urlscan.io logo urlscan.io
SecurityTrails logo

cms.bfv.de Open in urlscan Pro
54.93.39.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://cms.bfv.de/
Effective URL: https://cms.bfv.de/?0
Submission: On May 07 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 54.93.39.3, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is cms.bfv.de.
TLS certificate: Issued by R3 on May 7th 2024. Valid for: 3 months.
This is the only time cms.bfv.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 19 54.93.39.3 16509 (AMAZON-02)
18 1
Apex Domain
Subdomains		 Transfer
19 bfv.de
cms.bfv.de
303 KB
18 1
Domain Requested by
19 cms.bfv.de 1 redirects cms.bfv.de
18 1

This site contains links to these domains. Also see Links.

Domain
www.bloomreach.com
Subject Issuer Validity Valid
cms.bfv.de
R3		 2024-05-07 -
2024-08-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://cms.bfv.de/?0
Frame ID: 29C3882BD3BDACDB4181580B99A64B16
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bloomreach Experience 15Bloomreach Experience 15

Page URL History Show full URLs

  1. https://cms.bfv.de/ HTTP 302
    https://cms.bfv.de/?0 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

302 kB
Transfer

310 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cms.bfv.de/ HTTP 302
    https://cms.bfv.de/?0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
cms.bfv.de/
Redirect Chain
  • https://cms.bfv.de/
  • https://cms.bfv.de/?0
12 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
ddc7e085dff632d51e18fcbc95d129d5f7d5506ec6ea7b992492f35b5ca66cd4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hippocdn.global.ssl.fastly.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5285379033268224.storage.googleapis.com maps.googleapis.com; style-src 'self' 'unsafe-inline' app.pendo.io cdn.pendo.io pendo-static-5285379033268224.storage.googleapis.com storage.googleapis.com/pendo-static-5285379033268224/ fonts.googleapis.com/css; img-src 'self' data: app.pendo.io cdn.pendo.io data.pendo.io pendo-static-5285379033268224.storage.googleapis.com storage.googleapis.com/pendo-static-5285379033268224/ maps.googleapis.com maps.gstatic.com data:; connect-src 'self' app.pendo.io data.pendo.io pendo-static-5285379033268224.storage.googleapis.com maps.googleapis.com; font-src 'self'; manifest-src 'self'; child-src 'self'; frame-ancestors 'self' app.pendo.io; base-uri 'self'; frame-src 'self' app.pendo.io bloomreach-products.auth0.com bloomreach-dev.us.auth0.com tools.bloomreach.com tools.bloomreach.co.uk tools-staging.bloomreach.com tools-staging.bloomreach.co.uk tools-dev.bloomreach.com tools-dev.bloomreach.co.uk tools-sandbox.bloomreach.com tools-sandbox.bloomreach.co.uk
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, no-cache, max-age=0, must-revalidate
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hippocdn.global.ssl.fastly.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5285379033268224.storage.googleapis.com maps.googleapis.com; style-src 'self' 'unsafe-inline' app.pendo.io cdn.pendo.io pendo-static-5285379033268224.storage.googleapis.com storage.googleapis.com/pendo-static-5285379033268224/ fonts.googleapis.com/css; img-src 'self' data: app.pendo.io cdn.pendo.io data.pendo.io pendo-static-5285379033268224.storage.googleapis.com storage.googleapis.com/pendo-static-5285379033268224/ maps.googleapis.com maps.gstatic.com data:; connect-src 'self' app.pendo.io data.pendo.io pendo-static-5285379033268224.storage.googleapis.com maps.googleapis.com; font-src 'self'; manifest-src 'self'; child-src 'self'; frame-ancestors 'self' app.pendo.io; base-uri 'self'; frame-src 'self' app.pendo.io bloomreach-products.auth0.com bloomreach-dev.us.auth0.com tools.bloomreach.com tools.bloomreach.co.uk tools-staging.bloomreach.com tools-staging.bloomreach.co.uk tools-dev.bloomreach.com tools-dev.bloomreach.co.uk tools-sandbox.bloomreach.com tools-sandbox.bloomreach.co.uk
content-type
text/html;charset=UTF-8
cross-origin-embedder-policy-report-only
require-corp
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 07 May 2024 13:49:14 GMT
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
x-frame-options
sameorigin

