urlscan.io logo urlscan.io
SecurityTrails logo

web.step.app Open in urlscan Pro
2606:4700:20::681a:107  Public Scan

Go To Rescan Add Verdict Report
URL: https://web.step.app/
Submission: On February 02 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 9 domains to perform 27 HTTP transactions. The main IP is 2606:4700:20::681a:107, located in United States and belongs to CLOUDFLARENET, US. The main domain is web.step.app.
TLS certificate: Issued by GTS CA 1P5 on December 17th 2023. Valid for: 3 months.
This is the only time web.step.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

10    2606:4700:20::681a:107 (United States)

ASN13335 (CLOUDFLARENET, US)
web.step.app
4    2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebase.googleapis.com
2    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
region1.analytics.google.com
1    108.157.4.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-79.dus51.r.cloudfront.net
widget.intercom.io
2    18.245.46.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-10.fra56.r.cloudfront.net
js.intercomcdn.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.no
1    54.166.149.142 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-166-149-142.compute-1.amazonaws.com
api-iam.intercom.io
1    15.197.143.135 (United States)

ASN16509 (AMAZON-02, US)
PTR: a69d63ecdf0f33068.awsglobalaccelerator.com
downloads.intercomcdn.com
Apex Domain
Subdomains		 Transfer
10 step.app
web.step.app
cdn.step.app Failed
507 KB
4 googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 3647
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 557
1 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37
251 KB
3 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 2157
downloads.intercomcdn.com — Cisco Umbrella Rank: 12241
277 KB
2 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1661
api-iam.intercom.io — Cisco Umbrella Rank: 2016
6 KB
1 google.no
www.google.no — Cisco Umbrella Rank: 32548
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 79
243 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2616
54 B
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2029
252 B
27 9
Domain Requested by
10 web.step.app 1 redirects web.step.app
4 www.googletagmanager.com web.step.app
www.googletagmanager.com
2 js.intercomcdn.com widget.intercom.io
2 firebaseinstallations.googleapis.com web.step.app
2 firebase.googleapis.com web.step.app
1 downloads.intercomcdn.com
1 api-iam.intercom.io js.intercomcdn.com
1 www.google.no
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 widget.intercom.io web.step.app
1 region1.google-analytics.com www.googletagmanager.com
0 cdn.step.app Failed web.step.app
27 13

This site contains links to these domains. Also see Links.

Domain
step.app
Subject Issuer Validity Valid
step.app
GTS CA 1P5		 2023-12-17 -
2024-03-16		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh
*.intercom.com
Amazon RSA 2048 M03		 2024-01-15 -
2025-02-11		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02		 2023-12-01 -
2024-12-29		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh
*.google.no
GTS CA 1C3		 2024-01-09 -
2024-04-02		 3 months crt.sh
intercom-attachments-9.com
Amazon RSA 2048 M03		 2024-01-18 -
2025-02-15		 a year crt.sh

This page contains 3 frames:

Primary Page: https://web.step.app/
Frame ID: 0ACAA52E672D65AA8FF324FBF2291B09
Requests: 20 HTTP requests in this frame

Frame: https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
Frame ID: 61C6BF8E03B838D920B3B3AF258FDA79
Requests: 2 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.5ed31912.js
Frame ID: 3C7D5EB2CCA013AC165D05BAEA7B7DC9
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Step App | Web

