urlscan.io logo urlscan.io
SecurityTrails logo

app.vanta.com Open in urlscan Pro
107.21.214.76  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DE...
Effective URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DE...
Submission: On April 16 via api from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 3 countries across 10 domains to perform 43 HTTP transactions. The main IP is 107.21.214.76, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is app.vanta.com. The Cisco Umbrella rank of the primary domain is 331051.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 23rd 2024. Valid for: a year.
This is the only time app.vanta.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    107.21.214.76 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-214-76.compute-1.amazonaws.com
app.vanta.com
5    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
static.vanta.com
4    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
static.vanta.com
3    18.173.154.122 (None, )

ASN- ()
cdn.heapanalytics.com
1    151.101.130.137 (None, )

ASN- ()
fast.trychameleon.com
1    18.173.154.28 (None, )

ASN- ()
js.stripe.com
2    2600:1f18:24e6:b902:f87f:5831:d7f3:801a (None, )

ASN- ()
rum.browser-intake-datadoghq.com
4    34.66.73.214 (None, )

ASN- ()
client-api.auryc.com
1    18.173.154.44 (None, )

ASN- ()
js.stripe.com
2    34.128.128.0 (None, )

ASN- ()
featuregates.org
2    3.210.91.20 (None, )

ASN- ()
heapanalytics.com
1    2600:1f18:24e6:b902:377:53d9:2f8:4514 (None, )

ASN- ()
session-replay.browser-intake-datadoghq.com
Domain Requested by
14 static.vanta.com app.vanta.com
static.vanta.com
4 client-api.auryc.com static.vanta.com
4 fonts.gstatic.com app.vanta.com
fonts.googleapis.com
3 cdn.heapanalytics.com app.vanta.com
cdn.heapanalytics.com
2 heapanalytics.com
2 featuregates.org static.vanta.com
2 rum.browser-intake-datadoghq.com static.vanta.com
2 js.stripe.com static.vanta.com
js.stripe.com
2 app.vanta.com static.vanta.com
1 session-replay.browser-intake-datadoghq.com static.vanta.com
1 fast.trychameleon.com static.vanta.com
1 fonts.googleapis.com app.vanta.com
0 events.statsigapi.net Failed static.vanta.com
43 13

This site contains no links.

Subject Issuer Validity Valid
vanta.com
Amazon RSA 2048 M02		 2024-02-23 -
2025-03-23		 a year crt.sh
static.vanta.com
E1		 2024-03-10 -
2024-06-08		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
cdn.heapanalytics.com
Amazon RSA 2048 M01		 2023-06-29 -
2024-07-27		 a year crt.sh
fast.trychameleon.com
R3		 2024-03-19 -
2024-06-17		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-03-27 -
2024-06-27		 3 months crt.sh
*.browser-intake-datadoghq.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-17 -
2024-06-18		 a year crt.sh
*.auryc.com
R3		 2024-03-25 -
2024-06-23		 3 months crt.sh
featuregates.org
R3		 2024-02-17 -
2024-05-17		 3 months crt.sh
heapanalytics.com
Amazon RSA 2048 M02		 2023-11-09 -
2024-12-08		 a year crt.sh

This page contains 2 frames:

Primary Page: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Frame ID: BD85C382B8A8A7033A92F21DF5ED95DF
Requests: 38 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 35258E28F8574AF9CC709837E78E856B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Vanta

Page URL History Show full URLs

  1. http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.c... HTTP 307
    https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.c... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • heap-\d+\.js

Page Statistics

43
Requests

88 %
HTTPS

36 %
IPv6

10
Domains

13
Subdomains

15
IPs

3
Countries

8785 kB
Transfer

37437 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational HTTP 307
    https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/
Redirect Chain
  • http://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%2...
  • https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%...
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.21.214.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-214-76.compute-1.amazonaws.com
Software
cloudflare /
Resource Hash
f695d56c212d4db236301f330b242b76f2df91813b63e5cbbc6a9873e1d14113
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
8755269ab9f40852-IAD
content-encoding
br
content-length
507
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
content-type
text/html; charset=utf-8
date
Tue, 16 Apr 2024 15:18:56 GMT
etag
W/"d68297c0e997691a8da25452e7bf68a1"
expect-ct
max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hz0nvjV6APoymu7sGgrJp2WQLMBkhxoyfG4qbXb7xSFm8AgSEcZqaDqiudnbB7WsImiwjoeClKzJGV81sQQ7icq6dFM4bT%2BELZr8AxTq%2Bpxi0yq0wBdZcA3smnsU3rQLRzFs"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000
uuid
a46475e0-fc04-11ee-894d-95fe379dde74
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-robots-tag
noindex
x-xss-protection
0