Redirect headers

cache-control
no-cache, no-store
content-length
0
content-security-policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hippocdn.global.ssl.fastly.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5285379033268224.storage.googleapis.com maps.googleapis.com; style-src 'self' 'unsafe-inline' app.pendo.io cdn.pendo.io pendo-static-5285379033268224.storage.googleapis.com storage.googleapis.com/pendo-static-5285379033268224/ fonts.googleapis.com/css; img-src 'self' data: app.pendo.io cdn.pendo.io data.pendo.io pendo-static-5285379033268224.storage.googleapis.com storage.googleapis.com/pendo-static-5285379033268224/ maps.googleapis.com maps.gstatic.com data:; connect-src 'self' app.pendo.io data.pendo.io pendo-static-5285379033268224.storage.googleapis.com maps.googleapis.com; font-src 'self'; manifest-src 'self'; child-src 'self'; frame-ancestors 'self' app.pendo.io; base-uri 'self'; frame-src 'self' app.pendo.io bloomreach-products.auth0.com bloomreach-dev.us.auth0.com tools.bloomreach.com tools.bloomreach.co.uk tools-staging.bloomreach.com tools-staging.bloomreach.co.uk tools-dev.bloomreach.com tools-dev.bloomreach.co.uk tools-sandbox.bloomreach.com tools-sandbox.bloomreach.co.uk
cross-origin-embedder-policy-report-only
require-corp
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 07 May 2024 13:49:14 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
./?0
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
jquery-3.6.0-ver-1709292180000.js
cms.bfv.de/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-3.6.0-ver-1709292180000.js
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
dd78a27eb87d65efe3d957a6dba0ce1cfa8fdaadd1803ee38ec3c2b070e5a5cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:23:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/javascript
cache-control
public, max-age=31536000
content-disposition
inline
content-length
89413
expires
Wed, 07 May 2025 13:49:14 GMT
wicket-ajax-jquery-ver-1709292180000.js
cms.bfv.de/wicket/resource/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/res/js/ 		27 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.apache.wicket.ajax.AbstractDefaultAjaxBehavior/res/js/wicket-ajax-jquery-ver-1709292180000.js
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
01c98d0b42ebc6e82182aa60eef96a377a82208b0a5c34f3cae929751276b5fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:23:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/javascript
cache-control
public, max-age=31536000
content-disposition
inline
content-length
27294
expires
Wed, 07 May 2025 13:49:14 GMT
br-login-theme.min.css
cms.bfv.de/skin/hippo-cms/css/ 		19 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/skin/hippo-cms/css/br-login-theme.min.css?antiCache=MgYtedce6yCy8ixf2wM9Hg__
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
4ff75a8560107ee6b758bb423438acb9a0fd611acb378a4695a465b1ebd0bd70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 07 May 2024 13:49:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 21 Mar 2023 16:01:34 GMT
content-type
text/css
cache-control
max-age=31556926
content-length
3996
expires
Wed, 07 May 2025 19:38:00 GMT
global-ver-1709292174000.js
cms.bfv.de/wicket/resource/org.hippoecm.frontend.HippoHeaderItem/js/ 		812 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.HippoHeaderItem/js/global-ver-1709292174000.js
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2c3adf20dbea98f453792b836b0b3e8d58060374653dd04d19bf2e9549bbde2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:22:54 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/javascript
cache-control
public, max-age=31536000
content-disposition
inline
content-length
812
expires
Wed, 07 May 2025 13:49:14 GMT
login-init-ver-1709292288000.js
cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginHeaderItem/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginHeaderItem/login-init-ver-1709292288000.js
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
efbed43a66864cbe60f885149652d2d09a7f33d154f016516817e6bb66e79786
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:24:48 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/javascript
cache-control
public, max-age=31536000
content-disposition
inline
content-length
1397
expires
Wed, 07 May 2025 13:49:14 GMT
PreventResubmit-ver-1709292288000.js
cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginPanel/ 		667 B
1016 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginPanel/PreventResubmit-ver-1709292288000.js
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
7f3bb84fe0784c6e02b77a4ea39f1bc01b9b1eec1ed1111e61751e4a934cedef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:24:48 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/javascript
cache-control
public, max-age=31536000
content-disposition
inline
content-length
667
expires
Wed, 07 May 2025 13:49:14 GMT
login_enterprise-ver-1709292290000.css
cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginPlugin/ 		158 B
502 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginPlugin/login_enterprise-ver-1709292290000.css
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
fcf9cde7b28aa0e32c46dfffb867b536fb10e9a513deb1ac3ef12ffad9eea3c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:24:50 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/css
cache-control
public, max-age=31536000
content-disposition
inline
content-length
158
expires
Wed, 07 May 2025 13:49:14 GMT
modal-ver-1709292180000.js
cms.bfv.de/wicket/resource/org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow/res/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow/res/modal-ver-1709292180000.js
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
ba033992f99ecd950d054753871ecc1da93d5ce025f11256d12001ae2244f6ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:23:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/javascript
cache-control
public, max-age=31536000
content-disposition
inline
content-length
21335
expires
Wed, 07 May 2025 13:49:14 GMT
modal-ver-1709292180000.css
cms.bfv.de/wicket/resource/org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow/res/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow/res/modal-ver-1709292180000.css
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
