 content-length 200 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Tue, 28 Mar 2023 00:22:53 GMT etag "93afeeb17bc37e711759584dbfc50d47" last-modified Mon, 27 Mar 2023 20:02:53 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 5a9253ffd4a04a82b061e7ef23f713d4.cloudfront.net (CloudFront) x-amz-cf-id BcigbWAc9ATTXidvnoSR2d6A56arC8Mqz8e-ZWgWautrQfJfGjgOmg== x-amz-cf-pop PRG50-C1 x-cache Hit from cloudfront x-content-type-options nosniff
GET H2	200	UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 fonts.gstatic.com/s/inter/v12/	37 KB 38 KB	55ms 13ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=EB+Garamond:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&family=Inter:wght@100;200;300;400;500;600;700;800;900&family=Manrope:wght@200;300;400;500;600;700;800&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://goldmanbagels.bottle.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 21 Mar 2023 08:37:43 GMT x-content-type-options nosniff age 575297 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 37924 x-xss-protection 0 last-modified Mon, 11 Jul 2022 20:54:46 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 20 Mar 2024 08:37:43 GMT
POST H2	200	csp-report q.stripe.com/ Frame 8F86	0 641 B	571ms 184ms	Other text/plain	54.187.119.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-119-242.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Content-Type application/csp-report Response headers date Tue, 28 Mar 2023 00:26:00 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-envoy-upstream-service-time 1 content-length 0 x-stripe-bg-intended-route-color green pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com x-stripe-client-envoy-start-time-us 1679963160484092 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-expose-headers Server, Range, Content-Type x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
POST H2	200	csp-report q.stripe.com/ Frame 8F86	0 640 B	572ms 186ms	Other text/plain	54.187.119.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-119-242.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Content-Type application/csp-report Response headers date Tue, 28 Mar 2023 00:26:00 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-envoy-upstream-service-time 2 content-length 0 x-stripe-bg-intended-route-color green pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com x-stripe-client-envoy-start-time-us 1679963160484173 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-expose-headers Server, Range, Content-Type x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
GET H2	200	m-outer-8cb24ab2d649fd36a488d04d8c457933.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 8F86	631 B 1 KB	23ms 22ms	Script text/javascript	65.9.95.108 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.95.108 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-95-108.prg50.r.cloudfront.net Software Cloudfront / Resource Hash 250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload date Mon, 27 Mar 2023 23:31:43 GMT x-content-type-options nosniff via 1.1 5a9253ffd4a04a82b061e7ef23f713d4.cloudfront.net (CloudFront) x-amz-cf-pop PRG50-C1 age 3261 x-cache Hit from cloudfront content-length 631 last-modified Fri, 24 Mar 2023 20:38:18 GMT server Cloudfront etag "f8f6a4584135f737b26927596ce6e0a7" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * x-amz-cf-id 0jfN2W33g17ODopirB4EGtJUMhXHJIY5N0MwEyeOZjCSvDPch58IHQ==
GET H2	200	inner.html Show response m.stripe.network/ Frame 0404	930 B 1 KB	45ms 7ms	Document text/html	151.101.64.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.64.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35 Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 290 cache-control max-age=300, public content-encoding gzip content-length 527 content-security-policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Tue, 28 Mar 2023 00:26:00 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload vary Accept-Encoding, Origin via 1.1 varnish x-cache HIT x-cache-hits 46 x-content-type-options nosniff x-request-id f3c3b389-a081-4eec-bde0-16d648747176 x-served-by cache-fra-eddf8230020-FRA x-timer S1679963160.079427,VS0,VE0