Redirect headers

Location
https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Non-Authoritative-Reason
HttpsUpgrades
index.639ac1d7.css
static.vanta.com/static/ 		327 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/index.639ac1d7.css
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fbf703f5f2128d755259bfbacd93cb31bc54c578f7b099d4b425b2fb5727766
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"583417d5e25a40200dcf7b94fa4c44be"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vurPtFtQK8yZr%2Fhh8vZPn%2BwgeTyv2MLGX2yRYoiFW%2Fr2ajkkzX%2Fp7HgOGdI8TA895BJgU8DKqka4FUFHwqrQH71qctnwtOcu7XyQNAABvhU%2B6eN0DE5itkBRzjiHs2eh3T7Rr1%2FIGlKIXuxTdURO"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8755269e9c8a9758-FRA
index.9643985c.css
static.vanta.com/static/ 		44 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/index.9643985c.css
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
879406c75ee5420aabb3df516cb06f4b3f09c78403fe658f68edd002ef3cfd31
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"0f9287e63e79fd8228074e4fd6eaac66"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=35kmva6w6zbYcGzYef6T%2BWZUMTdu1JHU0GjR3N67%2FpfWxUOZXeI2n6AihmcATZv5sYYcbHe%2FtShcxy3Zp7fnTVIX8qsw17cKUeasU6%2BWv1UIWMYjAeJOKxPRiXa10jbmh9BBSH0Kn23pI%2BoMd48U"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8755269e9c8c9758-FRA
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
fonts.gstatic.com/s/inter/v13/ 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Origin
https://app.vanta.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 18:20:53 GMT
x-content-type-options
nosniff
age
75484
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46552
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:46:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Apr 2025 18:20:53 GMT
L0x8DFMnlVwD4h3hu_qnZypEiw.woff2
fonts.gstatic.com/s/domine/v20/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/domine/v20/L0x8DFMnlVwD4h3hu_qnZypEiw.woff2
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2f5e0b9e325758a96240d38bcd1eee56916eada73cb6aa63b6d4f21ad93dc55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Origin
https://app.vanta.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 20:17:12 GMT
x-content-type-options
nosniff
age
68505
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28108
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:06:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Apr 2025 20:17:12 GMT
css2
fonts.googleapis.com/ 		13 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
210276eebb083399ebc3333e6cddff185da4bd1612034dc0da9a122bce8c8217
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Tue, 16 Apr 2024 15:18:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 16 Apr 2024 15:18:57 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 16 Apr 2024 15:18:57 GMT
index.679bda3d.css
static.vanta.com/static/ 		152 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/index.679bda3d.css
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbecc419977c8092d57a9c841cdb3e74c23afb73cf5236fe2b40d890c7b1bd86
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"163916a094f63b97d5d3fb5df7305771"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DuTa2ePUoZnZgdL20E6AhuqsWOuRu9pUQG1rs64cHvgvajoGC8T0CiLdDXZcHALwDQoSU2XRI9I9HD8cTm%2FqzN8mkobeaoe0AdE%2B%2BWj5fEyg7N%2FNFARtNWIOiOkwUo4%2B6AkyMmBefefOfsP%2Ft44m"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8755269e9c879758-FRA
index.fd190e71.css
static.vanta.com/static/ 		566 B
651 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/index.fd190e71.css
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9beae50b8ea51cca1e4fe63ceee608977173aeb44a1d1fa6297d93a3e77f5bd8
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"c78a3167656670f91dc7e03525ef6920"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h6f%2Fas2LA7nffCjvRHGxxbinMNvEdA2squARBfhY%2FQ53yTFhXu4LtN71rjseWD154qpmOsZmipA6jtSCnQpymD8SR5%2Bvmkmgn57mDcisVMNEnrIw9frOH5rMQt1ukpP348VHkTNW79ep2DIFdWkW"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8755269e9c8f9758-FRA
index.04727e09.css
static.vanta.com/static/ 		574 B
646 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/index.04727e09.css
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f48582eae2169bd5126b907566d7c70af153b9daff643866b5b98fdac29bd5e7
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"595ce78ec4af2ff37e22c6bf1a059ff7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=874LPXPdnPPhZ1ebgvwdQAVXaYM1i1kY3Gr3FqyTy%2BV1TNOzGwZMcWBKWA1uLHTa5vJto7dGuko4sXAvoBUQoCg1caFiVw1MN%2FJfmgMNE8LfkZyRFFNzqoVqM%2BWmbteXzJWDyncEAzigzHFoL65G"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8755269e9c8e9758-FRA
entry.js
static.vanta.com/static/ 		600 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/entry.js
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f3a912bd35e5bdf93910c73e8b1dbd5be8f797981e6de3290015ee5f8a997ca
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"033d1cfcf2233120de5278cc8a23c62f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7qoPkfOhZ%2FuGuSEV%2Bkj%2B5ReAOK2%2F3AvTBobbfTdLJDCKScok8WeTB9anVUr%2BoXPlU2TJewDy0rabFDySPWSYfLlvGfEg8oelC5BfgIwjLZaBmHeYmRdAXVyG7ujpFV8Ik57"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