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

27
Requests

93 %
HTTPS

64 %
IPv6

9
Domains

13
Subdomains

12
IPs

3
Countries

1043 kB
Transfer

3282 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
web.step.app/ 		4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad31132d356382b2e99aad4782e9970cb212af03d2a08ffaf23012928f5dcaee
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
cdn-cache
REVALIDATED
cdn-cachedat
02/01/2024 17:05:09
cdn-edgestorageid
886
cdn-proxyver
1.04
cdn-pullzone
972527
cdn-requestcountrycode
GB
cdn-requestid
d0332ecf713d1a111cdb3367cc1d26f3
cdn-requestpullcode
200
cdn-requestpullsuccess
True
cdn-status
200
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cf-cache-status
DYNAMIC
cf-ray
84efa4d109c8dd3b-LHR
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Fri, 02 Feb 2024 04:20:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qFeGQj0hxzZkOGLXHEat9ETdYu3xFrSq2AAnhZj7tcS3FSL6dvsc3UWyTt3VgmaOPahpFvHyxYUUX%2BAZy0ddAb9GHreVBoLohU7N460gP4zV%2FnFgfNU27m5pMswOSenAITFI4itJjeVijQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-cache-status
MISS
x-content-type-options
nosniff
x-ipfs-path
/ipfs/bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa/
x-ipfs-roots
bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa
x-request-id
103f6752b4e6226b79b4f5c020d613ca
x-xss-protection
0
index-49a469a9.js
web.step.app/assets/ 		1 MB
438 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-49a469a9.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dd500ef3b14c702c54f5562a8c2037d11f5096b68455965a9d766e85fc77225
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://web.step.app/
Origin
https://web.step.app
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa,QmXZg6pEDqLeMduAqnA4KK5BC6qTgY91z94VzK1WNYy75Y,QmY4vA2SEPprmH7MijX94UTQFwRTbGEw9SyttSmysKtRAE
etag
W/"QmY4vA2SEPprmH7MijX94UTQFwRTbGEw9SyttSmysKtRAE"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa/assets/index-49a469a9.js
cdn-requestcountrycode
GB
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Fri, 02 Feb 2024 04:20:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
886
x-cache-status
MISS
cdn-cachedat
02/01/2024 17:05:09
x-xss-protection
0
x-request-id
01dae7b8044bf7fc61d7a7523d6ba6c9
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=snE3W%2B8xJYH%2FumW%2FObMEgTtTY%2BeOZpmmb4%2BvXM0TjSIqYvnW2Sm2BsxLkwLqwKENFIVdpCsZAD%2FNZ9cV8KU1%2FIBWYHZz1wWfS%2FZfxa%2FKqPSEYa%2BoAOauTBvf2YZ4AptzwEiA3uDiHSgu5w%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
b69dcdac942c898753e9a01210a6a83f
cf-ray
84efa4d20a3fdd3b-LHR
cdn-status
200
cdn-requestpullsuccess
True
index-ae585b0b.js
web.step.app/assets/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-ae585b0b.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://web.step.app/
Origin
https://web.step.app
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa,QmXZg6pEDqLeMduAqnA4KK5BC6qTgY91z94VzK1WNYy75Y,QmWgomjk9TL6qcADTs9iqUYa7KK4x8ZhFPCKVPUvRNYvhX
etag
W/"QmWgomjk9TL6qcADTs9iqUYa7KK4x8ZhFPCKVPUvRNYvhX"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa/assets/index-ae585b0b.js
cdn-requestcountrycode
GB
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Fri, 02 Feb 2024 04:20:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
886
x-cache-status
MISS
cdn-cachedat
02/01/2024 17:20:04
x-xss-protection
0
x-request-id
0d4485767ac3a89e8fd09014b7aa0664
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=msqhU017%2B%2FFiUo2EfEy1k0AvLOxfHCqk%2B3sj7ukODKhG4oazrKQDZxTcHkXuOZFfR8X4SZBbI%2BXIH2KooOuIbOGb7ZsMjKtHO9u1h5fA%2BEWkkjyUb89hAzt2gLFvJeVuZM8RKkZIQKoSDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
bbd06d721d46a12cc77ca02530549fbc
cf-ray
84efa4d20a40dd3b-LHR
cdn-status
200
cdn-requestpullsuccess
True
index-9b097a67.css
web.step.app/assets/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-9b097a67.css
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa,QmXZg6pEDqLeMduAqnA4KK5BC6qTgY91z94VzK1WNYy75Y,QmVSieWYVnZ1KfBYTLLyW5KRqC37mDarmpeqAZ5fh3KAkr
etag
W/"QmVSieWYVnZ1KfBYTLLyW5KRqC37mDarmpeqAZ5fh3KAkr"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa/assets/index-9b097a67.css
cdn-requestcountrycode
GB
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date
Fri, 02 Feb 2024 04:20:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
886
x-cache-status
MISS
cdn-cachedat
02/01/2024 17:20:04
x-xss-protection
0
x-request-id
3cd90ceb60df75dab9177811c7c03003
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oBtzs9NQJSZWmYpT%2FV%2BIG8K%2BY0VFhru3N6b8tUNMy6waMdQut0CwLF8fwNu%2Fieloqx42cvkK%2BmK2FZP0hPvNn90KER0aWWT7JJ%2FOpx2cKD3WCUcUPTqywJPd7vccN9V0UU5PosmbfV%2F3HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
f0fc6fbfc776a0340938a4f67246abcf
cf-ray
84efa4d20a3ddd3b-LHR
cdn-status
200
cdn-requestpullsuccess
True
js
www.googletagmanager.com/gtag/ 		284 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e38c510961f5f368b6fd81000a4c5d63f6b7ec80854d30cf67d46690df8f73cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 04:20:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
96450
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 02 Feb 2024 04:20:49 GMT
main.js
web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/ Frame 61C6
Redirect Chain
  • https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd687509a6b059bfc64de3e408142381985ef3f4db733c67c9e24f0bb52d7f33
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 04:20:50 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xzxQI0yZ5NaHttk1HdeUEX1MhBOJueQHOz5xKH0k8L3FmM%2F6YpSmHQ6olgC5191a35EaDintb92FQsTd%2FMRxaGCX2KnKyLFlJOlPYRuT7aXzuf9Sk7KYcIM2ZrkFWpweSJ8hkUQl0S4X1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
84efa4d5ac27dd3b-LHR