POST H2	200	csp-report q.stripe.com/ Frame 0404	0 414 B	489ms 185ms	Other text/plain	54.187.119.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-119-242.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Content-Type application/csp-report Response headers x-stripe-bg-intended-route-color green pragma no-cache date Tue, 28 Mar 2023 00:26:00 GMT strict-transport-security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff server nginx cross-origin-opener-policy same-origin x-stripe-client-envoy-start-time-us 1679963160484180 cache-control max-age=0, no-cache, no-store, must-revalidate x-envoy-upstream-service-time 1 x-robots-tag none content-length 0 expires 0
GET H2	200	out-4.5.42.js Show response m.stripe.network/ Frame 0404	86 KB 16 KB	7ms 7ms	Script text/javascript	151.101.64.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.42.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.64.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload date Tue, 28 Mar 2023 00:26:00 GMT x-content-type-options nosniff content-encoding gzip via 1.1 varnish age 150 x-cache HIT content-length 16031 x-request-id 76b28ac8-52cb-4435-a17e-57dd3e81d1fc x-served-by cache-fra-eddf8230020-FRA server Fastly x-timer S1679963160.097330,VS0,VE0 vary Accept-Encoding, Origin content-type text/javascript; charset=utf-8 cache-control max-age=300, public accept-ranges bytes x-cache-hits 25
POST H2	200	6 Show response m.stripe.com/ Frame 0404	156 B 633 B	561ms 184ms	XHR application/json	52.43.190.165 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.42.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.43.190.165 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-43-190-165.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 917ceadd51da808ce2719e533417dfd40da46fbe699bfa40e4e11640190dd512 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-stripe-bg-intended-route-color green date Tue, 28 Mar 2023 00:26:00 GMT strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1679963160613089 server nginx content-type application/json;charset=utf-8 access-control-allow-origin https://m.stripe.network x-stripe-client-envoy-start-time-us 1679963160612778 access-control-allow-credentials true access-control-allow-headers Content-Type content-length 156
GET H/1.1	200 OK	info Show response api.bottle.com/merchant/	1 KB 1 KB	236ms 132ms	Fetch application/json	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.bottle.com/merchant/info Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/js/chunk-vendors.20aefa46.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash 54e0a4a44c70c075ca189f16f1b85b46613320d7da84928af1ee953cfdb7ee7f Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Authorization Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjaGFudCI6eyJpZCI6NzUwNDM3LCJoYW5kbGUiOiJnb2xkbWFuYmFnZWxzIn0sImFub255bW91c190b2tlbiI6ImViM2FiOGQwMjIwZjUwNGMwOTA4NTE2NzAzZDA4ZTcwIn0.Ooa2AzUPOBwX2HqZaaKPLj5OKdr1xl6gjl3BqibyUj0 Content-Type application/json Accept application/json Referer https://goldmanbagels.bottle.com/ baggage sentry-trace 14c923a2de7140adb60c9c7354ef3c0b-9ed731c670f943bd-1 Response headers Date Tue, 28 Mar 2023 00:26:00 GMT Content-Encoding gzip X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000 Via 1.1 vegur Transfer-Encoding chunked Connection keep-alive X-Xss-Protection 1; mode=block X-Request-Id e34bdde7-23df-48dc-8351-d3d79cedba8d X-Runtime 0.021512 Server Cowboy Etag W/"bece38c33bb4562ca81dc45677125142" X-Frame-Options SAMEORIGIN Access-Control-Max-Age 7200 Access-Control-Allow-Methods GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS Access-Control-Allow-Origin * Access-Control-Expose-Headers Vary Accept-Encoding, Origin Cache-Control max-age=0, private, must-revalidate Content-Type application/json; charset=utf-8