8755269f7f228fee-FRA
index.0b8b30d1.js
static.vanta.com/static/ 		17 MB
4 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/index.0b8b30d1.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07ff6fc40b3c11cd65ccb77296f66bb8444ffd9176d1eb2fa8c050cbc1a2a71d
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"16906a3ef2dc21d6fb7f52dfefce805e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vx%2FjBQksrH4oGHsZsSp5a3%2FbKdhbsQU%2BgdAnGl1RCRtE0eYFBnyF4AqRNLAVPZyVwFnYFl2JeqEVhu6rWGOLWVy%2BXjJ9Vj94x%2BOmN%2FgnakoZKSGAIcB3LCzBjEgGqxt85Y%2F%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
875526a00f888fee-FRA
index.runtime.7d24d48a.js
static.vanta.com/static/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/index.runtime.7d24d48a.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0d4b2d34a58e38f70721f7906c11cd0cb96fa53dc71bcf978010d30e8f62dec
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"75f8d6f0acc39cc56af4de8619d66f97"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dw4%2Fm%2F%2BHUMVOc6u%2FeuFQ3wFF9te1cCAj7lm0UNywwO%2F9GeeDn1mlFFrXxu20GzOuOiYlIrSJu2sFOvXAI9YNAr92ogc5BMM%2FrvHtUpXDYOdS6y1ldJaglyGkjVZhE0cJNp9%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
875526a00f8a8fee-FRA
index.runtime.5cdcfecc.js
static.vanta.com/static/ 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/index.runtime.5cdcfecc.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cf058391ca49291f2d81fd4d7ea0ace175f4126cd0e646369c160e9da1c6471
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"a6e38a5c302e7955034f55c73521a502"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7KOOFcimmQoNKwYlWLM9cqqwUyZREzREyjYrEYv3%2BMRKXrFnmvHtC2fdI%2F6%2F36Dunog8Af2POcIW1avBoqF6b4zVydHTuMFSR2ETxBvm6YnUljsIjsXOicZNrwhr3g1GaCL3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
875526a00f8c8fee-FRA
index.66c781cc.js
static.vanta.com/static/ 		16 MB
4 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/index.66c781cc.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/entry.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f05afdb6f705e8a84e9ee5840d0f3179c42454e18ef3d34b9cf71923388033e
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:57 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"b24958e6cee09c9882e34393d7303087"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RaTSr37PrrHbyv1oQzt4T5kAiFtFygGuHN%2BCi8SHCnWEQ5d8sf5dMbFLLoLRj2grcQi4BDdsfb21yYAt%2B1DRZBaTwOunUPq2M%2FbX8z5QCTyC1dBkqDyIFpjxb7GKFx5HFbhW"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
875526a00f8e8fee-FRA
heap-948124972.js
cdn.heapanalytics.com/js/ 		119 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/heap-948124972.js
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.122 -, , ASN (),
Reverse DNS
Software
nginx / Express
Resource Hash
39fe84cc4af8066385f98d191b8f9c4593584f79eb7ec7e5a65a8b66d46defa2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:17:16 GMT
content-encoding
br
via
1.1 b36a9cc0b5286fd650732f1458855500.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-amz-cf-pop
MUC50-P3
age
107
x-powered-by
Express
etag
W/"1dbad-EUyr7SEzos8uX6ZRZfY8xAfYJdk"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=120
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
U_5uIQfDTOj_1ccI7XtC3z-aSgExhliU7ZPJfWMVwguyXWJFcw6rQw==
messo.min.js
fast.trychameleon.com/messo/SOeAVlYm1Kff6u9J5AFDbaPsfTr9EOOBq2sZLM1LYalxB9-1KFOH1-CwwKM1tlygzuj0fF/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.trychameleon.com/messo/SOeAVlYm1Kff6u9J5AFDbaPsfTr9EOOBq2sZLM1LYalxB9-1KFOH1-CwwKM1tlygzuj0fF/messo.min.js
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.66c781cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
990151cb10e0ca555e02f771cfdcd347522fbff5a89de93bf8043b3c99d6f03c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:19:03 GMT
content-encoding
br
via
1.1 chameleon.io (Hyoid)
strict-transport-security
max-age=31557600
last-modified
Fri, 22 Sep 2023 21:19:38 GMT
etag
"d712cb51ddca79bec27267c5dda35ad1"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, no-cache
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
1476
v3
js.stripe.com/ 		602 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.66c781cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.28 -, , ASN (),
Reverse DNS
Software
Cloudfront /
Resource Hash
1ee986c9559accb3926f1aa46716ed382069610d8887ff88da0825516d72a7d9
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:18:16 GMT
content-encoding
br
via
1.1 b9c5f3514baef1f70c91fc9b0be37d2e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
48
x-amz-cf-pop
MUC50-P3
x-cache
Hit from cloudfront
last-modified
Mon, 15 Apr 2024 21:32:53 GMT
server
Cloudfront
etag
W/"f55e0707d929bc34852db43291324e95"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
qnju9FE0alQCumtEFjM39gYEFPgbypzPd4UevGOTzzKQiUVHUi56XQ==
7165088a-e258-4393-b114-36dc7a2063b7
https://app.vanta.com/ 		78 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://app.vanta.com/7165088a-e258-4393-b114-36dc7a2063b7
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0fe02f62f7609cef88ad3183a29e22e6e7b91ab5dcfaa60ec1afdb6c2adb5cb7