Redirect headers

date
Fri, 02 Feb 2024 04:20:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n1jjDPbZbyKOloBWdVWUX0zDjuvOFMIH82PX40K0WdI9mnihVZB6T8mbyD5fGIKzIQSeEzVIghK9ZLl5cn3R0PoT9Fwl%2BLezs4%2BpNEbeOGo7CgrU2FwQNJSNKK8IFoYJjSn%2BM3EFePKvRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/24864818/main.js
cache-control
max-age=300, public
cf-ray
84efa4d51bdcdd3b-LHR
SignIn-4e7e85db.js
web.step.app/assets/ 		744 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SignIn-4e7e85db.js
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-49a469a9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d169013ff739672afd2a83785384f012afc47757ff7d2697102211b526754e56
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://web.step.app
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa,QmXZg6pEDqLeMduAqnA4KK5BC6qTgY91z94VzK1WNYy75Y,QmW3LmF6CqE5s369W3y4vnj5sKejp4UD4Smy4VQSHFDUBq
etag
W/"QmW3LmF6CqE5s369W3y4vnj5sKejp4UD4Smy4VQSHFDUBq"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa/assets/SignIn-4e7e85db.js
cdn-requestcountrycode
GB
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Fri, 02 Feb 2024 04:20:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
886
x-cache-status
MISS
cdn-cachedat
02/01/2024 17:05:09
x-xss-protection
0
x-request-id
adaf6131a66eedc7852bc8786c5bee88
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7kD4PL%2F7D2bmyc38za3CGZj3EIwUQsNvQBn4KAWanUUIWnMefDq%2FUHl5Z1b7r5DG0eKcLa3Rp%2BWrDwOt2vyrK%2BPWmYtBTnL4hhb%2F4GgHmdnGlMwnU1JNLx7%2BuBLnKYZZWipfgHbXnyzE1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
799574ab175235ec0b15f00ecb5c5b2e
cf-ray
84efa4d53bffdd3b-LHR
cdn-status
200
cdn-requestpullsuccess
True
SignIn-8f0ff971.css
web.step.app/assets/ 		255 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SignIn-8f0ff971.css
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-49a469a9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa,QmXZg6pEDqLeMduAqnA4KK5BC6qTgY91z94VzK1WNYy75Y,QmZKu1StPwUJ15tQWV822NXxcvGUBLgBkjx3RcLsURJyM6
etag
W/"QmZKu1StPwUJ15tQWV822NXxcvGUBLgBkjx3RcLsURJyM6"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa/assets/SignIn-8f0ff971.css
cdn-requestcountrycode
GB
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date
Fri, 02 Feb 2024 04:20:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
886
x-cache-status
MISS
cdn-cachedat
02/01/2024 17:20:05
x-xss-protection
0
x-request-id
e0784a442b9d10bb3df311a60c80da6a
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a5VcbXGr4eKoNmKnj4QTpTxzXMRY5QKK8j1Y3L1WGwrCYjvWHa%2F5KKP1hQMSUR4%2FqdgHHEYK%2FkIVpauUnCTIOxUrCx01Y0j36CD1BV12wJid8y9wZ0sL4fXgbGvfuRk%2Fc3PwmiLHatbUIw%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
a1920d822751f52604c9861c0cb10473
cf-ray
84efa4d53bfedd3b-LHR
cdn-status
200
cdn-requestpullsuccess
True
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ 		355 B
428 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/webConfig
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-49a469a9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://web.step.app/
x-goog-api-key
AIzaSyD8XRCLUrS4ypRFN6Oubg0nfxNrECVmbWQ
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 04:20:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://web.step.app
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
238
x-xss-protection
0
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/webConfig
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-api-key
Access-Control-Request-Method
GET
Origin
https://web.step.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-headers
x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://web.step.app
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Fri, 02 Feb 2024 04:20:50 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
statics.json
cdn.step.app/statics/latest/statics.jsonlatest/ 		0
0
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ 		625 B
679 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/installations
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-49a469a9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6562572a9c46141f246b1cc71df9ef0f9f5ff4bb87ba420b2ac8f5fca569cf7f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://web.step.app/
x-goog-api-key
AIzaSyD8XRCLUrS4ypRFN6Oubg0nfxNrECVmbWQ
accept-language
fi-FI,fi;q=0.9
x-firebase-client
eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjkuMCBmaXJlLWNvcmUtZXNtMjAxNy8wLjkuMCBmaXJlLWpzLyBmaXJlLWlpZC8wLjYuMCBmaXJlLWlpZC1lc20yMDE3LzAuNi4wIGZpcmUtYW5hbHl0aWNzLzAuOS4wIGZpcmUtYW5hbHl0aWNzLWVzbTIwMTcvMC45LjAgZmlyZS1qcy1hbGwtYXBwLzkuMTUuMCIsImRhdGVzIjpbIjIwMjQtMDItMDIiXX1dfQ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type
application/json