GET H/1.1	200 OK	pages Show response api.bottle.com/merchant/	25 B 794 B	117ms 116ms	Fetch application/json	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.bottle.com/merchant/pages Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/js/chunk-vendors.20aefa46.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash 42f8104a18754db6b114ef6672fc4f0ecf6716179ef7f71c3ad577246befa4da Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Authorization Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjaGFudCI6eyJpZCI6NzUwNDM3LCJoYW5kbGUiOiJnb2xkbWFuYmFnZWxzIn0sImFub255bW91c190b2tlbiI6ImViM2FiOGQwMjIwZjUwNGMwOTA4NTE2NzAzZDA4ZTcwIn0.Ooa2AzUPOBwX2HqZaaKPLj5OKdr1xl6gjl3BqibyUj0 Content-Type application/json Accept application/json Referer https://goldmanbagels.bottle.com/ baggage sentry-trace 14c923a2de7140adb60c9c7354ef3c0b-99f7c6ded58b60e3-1 Response headers Date Tue, 28 Mar 2023 00:26:00 GMT Content-Encoding gzip X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000 Via 1.1 vegur Transfer-Encoding chunked Connection keep-alive X-Xss-Protection 1; mode=block X-Request-Id a5a512b4-8929-4033-a7fd-2014488acace X-Runtime 0.007574 Server Cowboy Etag W/"09d3c8d7c3f8a161cbb553c7b191bc83" X-Frame-Options SAMEORIGIN Access-Control-Max-Age 7200 Access-Control-Allow-Methods GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS Access-Control-Allow-Origin * Access-Control-Expose-Headers Vary Accept-Encoding, Origin Cache-Control max-age=0, private, must-revalidate Content-Type application/json; charset=utf-8
GET H/1.1	200 OK	stores Show response api.bottle.com/merchant/	3 KB 2 KB	139ms 138ms	Fetch application/json	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.bottle.com/merchant/stores?included=attachments Requested by Host: goldmanbagels.bottle.com URL: https://goldmanbagels.bottle.com/js/chunk-vendors.20aefa46.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash 54128b4f25a537b1c61efd3c0bd61dedbb5bb0216d8abe552121c8e464ee29b2 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Authorization Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjaGFudCI6eyJpZCI6NzUwNDM3LCJoYW5kbGUiOiJnb2xkbWFuYmFnZWxzIn0sImFub255bW91c190b2tlbiI6ImViM2FiOGQwMjIwZjUwNGMwOTA4NTE2NzAzZDA4ZTcwIn0.Ooa2AzUPOBwX2HqZaaKPLj5OKdr1xl6gjl3BqibyUj0 Content-Type application/json Accept application/json Referer https://goldmanbagels.bottle.com/ baggage sentry-trace 14c923a2de7140adb60c9c7354ef3c0b-b5aeace155a2cc7f-1 Response headers Date Tue, 28 Mar 2023 00:26:00 GMT Content-Encoding gzip X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000 Via 1.1 vegur Transfer-Encoding chunked Connection keep-alive X-Xss-Protection 1; mode=block X-Request-Id a54e0b57-3d77-40b3-96ca-38cf1e197913 X-Runtime 0.029193 Server Cowboy Etag W/"4d6f9e65f3ad42e60958a9e2a7442dc6" X-Frame-Options SAMEORIGIN Access-Control-Max-Age 7200 Access-Control-Allow-Methods GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS Access-Control-Allow-Origin * Access-Control-Expose-Headers Vary Accept-Encoding, Origin Cache-Control max-age=0, private, must-revalidate Content-Type application/json; charset=utf-8
OPTIONS H/1.1	200 OK	info api.bottle.com/merchant/ Frame	0 0	108ms 107ms	Preflight	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.bottle.com/merchant/info Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,baggage,content-type,sentry-trace Access-Control-Request-Method GET Origin https://goldmanbagels.bottle.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Access-Control-Allow-Headers authorization,baggage,content-type,sentry-trace Access-Control-Allow-Methods GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS Access-Control-Allow-Origin * Access-Control-Expose-Headers Access-Control-Max-Age 7200 Connection keep-alive Date Tue, 28 Mar 2023 00:26:00 GMT Server Cowboy Transfer-Encoding chunked Via 1.1 vegur
OPTIONS H/1.1	200 OK	pages api.bottle.com/merchant/ Frame	0 0	214ms 106ms	Preflight	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.bottle.com/merchant/pages Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,baggage,content-type,sentry-trace Access-Control-Request-Method GET Origin https://goldmanbagels.bottle.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Access-Control-Allow-Headers authorization,baggage,content-type,sentry-trace Access-Control-Allow-Methods GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS Access-Control-Allow-Origin * Access-Control-Expose-Headers Access-Control-Max-Age 7200 Connection keep-alive Date Tue, 28 Mar 2023 00:26:00 GMT Server Cowboy Transfer-Encoding chunked Via 1.1 vegur