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length
78
Content-Type
application/javascript
rum
rum.browser-intake-datadoghq.com/api/v2/ 		53 B
344 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.46.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-client%2Cversion%3Aaf10f814bdc856c528f4c39f9318a8850f8a0e8b&dd-api-key=pub5be58c436de630b41550fa3f1691dcfb&dd-evp-origin-version=4.46.0&dd-evp-origin=browser&dd-request-id=b630a70d-cc37-4bb4-a04c-b55485978b39&batch_time=1713280743762
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.0b8b30d1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:f87f:5831:d7f3:801a -, , ASN (),
Reverse DNS
Software
/
Resource Hash
f13b5adf1390b7e17cff5b4372918affec55e15b5fc07d1f2be609ce2567c8f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 16 Apr 2024 15:19:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
b630a70d-cc37-4bb4-a04c-b55485978b39
8e512694-f95c-4c58-8939-dd3bfdb1cc47
https://app.vanta.com/ 		25 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://app.vanta.com/8e512694-f95c-4c58-8939-dd3bfdb1cc47
Requested by
Host: app.vanta.com
URL: https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef42f4aa8f0b88e6d1cf013c7b79133dc4e036a011a70a25fb3113d7685520f0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length
25814
Content-Type
graphql
app.vanta.com/ 		46 B
534 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.vanta.com/graphql?operation=userContext
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.0b8b30d1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.21.214.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-214-76.compute-1.amazonaws.com
Software
/
Resource Hash
dffb1c14be90215a6513fbf2632c4bd7d22d4cf80c9bc6f0f8ecf378a0ce0dd7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-csrf-token
this_csrf_header_is_constant
Accept-Language
de-DE,de;q=0.9;q=0.9
x-datadog-parent-id
3102908596830157558
sec-ch-ua-platform
"Win32"
apollographql-client-name
web-client
sec-ch-ua-mobile
?0
x-datadog-origin
rum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
x-datadog-sampling-priority
1
content-type
application/json
accept
*/*
Referer
https://app.vanta.com/domain-redirect/657234bfea18d7882cf36ac6/?continue=https%3A%2F%2Fapp.vanta.com%2Ftests%3Ftab%3DEngineering%26status%3DNEEDS_REMEDIATION%26status%3DDUE_SOON%26status%3DOVERDUE%26taskType%3DTEST%26utm_campaign%3DWeeklySummary%26utm_medium%3Demail%26utm_source%3Doperational
apollographql-client-version
6b7a3a
x-datadog-trace-id
7556659091362422975
graphql-schema-version
6b7a3a

Response headers

date
Tue, 16 Apr 2024 15:19:03 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
uuid
a8df4fa0-fc04-11ee-a207-c5e74aaf86b9
content-length
46
x-xss-protection
0
referrer-policy
same-origin
etag
W/"2e-uW8u4Re1bka/8sEJUrv/reRxfQk"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.vanta.com
x-download-options
noopen
cache-control
no-store
access-control-allow-credentials
true
x-robots-tag
noindex
container.js
cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/ 		9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/container.js
Requested by
Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/heap-948124972.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.122 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3c32d161cfee462cdfb38beec0dc3bbe9d111724d93cd3e286aa043bb2b011b3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
D_480R1RW1qeCSUaWI.7kASZs_uYmMEg
content-encoding
gzip
via
1.1 b36a9cc0b5286fd650732f1458855500.cloudfront.net (CloudFront)
date
Tue, 16 Apr 2024 08:54:51 GMT
x-amz-cf-pop
MUC50-P3
age
23258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
4577
last-modified
Wed, 06 Dec 2023 01:28:26 GMT
server
AmazonS3
etag
"a816523d8c1a522488e9c713f4bf003b"
content-type
application/javascript
cache-control
public,max-age=86400
accept-ranges
bytes
x-amz-cf-id
b0t_lYXXPjz4OSN8Hk-Eh4l4boF0grJcx-LD8ZA3mtgrkJO-F-JYQQ==
releasesettings
client-api.auryc.com/ 		2 B
192 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-api.auryc.com/releasesettings?lib=Web
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.0b8b30d1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.66.73.214 -, , ASN (),
Reverse DNS
Software
istio-envoy /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
x-authorized-identity
2792-Main-prod-heap
Referer
https://app.vanta.com/
x-authorized-token
b8f4daa15b465e82641d4ee5be8cbc25
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000 ; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 16 Apr 2024 15:19:03 GMT
server
istio-envoy
vary
accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://app.vanta.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
6
x-xss-protection
1; mode=block
expires
0
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 3525 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.44 -, , ASN (),
Reverse DNS
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://app.vanta.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1697
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Tue, 16 Apr 2024 14:50:48 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 12 Apr 2024 20:17:09 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 d32cecfb780f448e04918056be10c37a.cloudfront.net (CloudFront)
x-amz-cf-id
T-x0mEVXb1mtnCX-AP6huhlabkb_UVcDSbhY-iTz4QvKNVoa9P1ABg==
x-amz-cf-pop
MUC50-P3
x-cache
Hit from cloudfront
x-content-type-options
nosniff
initialize
featuregates.org/v1/ 		150 KB
31 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://featuregates.org/v1/initialize
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.0b8b30d1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e69bf0c92cad509b66f20b82bfd6d0d08514fea5e431a0b140763b28b263ddc3
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff;