5a5d43c4cbac44fb7842fcf6071490904f82dabe1c9a20681b18fd645694ff68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:23:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/css
cache-control
public, max-age=31536000
content-disposition
inline
content-length
3636
expires
Wed, 07 May 2025 13:49:14 GMT
hippo-modal-ver-1709292174000.js
cms.bfv.de/wicket/resource/org.hippoecm.frontend.dialog.DialogWindow/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.dialog.DialogWindow/hippo-modal-ver-1709292174000.js
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
fd40d23a601af2c8858f0243f7df19aa56c9bb19f083c241cbc7027604e8ab18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:22:54 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/javascript
cache-control
public, max-age=31536000
content-disposition
inline
content-length
10327
expires
Wed, 07 May 2025 13:49:14 GMT
contextmenu-ver-1709292288000.js
cms.bfv.de/wicket/resource/org.hippoecm.frontend.behaviors.ContextMenuBehavior/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.behaviors.ContextMenuBehavior/contextmenu-ver-1709292288000.js
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/?0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
7273c0827a49f2a9bfd9bc79ccbaf776464dcc579ce36ac6074aa9c846c1b937
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:24:48 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
text/javascript
cache-control
public, max-age=31536000
content-disposition
inline
content-length
3862
expires
Wed, 07 May 2025 13:49:14 GMT
logo-brxm-ent.svg
cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginPlugin/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginPlugin/images/logo-brxm-ent.svg?v=147
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginPlugin/login_enterprise-ver-1709292290000.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
029b96b0f82461c8e7a38758f8155b0d0a5bbcba3951431cba58495e352ba928
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.plugins.login.LoginPlugin/login_enterprise-ver-1709292290000.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:24:50 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
image/svg+xml
cache-control
private, max-age=31536000
content-disposition
inline
content-length
5143
expires
Wed, 07 May 2025 13:49:14 GMT
logo-hi.svg
cms.bfv.de/wicket/resource/org.hippoecm.frontend.skin.Icon/images/login/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.skin.Icon/images/login/logo-hi.svg
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/skin/hippo-cms/css/br-login-theme.min.css?antiCache=MgYtedce6yCy8ixf2wM9Hg__
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
6e077bba452422022d601d9249c906e3ebe8fff25df74f3f76dd0ed8e176ad98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/skin/hippo-cms/css/br-login-theme.min.css?antiCache=MgYtedce6yCy8ixf2wM9Hg__
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:24:48 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
image/svg+xml
cache-control
private, max-age=31536000
content-disposition
inline
content-length
3595
expires
Wed, 07 May 2025 13:49:14 GMT
OpenSans-Regular.woff2
cms.bfv.de/skin/hippo-cms/fonts/open-sans/Regular/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/skin/hippo-cms/fonts/open-sans/Regular/OpenSans-Regular.woff2?v=1.101
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/skin/hippo-cms/css/br-login-theme.min.css?antiCache=MgYtedce6yCy8ixf2wM9Hg__
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2da97418251121ad5b28c6e206316578aae360d47dea2262c90478536624d910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/skin/hippo-cms/css/br-login-theme.min.css?antiCache=MgYtedce6yCy8ixf2wM9Hg__
Origin
https://cms.bfv.de
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
font/woff2
date
Tue, 07 May 2024 13:49:14 GMT
cache-control
max-age=31556926
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
content-length
41684
expires
Wed, 07 May 2025 19:38:00 GMT
login-background-balloon.svg
cms.bfv.de/wicket/resource/org.hippoecm.frontend.skin.Icon/images/login/ 		71 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.skin.Icon/images/login/login-background-balloon.svg
Requested by
Host: cms.bfv.de
URL: https://cms.bfv.de/skin/hippo-cms/css/br-login-theme.min.css?antiCache=MgYtedce6yCy8ixf2wM9Hg__
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
911e43e8abcc207082ba6ce884ed03f76dbdd233fa3d9fd3e8f62167aa652363
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/skin/hippo-cms/css/br-login-theme.min.css?antiCache=MgYtedce6yCy8ixf2wM9Hg__
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:24:48 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
image/svg+xml
cache-control
private, max-age=31536000
content-disposition
inline
content-length
73030
expires
Wed, 07 May 2025 13:49:14 GMT
favicon.ico
cms.bfv.de/navapp-assets/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/navapp-assets/favicon.ico?v=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
89c26da0a93212adb230e8242d2fb1cf71e04866eca39f87df7817815eb921a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
image/vnd.microsoft.icon
date
Tue, 07 May 2024 13:49:14 GMT
cache-control
max-age=31556926
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 21 Mar 2023 16:01:14 GMT
content-length
1767
expires
Wed, 07 May 2025 19:38:00 GMT
cms-icon-ver-1709292288000.png
cms.bfv.de/wicket/resource/org.hippoecm.frontend.service.WicketFaviconServiceImpl/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cms.bfv.de/wicket/resource/org.hippoecm.frontend.service.WicketFaviconServiceImpl/cms-icon-ver-1709292288000.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.93.39.3 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-39-3.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
89c26da0a93212adb230e8242d2fb1cf71e04866eca39f87df7817815eb921a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://cms.bfv.de/?0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
cache
date
Tue, 07 May 2024 13:49:14 GMT
cross-origin-embedder-policy-report-only
require-corp
accept-range
bytes
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 01 Mar 2024 11:24:48 GMT
cross-origin-opener-policy
same-origin-allow-popups
content-type
image/png
cache-control
public, max-age=31536000
content-disposition
inline
content-length
1767
expires
Wed, 07 May 2025 13:49:14 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| Wicket object| Hippo