Response headers

date
Fri, 02 Feb 2024 04:20:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://web.step.app
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
489
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://web.step.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://web.step.app
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Fri, 02 Feb 2024 04:20:50 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
SFMono-Bold-87372509.woff2
web.step.app/assets/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SFMono-Bold-87372509.woff2
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-9b097a67.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://web.step.app/assets/index-9b097a67.css
Origin
https://web.step.app
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa,QmXZg6pEDqLeMduAqnA4KK5BC6qTgY91z94VzK1WNYy75Y,QmRUJyHLiehuBNz86sjjhMESnYRHmPwfCLGUTVr1oLXYHe
etag
"QmRUJyHLiehuBNz86sjjhMESnYRHmPwfCLGUTVr1oLXYHe"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeigrxq3zrupcv2vw4qw4oeavaq2ajq2dktvpqpi6u4hbdsc4yypgpa/assets/SFMono-Bold-87372509.woff2
cdn-requestcountrycode
GB
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date
Fri, 02 Feb 2024 04:20:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
886
x-cache-status
MISS
cdn-cachedat
02/01/2024 17:20:05
content-length
44888
x-xss-protection
0
x-request-id
742fc7ae0b13499b589835ef27501030
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kg4ILgZn8f%2Bwtk0c%2FauFLIwIuhSOUoFP%2Bh70mD6w6EhfbppL7c0C81lYHOqD9xL%2Fy6Y1GzYWHvSdhYggKDSwUUFjJdzId%2BnUu2ymra0vygmsmLzTJvP47HwFoUFMqH2xhpK%2BU6qK2Kb%2FJw%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
0cea96be07509f36c10db6a6ebd79d72
accept-ranges
bytes
cf-ray
84efa4d56c15dd3b-LHR
cdn-status
200
cdn-requestpullsuccess
True
collect
region1.google-analytics.com/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-3766Q8BJM3&gtm=45je41v0v9165619434za200&_p=1706847649706&gcd=11l1l1l1l1&npa=0&dma_cps=sypham&dma=1&cid=1374696252.1706847650&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1706847650&sct=1&seg=0&dl=https%3A%2F%2Fweb.step.app%2F&dt=Step%20App%20%7C%20Web&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=987
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Feb 2024 04:20:50 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abikvo75
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/abikvo75
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-79.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8584ced6c210e8cb61a647877aea501f18ecd15d48896c7929863ae3f21bad1b