Request headers

STATSIG-CLIENT-TIME
1713280743905
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
STATSIG-API-KEY
client-4DR8VopDIR6A65ImpZ7KVTzlHObiLN8NDg16ZEtaOjJ
STATSIG-SDK-VERSION
1.35.0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/json; charset=UTF-8
Referer
https://app.vanta.com/
STATSIG-ENCODED
1
STATSIG-SDK-TYPE
react-client
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:19:04 GMT
content-encoding
gzip
via
1.1 google
content-security-policy
frame-ancestors *.statsig.com
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff;
x-statsig-region
gke-europe-west1
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31633
releasesettings
client-api.auryc.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-api.auryc.com/releasesettings?lib=Web
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.66.73.214 -, , ASN (),
Reverse DNS
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
x-authorized-identity,x-authorized-token
Access-Control-Request-Method
GET
Origin
https://app.vanta.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
x-authorized-identity, x-authorized-token
access-control-allow-methods
OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://app.vanta.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Tue, 16 Apr 2024 15:19:04 GMT
expires
0
pragma
no-cache
server
istio-envoy
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
x-frame-options
DENY
x-xss-protection
1; mode=block
initialize
featuregates.org/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://featuregates.org/v1/initialize
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,statsig-api-key,statsig-client-time,statsig-encoded,statsig-sdk-type,statsig-sdk-version
Access-Control-Request-Method
POST
Origin
https://app.vanta.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,statsig-api-key,statsig-client-time,statsig-encoded,statsig-sdk-type,statsig-sdk-version
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
7200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-security-policy
frame-ancestors *.statsig.com
date
Tue, 16 Apr 2024 15:19:03 GMT
referrer-policy
strict-origin-when-cross-origin
via
1.1 google
x-content-type-options
nosniff;
x-statsig-region
gke-europe-west1
fa-regular-400.a2c46ca3.woff2
static.vanta.com/static/ 		388 KB
390 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/fa-regular-400.a2c46ca3.woff2
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.04727e09.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b7265fb8e98286a6e61d73e4278df35c0e911db1e8a94c82836d0b21088125b
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://static.vanta.com/static/index.04727e09.css
Origin
https://app.vanta.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:19:04 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
397196
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
"360b3ff42fc66112960a975a4ed00125"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V0G9aa5K%2FF0T6GpzxE7UhJflQjKoFCL98nwJHFUgWa1DfNBQChrmzRCVxEssOMS9YvN82xgXi%2Biqt0hdXAu56uwZDOKX7gJDUpB5u7sagxcrRQ9gC38QCWRYl7klxBlLj88M"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
875526cc08204dac-FRA
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://app.vanta.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 13 Apr 2024 15:53:06 GMT
x-content-type-options
nosniff
age
257158
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46704
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:49:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 13 Apr 2025 15:53:06 GMT
h
heapanalytics.com/ 		37 B
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=948124972&u=7881365011010283&v=8065807425705415&s=1359914571714372&b=web&tv=4.0&z=0&h=%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F&q=%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Ftests%253Ftab%253DEngineering%2526status%253DNEEDS_REMEDIATION%2526status%253DDUE_SOON%2526status%253DOVERDUE%2526taskType%253DTEST%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational&d=app.vanta.com&t=Vanta&ts=1713280743805&ubv=123.0.6312.122&upv=10.0.0&sch=1200&scw=1600&st=1713280744219
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.91.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 16 Apr 2024 15:19:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
etag
W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
replay
session-replay.browser-intake-datadoghq.com/api/v2/ 		53 B
344 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://session-replay.browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&ddtags=sdk_version%3A4.46.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-client%2Cversion%3Aaf10f814bdc856c528f4c39f9318a8850f8a0e8b&dd-api-key=pub5be58c436de630b41550fa3f1691dcfb&dd-evp-origin-version=4.46.0&dd-evp-origin=browser&dd-request-id=de083ffd-0266-4c63-878b-1112fefef3fe
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.0b8b30d1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:377:53d9:2f8:4514 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
adb2a658b014cfa395e8234e8c81a2473cb4c2730d7f0727147f6d2e15f43bf5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryaa2zffeJtww4uuun