1 Cookies

Domain/Path Name / Value
cms.bfv.de/ Name: JSESSIONID
Value: BE8832860058EFB30710CE7C1C7F103A

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://cms.bfv.de/?0
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hippocdn.global.ssl.fastly.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5285379033268224.storage.googleapis.com maps.googleapis.com; style-src 'self' 'unsafe-inline' app.pendo.io cdn.pendo.io pendo-static-5285379033268224.storage.googleapis.com storage.googleapis.com/pendo-static-5285379033268224/ fonts.googleapis.com/css; img-src 'self' data: app.pendo.io cdn.pendo.io data.pendo.io pendo-static-5285379033268224.storage.googleapis.com storage.googleapis.com/pendo-static-5285379033268224/ maps.googleapis.com maps.gstatic.com data:; connect-src 'self' app.pendo.io data.pendo.io pendo-static-5285379033268224.storage.googleapis.com maps.googleapis.com; font-src 'self'; manifest-src 'self'; child-src 'self'; frame-ancestors 'self' app.pendo.io; base-uri 'self'; frame-src 'self' app.pendo.io bloomreach-products.auth0.com bloomreach-dev.us.auth0.com tools.bloomreach.com tools.bloomreach.co.uk tools-staging.bloomreach.com tools-staging.bloomreach.co.uk tools-dev.bloomreach.com tools-dev.bloomreach.co.uk tools-sandbox.bloomreach.com tools-sandbox.bloomreach.co.uk
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options sameorigin