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-amz-version-id
JJz2iwiH.hddQB3630G2j99mPm40kKYh
content-encoding
gzip
via
1.1 021d8c03b9a9a9281489f9b9055209cc.cloudfront.net (CloudFront)
date
Fri, 02 Feb 2024 04:17:50 GMT
x-amz-cf-pop
DUS51-P2
age
184
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2702
last-modified
Thu, 01 Feb 2024 16:59:59 GMT
server
AmazonS3
etag
"3e683ebd04a969b21b02cf5434ba1efc"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
_gf-_HKoOTg3J336HW3tgk8mJKMveWqw2m73LQEu8ndOrJEnT00R0w==
a
www.googletagmanager.com/ 		0
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googletagmanager.com/a?v=3&t=l&pid=2013880104&rv=41v0&u=AAAAAAAAAAAAACCA&h=Ag&gtm=45je41v0v9165619434za200&ccid=165619434&cid=G-3766Q8BJM3&l=L552.S2.Y0.B11.E107.I556.EC7.TC16.HTC0~gtm.init.S0.V0.E13.TS5ogt1pdatav2.TI10.TE1.TS5ccdgalast.TI12.TE0.TS5ccdautoredact.TI13.TE0.TS5ccdconversionmarking.TI14.TE0.TS5ccdemvideo.TI15.TE0.TS5ccdemsitesearch.TI16.TE0.TS5ccdemscroll.TI17.TE0.TS5ccdempageview.TI18.TE0.TS5ccdemoutboundclick.TI19.TE0.TS5ccdemform.TI20.TE0.TS5ccdemdownload.TI21.TE0.TS5ccdgaregscope.TI22.TE0.TS5ogtgooglesignals.TI23.TE0.TS5setproductsettings.TI24.TE0.TS5ccdgafirst.TI25.TE0~gtm.js.S0.V0.E8.TS5gct.TI7.TE0~*~gtm.dom.S0.V0.E2~gtm.scrollDepth.S0.V0.E2~gtm.load.S0.V0.E0~gtm.init_consent.S0.V0.E11~GA434.437
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 04:20:50 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
84efa4d109c8dd3b
web.step.app/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 61C6 		0
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.step.app/cdn-cgi/challenge-platform/h/b/jsd/r/84efa4d109c8dd3b
Requested by
Host: web.step.app
URL: https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 02 Feb 2024 04:20:50 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
84efa4d69c95dd3b-LHR
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OlWMdsSmPceWDXD9hq%2FNNLvK2hUKhbY15Y8900LtLLfciLvsRucvid%2B5zIoZKkK%2Fw2EezNRgMFHDvbB%2B%2BI8W6UUr9HWVw7dlKuyoDV3KypWeckXT4b0HBYwlpIeawi%2Bb6qMMq7FCRSaMAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
js
www.googletagmanager.com/gtag/ 		222 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-M830R3N37B
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-49a469a9.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
84b85ed55d1e0bbaa2fecb8b69fb5d64765ed0182dd0450a5655e974af20527d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 04:20:50 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
80187
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 02 Feb 2024 04:20:50 GMT
js
www.googletagmanager.com/gtag/ 		222 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-M830R3N37B&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
53676b0b122776da6ca27aeb682c551da20dcb24dd3c8495153f741c924656c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 04:20:50 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
80208
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 02 Feb 2024 04:20:50 GMT
frame-modern.5ed31912.js
js.intercomcdn.com/ Frame 3C7D 		516 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.5ed31912.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/abikvo75
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-10.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5656ecbba9e83527546ac78be7d7b31a950982e57560455e33319533d8b404f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-amz-version-id
o3USfe0U7DSkkXpIER9lTcBkwIkiZn14
content-encoding
gzip
via
1.1 08144b62d8ba59c510ae7682981f36c0.cloudfront.net (CloudFront)
date
Fri, 02 Feb 2024 03:00:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
4848
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
145528
last-modified
Thu, 01 Feb 2024 16:56:50 GMT
server
AmazonS3
etag
"4a7001d7b2bfe2c131c2fb0d2f5c0539"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
9jEZ1Mg82K-nnmKSntL_D989c8NA8yR2zAVeRH4CpBIJ56TmGuCoyA==
vendor-modern.af6641c5.js
js.intercomcdn.com/ Frame 3C7D 		408 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.af6641c5.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/abikvo75
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-10.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6376e264ac24e50f7ac1866a86e23a3c0134ce82d6b059aefee2177b211effa9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-amz-version-id