Response headers

date
Tue, 16 Apr 2024 15:19:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
de083ffd-0266-4c63-878b-1112fefef3fe
h
heapanalytics.com/ 		37 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=948124972&u=7881365011010283&v=65930062906816&s=1359914571714372&b=web&tv=4.0&z=2&h=%2Flogin&q=%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Fdomain-redirect%252F657234bfea18d7882cf36ac6%252F%253Fcontinue%253Dhttps%25253A%25252F%25252Fapp.vanta.com%25252Ftests%25253Ftab%25253DEngineering%252526status%25253DNEEDS_REMEDIATION%252526status%25253DDUE_SOON%252526status%25253DOVERDUE%252526taskType%25253DTEST%252526utm_campaign%25253DWeeklySummary%252526utm_medium%25253Demail%252526utm_source%25253Doperational&d=app.vanta.com&t=Vanta&k=Screen%20Size&k=1600%20x%201200&ts=1713280744235&pr=%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F&sp=z&sp=0&sp=ts&sp=1713280743805&sp=d&sp=app.vanta.com&sp=h&sp=%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F&sp=t&sp=Vanta&sp=q&sp=%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Ftests%253Ftab%253DEngineering%2526status%253DNEEDS_REMEDIATION%2526status%253DDUE_SOON%2526status%253DOVERDUE%2526taskType%253DTEST%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational&ubv=123.0.6312.122&upv=10.0.0&sch=1200&scw=1600&st=1713280744235
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.91.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 16 Apr 2024 15:19:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
etag
W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
L0x8DFMnlVwD4h3hu_qn.woff2
fonts.gstatic.com/s/domine/v23/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/domine/v23/L0x8DFMnlVwD4h3hu_qn.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Domine:wght@400;600&family=Inter:wght@300;400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
41b4ddea1cc70923bc5e2233d5bb0b404533079c4e973d4f719c5d0cd05c3482
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://app.vanta.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 12 Apr 2024 00:51:04 GMT
x-content-type-options
nosniff
age
397680
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28244
x-xss-protection
0
last-modified
Thu, 11 Apr 2024 18:31:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 12 Apr 2025 00:51:04 GMT
fa-solid-900.606c9fa0.woff2
static.vanta.com/static/ 		318 KB
320 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/fa-solid-900.606c9fa0.woff2
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.fd190e71.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4ce23501f658a336323bd90b52746e73e0ddca6be18651594d169b263db5410
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://static.vanta.com/static/index.fd190e71.css
Origin
https://app.vanta.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:19:04 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
325592
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
"fe9f0be7aa9c07747ec8302c87649404"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RbuuXmxX9ycIX4dt6ccvC0MXeIL0msAD%2F3CYbWU%2BJxcB%2BsnYKwVndZNNPaKSRmMvgaBYusOjgljbOWgpHeO7qMsiJY780O42rF0niYdWc9CLdeHww4GuemsYTOoOgLkGVGzB"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
875526cc08224dac-FRA
login-bg.9db678a9.webp
static.vanta.com/static/ 		69 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.vanta.com/static/login-bg.9db678a9.webp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6ca6776e93920e186790ad2a1fb104b2a42d3c6994624661219f822e484f08a
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:19:04 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
70340
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
"64785d980ab7b9cfcc61c4dd119a08a5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fr35ydthFdYcGYCCAp1nedruNMo2SmEWcqnAOwneNYFx%2FJWBsS0qx904MxHK%2BmhTXevtOyTH8rSe7JqpMPMm5%2BdpKTOH8zn8gb5mnG4JAztpOqT6g%2F%2FpnGs1k4SLG3Bt1AYx"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
875526cbcd498fee-FRA
auryc.lib.js
cdn.heapanalytics.com/js/replay/libs/latest/ 		696 KB
186 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/replay/libs/latest/auryc.lib.js
Requested by
Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/replay/2792-Main-prod-heap/container.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.173.154.122 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f01d53f1694d2eaceaf9cfce39cd0ce956159524a95153379037d1b74f3e85ee