OPTIONS H/1.1	200 OK	stores api.bottle.com/merchant/ Frame	0 0	318ms 107ms	Preflight	3.220.57.224 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.bottle.com/merchant/stores?included=attachments Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.220.57.224 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-220-57-224.compute-1.amazonaws.com Software Cowboy / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,baggage,content-type,sentry-trace Access-Control-Request-Method GET Origin https://goldmanbagels.bottle.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Access-Control-Allow-Headers authorization,baggage,content-type,sentry-trace Access-Control-Allow-Methods GET, PUT, POST, DELETE, UPDATE, PATCH, OPTIONS Access-Control-Allow-Origin * Access-Control-Expose-Headers Access-Control-Max-Age 7200 Connection keep-alive Date Tue, 28 Mar 2023 00:25:59 GMT Server Cowboy Transfer-Encoding chunked Via 1.1 vegur
GET H2	200	b8xkcxkoqdmochegwrwd.jpg res.cloudinary.com/hpwejnwbc/image/upload/c_pad,f_auto,h_256,w_256/v1/merchant-frontend/	9 KB 10 KB	963ms 907ms	Image image/webp	2606:4700::6813:a741 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://res.cloudinary.com/hpwejnwbc/image/upload/c_pad,f_auto,h_256,w_256/v1/merchant-frontend/b8xkcxkoqdmochegwrwd.jpg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:a741 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 891932d1778e4afc8a7c804e0ff9d5a5dd08b078cd393854b8d5af83f3ce6510 Security Headers Name Value Strict-Transport-Security max-age=604800 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:26:01 GMT strict-transport-security max-age=604800 x-content-type-options nosniff content-disposition inline; filename="b8xkcxkoqdmochegwrwd.webp" server-timing cld-cloudflare;dur=889;start=2023-03-28T00:26:00.866Z;desc=miss,rtt;dur=7;cloudinary;dur=134;start=2023-03-28T00:26:01.573Z content-length 9718 last-modified Thu, 20 Oct 2022 18:13:39 GMT server cloudflare etag "951fd83cb9a2d85dd10b23b6b9b8ae3d" vary Accept,User-Agent, Accept-Encoding content-type image/webp access-control-allow-origin * access-control-expose-headers Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options cache-control private, no-transform, immutable, max-age=2592000 accept-ranges bytes cf-ray 7aebbd3b5bc2bb8f-FRA timing-allow-origin *
GET H2	200	hhsbzukfahauamgi0wvw.jpg res.cloudinary.com/hpwejnwbc/image/upload/c_limit,f_auto,h_2208,w_2208/v1/merchant-frontend/	261 KB 262 KB	579ms 579ms	Image image/webp	2606:4700::6813:a741 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://res.cloudinary.com/hpwejnwbc/image/upload/c_limit,f_auto,h_2208,w_2208/v1/merchant-frontend/hhsbzukfahauamgi0wvw.jpg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:a741 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fc2a25edea00b93b79b385954e681163ee76b82f1e0b8e1a2bf1068e2b316445 Security Headers Name Value Strict-Transport-Security max-age=604800 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Tue, 28 Mar 2023 00:26:01 GMT strict-transport-security max-age=604800 x-content-type-options nosniff content-disposition inline; filename="hhsbzukfahauamgi0wvw.webp" server-timing cld-cloudflare;dur=565;start=2023-03-28T00:26:00.919Z;desc=miss,rtt;dur=7;cloudinary;dur=95;start=2023-03-28T00:26:01.343Z content-length 267328 last-modified Thu, 20 Oct 2022 18:13:44 GMT server cloudflare etag "962a0ccfdd047db812a0a2ab09f350a8" vary Accept,User-Agent, Accept-Encoding content-type image/webp access-control-allow-origin * access-control-expose-headers Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options cache-control private, no-transform, immutable, max-age=2592000 accept-ranges bytes cf-ray 7aebbd3bbc11bb8f-FRA timing-allow-origin *
GET H2	200	common.js Show response maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/	270 KB 68 KB	15ms 15ms	Script text/javascript	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/common.js Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBQeJ3fzm_SpaFLkLYxeuhGRMVQ1Lv89UU&libraries=places Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 46b9bf5e74f6b2a500a14b0818145a75b9e0b8d76d7b33b114efed4028ab21e1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Wed, 22 Mar 2023 20:37:13 GMT content-encoding br x-content-type-options nosniff age 445731 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 68640 x-xss-protection 0 last-modified Mon, 20 Mar 2023 21:47:52 GMT server sffe cross-origin-opener-policy same-origin; report-to="maps-api-js" vary Accept-Encoding, Origin report-to {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 21 Mar 2024 20:37:13 GMT