NA9DD0mw_X8euJnSGqj0XkA7bzhbMxEb
content-encoding
gzip
via
1.1 08144b62d8ba59c510ae7682981f36c0.cloudfront.net (CloudFront)
date
Fri, 02 Feb 2024 03:18:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
age
3745
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
128603
last-modified
Wed, 31 Jan 2024 17:38:59 GMT
server
AmazonS3
etag
"ceb2be930e6354b8c59b3cf04a3f088b"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
pzU5XxfWN21VJXpSz-gapQPtDNGxmHgu0nPHGK2WAEglzCSWqQWWAQ==
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-M830R3N37B&gtm=45je41v0v9115484297za200&_p=1706847649706&_gaz=1&gcd=11l1l1l1l1&npa=0&dma_cps=sypham&dma=1&_fid=cjPAyeF1EvWPtpYba5Fqlo&cid=1374696252.1706847650&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1706847650&sct=1&seg=0&dl=https%3A%2F%2Fweb.step.app%2F&dt=Step%20App%20%7C%20Web&en=page_view&_fv=1&_ss=2&_ee=1&ep.origin=firebase&tfd=1589
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M830R3N37B&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Feb 2024 04:20:50 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
243 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-M830R3N37B&cid=1374696252.1706847650&gtm=45je41v0v9115484297za200&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&npa=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M830R3N37B&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Feb 2024 04:20:50 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.no/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-M830R3N37B&cid=1374696252.1706847650&gtm=45je41v0v9115484297za200&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&npa=0&z=1843898849
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Feb 2024 04:20:50 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ping
api-iam.intercom.io/messenger/web/ Frame 3C7D 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.5ed31912.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.166.149.142 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-166-149-142.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4b9c08df87ad8f047c2bbe4841b7a9260ed4ed516049bed5fd6b0f98a6ca851e
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 02 Feb 2024 04:20:51 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-02153bee0fab8bfbb
status
200 OK
x-xss-protection
1; mode=block
x-request-id
000c02f1frl6640k4a50
x-runtime
0.260597
server
nginx
etag
W/"4b9c08df87ad8f047c2bbe4841b7a926"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://web.step.app
x-intercom-version
2e6f08b529d76ba6e9b9a74e04ed847d6cdde214
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
1bf1cb0ca87a05407f159a07264fa0b5.png
downloads.intercomcdn.com/i/o/466034/f0c0b45e3422e1a261987507/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://downloads.intercomcdn.com/i/o/466034/f0c0b45e3422e1a261987507/1bf1cb0ca87a05407f159a07264fa0b5.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.197.143.135 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a69d63ecdf0f33068.awsglobalaccelerator.com
Software
nginx /
Resource Hash
9c0406e9a552bece8e09615337f53d1b67106a0c9a34178cbbe5f1551d38913d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src fonts.intercomcdn.com; img-src downloads.intercomcdn.com/images/logo-gray-16x16-at-2x.png; media-src 'self'; style-src downloads.intercomcdn.com/410.css fonts.intercomcdn.com/proxima-nova/proxima-nova-all.css
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 04:20:52 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-02153bee0fab8bfbb
content-security-policy
default-src 'none'; font-src fonts.intercomcdn.com; img-src downloads.intercomcdn.com/images/logo-gray-16x16-at-2x.png; media-src 'self'; style-src downloads.intercomcdn.com/410.css fonts.intercomcdn.com/proxima-nova/proxima-nova-all.css
status
200 OK
content-transfer-encoding
binary
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename="1bf1cb0ca87a05407f159a07264fa0b5.png"; filename*=UTF-8''1bf1cb0ca87a05407f159a07264fa0b5.png
x-xss-protection
1; mode=block
x-request-id
002b91d8svr1i3s61jhg
x-runtime
0.067375
last-modified
Fri, 01 Dec 2023 14:46:52 GMT
server
nginx
x-request-queueing
0
vary
Accept-Encoding
x-frame-options
deny
content-type
image/png
x-intercom-version
2e6f08b529d76ba6e9b9a74e04ed847d6cdde214
cache-control
max-age=86400, private