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
mwt05ouoSDbehJrG9JsmBrmZXUbT9B5A
content-encoding
gzip
via
1.1 b9c5f3514baef1f70c91fc9b0be37d2e.cloudfront.net (CloudFront)
date
Tue, 16 Apr 2024 06:28:01 GMT
age
31863
x-amz-cf-pop
MUC50-P3
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
190110
last-modified
Wed, 03 Apr 2024 15:31:06 GMT
server
AmazonS3
etag
"e0387bc1b71a2d4e27af0418f645673e"
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
R_hKyp7D4qv2pp9kxs8zDl86G02GMe-eEmPk7YUNHTNPdOgXLZ-H3Q==
rum
rum.browser-intake-datadoghq.com/api/v2/ 		53 B
343 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.46.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aweb-client%2Cversion%3Aaf10f814bdc856c528f4c39f9318a8850f8a0e8b&dd-api-key=pub5be58c436de630b41550fa3f1691dcfb&dd-evp-origin-version=4.46.0&dd-evp-origin=browser&dd-request-id=c2c3a591-27ae-4303-a420-61558705d48d&batch_time=1713280744580
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.0b8b30d1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:f87f:5831:d7f3:801a -, , ASN (),
Reverse DNS
Software
/
Resource Hash
a441ef2bb9c3cc08c06390e61a8027cb3ab468d2ad181b4ff11e86bcd5694f9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 16 Apr 2024 15:19:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
c2c3a591-27ae-4303-a420-61558705d48d
siteconfig
client-api.auryc.com/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-api.auryc.com/siteconfig?lib=web
Requested by
Host: static.vanta.com
URL: https://static.vanta.com/static/index.0b8b30d1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.66.73.214 -, , ASN (),
Reverse DNS
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
x-authorized-identity
2792-Main-prod-heap
Referer
https://app.vanta.com/
x-authorized-token
b8f4daa15b465e82641d4ee5be8cbc25
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000 ; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 16 Apr 2024 15:19:04 GMT
server
istio-envoy
vary
accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://app.vanta.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
x-xss-protection
1; mode=block
expires
0
siteconfig
client-api.auryc.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-api.auryc.com/siteconfig?lib=web
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.66.73.214 -, , ASN (),
Reverse DNS
Software
istio-envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-authorized-identity,x-authorized-token
Access-Control-Request-Method
GET
Origin
https://app.vanta.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type, x-authorized-identity, x-authorized-token
access-control-allow-methods
OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-origin
https://app.vanta.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Tue, 16 Apr 2024 15:19:03 GMT
expires
0
pragma
no-cache
server
istio-envoy
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options
nosniff
x-envoy-upstream-service-time
2
x-frame-options
DENY
x-xss-protection
1; mode=block
favicon-ilma-32.c6a92ec2.webp
static.vanta.com/static/ 		8 KB
10 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://static.vanta.com/static/favicon-ilma-32.c6a92ec2.webp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.vanta.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 15:19:04 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
content-security-policy
default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
8354
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
"dd479de55bd23d3c7614f2e0ec65712b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=btn2xj7x3xtkaHH4e7Ql6jmkzZri94iUzfoEai6mk%2Bg8Pqat2lDAiZmiiQV76DJDTqRsQg%2FS77SDxMY7%2BkJiC6p4TodI1szNfM8pnaPnnrEi%2FEP44AEaed1p1X8m4g9Z4F95"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
cf-ray
875526cea80b8fee-FRA
446aad73-7566-470a-b0c6-d0269553b8dd
https://app.vanta.com/ 		85 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://app.vanta.com/446aad73-7566-470a-b0c6-d0269553b8dd
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length
85
Content-Type
application/javascript
rgstr
events.statsigapi.net/v1/ Frame 		0
0
rgstr
events.statsigapi.net/v1/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
events.statsigapi.net
URL
https://events.statsigapi.net/v1/rgstr
Domain
events.statsigapi.net
URL
https://events.statsigapi.net/v1/rgstr

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| s object| scriptSrcs object| scriptIds number| scriptIdx string| scriptUrl object| scriptId function| parcelRequiree1d7