GET H2	200	util.js Show response maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/	162 KB 56 KB	25ms 25ms	Script text/javascript	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps-api-v3/api/js/52/6/intl/de_ALL/util.js Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBQeJ3fzm_SpaFLkLYxeuhGRMVQ1Lv89UU&libraries=places Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b268e5ee1a3ab52d9e62454b75cd857135841032c4bfab584c8b351bee1af103 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://goldmanbagels.bottle.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Wed, 22 Mar 2023 20:37:13 GMT content-encoding br x-content-type-options nosniff age 445731 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 57394 x-xss-protection 0 last-modified Mon, 20 Mar 2023 21:47:52 GMT server sffe cross-origin-opener-policy same-origin; report-to="maps-api-js" vary Accept-Encoding, Origin report-to {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 21 Mar 2024 20:37:13 GMT

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless function| fbq function| _fbq object| webpackChunkStripeJSouter function| noop function| Stripe object| google object| module$contents$mapsapi$overlay$overlayView_OverlayView object| webpackChunkmerchant_frontend object| intlTelInputGlobals object| intlTelInputUtils object| __core-js_shared__ object| __SENTRY__

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			m.stripe.com/	1970-01-20 20:15:23	Name: m Value: 07e77060-9663-4e42-9a01-5b6d9f734f981f1847
			.goldmanbagels.bottle.com/	1970-01-20 19:24:59	Name: __stripe_mid Value: c8182c4b-ca00-4d9d-8922-ce32a8a2ad58344acd
			.goldmanbagels.bottle.com/	1970-01-20 10:39:24	Name: __stripe_sid Value: d524b7e5-d805-4913-995e-868c04f84d9354b183

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.bottle.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
goldmanbagels.bottle.com
js.stripe.com
m.stripe.com
m.stripe.network
maps.googleapis.com
q.stripe.com
res.cloudinary.com
151.101.64.176
2606:4700::6813:a741
2a00:1450:4001:806::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:828::200a
2a03:2880:f01c:8012:face:b00c:0:3
3.220.57.224
3.232.242.170
52.43.190.165
54.187.119.242
65.9.95.108
0e84309260e7f2e4cb435cb8ff54d6ecce81eb9444c66efc12fe6bb9fed613f5
22f8a5170a390c9cb30f0e9681c9a977cb04a84c07836bc6631d9add7ab1a202
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
28a5e07b96e2002482e16614c69b96d4fbfb8a491ec046efdc0bd3be1421c68c
39f5bb1b8ea34ea0f5368bb84aa24f8aa4d8305b5c137b3d4601e66fa97d052b
42f8104a18754db6b114ef6672fc4f0ecf6716179ef7f71c3ad577246befa4da
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
46b9bf5e74f6b2a500a14b0818145a75b9e0b8d76d7b33b114efed4028ab21e1
54128b4f25a537b1c61efd3c0bd61dedbb5bb0216d8abe552121c8e464ee29b2
54e0a4a44c70c075ca189f16f1b85b46613320d7da84928af1ee953cfdb7ee7f
638a8bc98ee933932d6488e4d69d81d7209dc8676c6da02267ad3699a35a60e9
891932d1778e4afc8a7c804e0ff9d5a5dd08b078cd393854b8d5af83f3ce6510
90dd7783bb8bc2625f9c2c9ce2a08f7f63d36fcf7c1e84a4ee039d8a2aaf8bd5
917ceadd51da808ce2719e533417dfd40da46fbe699bfa40e4e11640190dd512
a5570c4b61c009fa54e0e8602489402ca6d84c063b72253555e647b5f6185e57
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
b268e5ee1a3ab52d9e62454b75cd857135841032c4bfab584c8b351bee1af103
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d6293564a4665bca49db1b32da0ca88314458e27fb3210bf7615a08fdcd19135
dbf060c555e91a539d9cb849f4aa0c656db9b0a1da32c99aafb12d7c508c6849
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea72fad91d78d952bc31c36e80133404c2752e22f7a9369d936267fc4ce87974
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
f68bc7a9fdcf9d4bdf240635442c69fcdcbae0e61e8a1e93e8d055df8d0e1a40
fc2a25edea00b93b79b385954e681163ee76b82f1e0b8e1a2bf1068e2b316445