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn.step.app
URL
https://cdn.step.app/statics/latest/statics.jsonlatest/statics.json

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| gtag object| dataLayer object| intercomSettings function| Intercom function| IMask function| Buffer object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal function| __intercomAssignLocation function| __intercomReloadLocation

7 Cookies

Domain/Path Name / Value
.step.app/ Name: _ga
Value: GA1.1.1374696252.1706847650
.step.app/ Name: _ga_3766Q8BJM3
Value: GS1.1.1706847650.1.0.1706847650.0.0.0
.step.app/ Name: cf_clearance
Value: lT6f.T35ga0eqHRvIuv4val_Ohz.I4WHhIdb9xrXdy0-1706847650-1-Ae/OSf4J8ZX1fDaD6pNWZii637r88nnRPe0bOiUvGeLJObFGFJqf/ZyIuQHG1qeMxfnf4/w3/rIxqoRKJvgw/9g=
.step.app/ Name: _ga_M830R3N37B
Value: GS1.1.1706847650.1.0.1706847650.60.0.0
.step.app/ Name: intercom-id-abikvo75
Value: d5834657-27de-49b8-a3a1-0995fbe27d8f
.step.app/ Name: intercom-session-abikvo75
Value:
.step.app/ Name: intercom-device-id-abikvo75
Value: f670f500-9792-4257-82eb-2c13cc876672

2 Console Messages

Source Level URL
Text
javascript error URL: https://web.step.app/
Message:
Access to XMLHttpRequest at 'https://cdn.step.app/statics/latest/statics.jsonlatest/statics.json' from origin 'https://web.step.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cdn.step.app/statics/latest/statics.jsonlatest/statics.json
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
cdn.step.app
downloads.intercomcdn.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
js.intercomcdn.com
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
web.step.app
widget.intercom.io
www.google.no
www.googletagmanager.com
cdn.step.app
108.157.4.79
15.197.143.135
18.245.46.10
2001:4860:4802:32::36
2606:4700:20::681a:107
2a00:1450:4001:80b::2008
2a00:1450:4001:813::200a
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2003
2a00:1450:400c:c00::9c
54.166.149.142
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
4b9c08df87ad8f047c2bbe4841b7a9260ed4ed516049bed5fd6b0f98a6ca851e
53676b0b122776da6ca27aeb682c551da20dcb24dd3c8495153f741c924656c2
5656ecbba9e83527546ac78be7d7b31a950982e57560455e33319533d8b404f0
6376e264ac24e50f7ac1866a86e23a3c0134ce82d6b059aefee2177b211effa9
6562572a9c46141f246b1cc71df9ef0f9f5ff4bb87ba420b2ac8f5fca569cf7f
7dd500ef3b14c702c54f5562a8c2037d11f5096b68455965a9d766e85fc77225
84b85ed55d1e0bbaa2fecb8b69fb5d64765ed0182dd0450a5655e974af20527d
8584ced6c210e8cb61a647877aea501f18ecd15d48896c7929863ae3f21bad1b
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
9c0406e9a552bece8e09615337f53d1b67106a0c9a34178cbbe5f1551d38913d
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
ad31132d356382b2e99aad4782e9970cb212af03d2a08ffaf23012928f5dcaee
bd687509a6b059bfc64de3e408142381985ef3f4db733c67c9e24f0bb52d7f33
d169013ff739672afd2a83785384f012afc47757ff7d2697102211b526754e56
e38c510961f5f368b6fd81000a4c5d63f6b7ec80854d30cf67d46690df8f73cf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629