0 Cookies

1 Console Messages

Source Level URL
Text
other warning URL: https://app.vanta.com/login?continue=https%3A%2F%2Fapp.vanta.com%2Fdomain-redirect%2F657234bfea18d7882cf36ac6%2F%3Fcontinue%3Dhttps%253A%252F%252Fapp.vanta.com%252Ftests%253Ftab%253DEngineering%2526status%253DNEEDS_REMEDIATION%2526status%253DDUE_SOON%2526status%253DOVERDUE%2526taskType%253DTEST%2526utm_campaign%253DWeeklySummary%2526utm_medium%253Demail%2526utm_source%253Doperational
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' vanta.com *.vanta.com;font-src 'self' data: fast.fonts.net vanta.com *.vanta.com fast.ssqt.io fonts.gstatic.com use.typekit.net;media-src 'self' vanta.com *.vanta.com static.zdassets.com d1s1h6icvugosb.cloudfront.net dzas9mj7ubt6.cloudfront.net data: https://*.commandbar.com;frame-ancestors 'self';frame-src cdn.merge.dev embedly-cdn.trychameleon.com fast.trychameleon.com vanta.chilipiper.com vanta.com *.vanta.com 'self' *.oneschema.co blob: https://duploservices-prod01-exports2-415703579972.s3.amazonaws.com https://*.commandbar.com www.youtube-nocookie.com www.youtube.com www.loom.com https://js.stripe.com https://decagon.ai;img-src 'self' blob: data: *;script-src 'report-sample' 'sha256-Ine/Ce2Xi6o1qJ9GSF4klg+kN287L+y5/fIgql4A7EI=' 'sha256-Z0bKlgxCeq39CcBglG4oWnWRv1qDPQ+x6bKBhsEn0Xc=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://fonts.google.com cdn.jsdelivr.net fast.fonts.net https://*.commandbar.com;object-src 'none';connect-src * data:;child-src blob: 'self' vanta.com *.vanta.com;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub043e3a57772658a58a4bb910ce747aa1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:prod%2cservice:web%2cversion:undefined;base-uri 'self';block-all-mixed-content;
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.vanta.com
cdn.heapanalytics.com
client-api.auryc.com
events.statsigapi.net
fast.trychameleon.com
featuregates.org
fonts.googleapis.com
fonts.gstatic.com
heapanalytics.com
js.stripe.com
rum.browser-intake-datadoghq.com
session-replay.browser-intake-datadoghq.com
static.vanta.com
events.statsigapi.net
107.21.214.76
151.101.130.137
18.173.154.122
18.173.154.28
18.173.154.44
188.114.96.3
2600:1f18:24e6:b902:377:53d9:2f8:4514
2600:1f18:24e6:b902:f87f:5831:d7f3:801a
2a00:1450:4001:80e::2003
2a00:1450:4001:811::200a
2a06:98c1:3120::3
3.210.91.20
34.128.128.0
34.66.73.214
07ff6fc40b3c11cd65ccb77296f66bb8444ffd9176d1eb2fa8c050cbc1a2a71d
0f3a912bd35e5bdf93910c73e8b1dbd5be8f797981e6de3290015ee5f8a997ca
0fe02f62f7609cef88ad3183a29e22e6e7b91ab5dcfaa60ec1afdb6c2adb5cb7
1ee986c9559accb3926f1aa46716ed382069610d8887ff88da0825516d72a7d9
210276eebb083399ebc3333e6cddff185da4bd1612034dc0da9a122bce8c8217
2b7265fb8e98286a6e61d73e4278df35c0e911db1e8a94c82836d0b21088125b
39fe84cc4af8066385f98d191b8f9c4593584f79eb7ec7e5a65a8b66d46defa2
3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1
3c32d161cfee462cdfb38beec0dc3bbe9d111724d93cd3e286aa043bb2b011b3
41b4ddea1cc70923bc5e2233d5bb0b404533079c4e973d4f719c5d0cd05c3482
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5cf058391ca49291f2d81fd4d7ea0ace175f4126cd0e646369c160e9da1c6471
879406c75ee5420aabb3df516cb06f4b3f09c78403fe658f68edd002ef3cfd31
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
8f05afdb6f705e8a84e9ee5840d0f3179c42454e18ef3d34b9cf71923388033e
990151cb10e0ca555e02f771cfdcd347522fbff5a89de93bf8043b3c99d6f03c
9beae50b8ea51cca1e4fe63ceee608977173aeb44a1d1fa6297d93a3e77f5bd8
9fbf703f5f2128d755259bfbacd93cb31bc54c578f7b099d4b425b2fb5727766
a441ef2bb9c3cc08c06390e61a8027cb3ab468d2ad181b4ff11e86bcd5694f9a
a4ce23501f658a336323bd90b52746e73e0ddca6be18651594d169b263db5410
adb2a658b014cfa395e8234e8c81a2473cb4c2730d7f0727147f6d2e15f43bf5
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbecc419977c8092d57a9c841cdb3e74c23afb73cf5236fe2b40d890c7b1bd86
d0d4b2d34a58e38f70721f7906c11cd0cb96fa53dc71bcf978010d30e8f62dec
dffb1c14be90215a6513fbf2632c4bd7d22d4cf80c9bc6f0f8ecf378a0ce0dd7
e2f5e0b9e325758a96240d38bcd1eee56916eada73cb6aa63b6d4f21ad93dc55
e69bf0c92cad509b66f20b82bfd6d0d08514fea5e431a0b140763b28b263ddc3
ef42f4aa8f0b88e6d1cf013c7b79133dc4e036a011a70a25fb3113d7685520f0
f01d53f1694d2eaceaf9cfce39cd0ce956159524a95153379037d1b74f3e85ee
f13b5adf1390b7e17cff5b4372918affec55e15b5fc07d1f2be609ce2567c8f6
f48582eae2169bd5126b907566d7c70af153b9daff643866b5b98fdac29bd5e7
f695d56c212d4db236301f330b242b76f2df91813b63e5cbbc6a9873e1d14113
f6ca6776e93920e186790ad2a1fb104b2a42d3c6994624661219f822e484f08a