platform.securityscorecard.io Open in urlscan Pro
65.9.95.77 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://atlas.securityscorecard.io/
Effective URL:
https://platform.securityscorecard.io/
Submission: On October 18 via api (October 18th 2022, 5:00:40 pm UTC) from US — Scanned from DE

Summary HTTP 57 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 22 IPs in 4 countries across 15 domains to perform 57 HTTP transactions. The main IP is 65.9.95.77, located in United States and belongs to AMAZON-02, US. The main domain is platform.securityscorecard.io. The Cisco Umbrella rank of the primary domain is 269682.
TLS certificate: Issued by Amazon on January 26th 2022. Valid for: a year.

This is the only time platform.securityscorecard.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	65.9.95.75 65.9.95.75	16509 (AMAZON-02) (AMAZON-02)
3	151.101.128.176 151.101.128.176	54113 (FASTLY) (FASTLY)
1 1	147.75.40.150 147.75.40.150	54825 (PACKET) (PACKET)
1	2a05:d014:275... 2a05:d014:275:cb02:b2b8:b4ca:8518:7335	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:212... 2600:9000:2127:c00:1f:aa31:7740:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
4	65.9.95.65 65.9.95.65	16509 (AMAZON-02) (AMAZON-02)
3	54.187.159.182 54.187.159.182	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:212... 2600:9000:2127:8e00:19:7d10:bd80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.42.109.198 52.42.109.198	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:24e... 2600:1f18:24e6:b901:6790:af1:bf99:3f63	14618 (AMAZON-AES) (AMAZON-AES)
7	65.9.95.77 65.9.95.77	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:830::200d	15169 (GOOGLE) (GOOGLE)
2	52.215.192.133 52.215.192.133	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::200a	() ()
1	35.201.112.186 35.201.112.186	() ()
1	34.102.206.94 34.102.206.94	() ()
3	65.9.95.87 65.9.95.87	() ()
2	2a00:1450:400... 2a00:1450:4001:80e::2011	() ()
1	35.186.194.58 35.186.194.58	() ()
1	2a00:1450:400... 2a00:1450:4001:82a::2003	() ()
4	34.67.250.180 34.67.250.180	() ()
57	22

4 65.9.95.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-75.prg50.r.cloudfront.net

atlas.securityscorecard.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.128.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.40.150 (Amsterdam, Netherlands) 1 redirects

ASN54825 (PACKET, US)

fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d014:275:cb02:b2b8:b4ca:8518:7335 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

www.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2127:c00:1f:aa31:7740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 65.9.95.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-65.prg50.r.cloudfront.net

platform-api.securityscorecard.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2127:8e00:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.42.109.198 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-109-198.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:24e6:b901:6790:af1:bf99:3f63 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rum-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 65.9.95.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-77.prg50.r.cloudfront.net

platform.securityscorecard.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.192.133 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-192-133.eu-west-1.compute.amazonaws.com

f9zwqyg9kgyd.statuspage.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.112.186 (None, )

ASN- ()

edge.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.206.94 (None, )

ASN- ()

script.impactproduct.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.95.87 (None, )

ASN- ()

cdn.heapanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2011 (None, )

ASN- ()

csp.withgoogle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.194.58 (None, )

ASN- ()

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.67.250.180 (None, )

ASN- ()

client-api.auryc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	securityscorecard.io atlas.securityscorecard.io platform-api.securityscorecard.io — Cisco Umbrella Rank: 211445 platform.securityscorecard.io — Cisco Umbrella Rank: 269682	9 MB
7	stripe.com js.stripe.com — Cisco Umbrella Rank: 1212 q.stripe.com — Cisco Umbrella Rank: 7555 m.stripe.com — Cisco Umbrella Rank: 1150	93 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	20 KB
4	auryc.com client-api.auryc.com	1 KB
4	fullstory.com 1 redirects fullstory.com — Cisco Umbrella Rank: 1643 www.fullstory.com — Cisco Umbrella Rank: 22657 edge.fullstory.com rs.fullstory.com	65 KB
3	google.com accounts.google.com — Cisco Umbrella Rank: 83	149 KB
3	heapanalytics.com cdn.heapanalytics.com Failed	226 KB
2	withgoogle.com csp.withgoogle.com
2	statuspage.io f9zwqyg9kgyd.statuspage.io — Cisco Umbrella Rank: 178027	5 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1274	16 KB
2	pendo.io cdn.pendo.io — Cisco Umbrella Rank: 842	267 KB
1	gstatic.com fonts.gstatic.com	27 KB
1	impactproduct.com script.impactproduct.com script-api.impactproduct.com Failed	14 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	datadoghq.com rum-http-intake.logs.datadoghq.com — Cisco Umbrella Rank: 3879
57	15

	Domain	Requested by
7	platform.securityscorecard.io	atlas.securityscorecard.io platform.securityscorecard.io
5	www.google-analytics.com	atlas.securityscorecard.io
4	client-api.auryc.com	cdn.heapanalytics.com edge.fullstory.com
4	platform-api.securityscorecard.io	atlas.securityscorecard.io
4	atlas.securityscorecard.io	atlas.securityscorecard.io
3	accounts.google.com	platform.securityscorecard.io accounts.google.com
3	q.stripe.com	atlas.securityscorecard.io
3	cdn.heapanalytics.com	atlas.securityscorecard.io platform.securityscorecard.io cdn.heapanalytics.com
3	js.stripe.com	atlas.securityscorecard.io js.stripe.com
2	csp.withgoogle.com	atlas.securityscorecard.io
2	f9zwqyg9kgyd.statuspage.io	platform.securityscorecard.io f9zwqyg9kgyd.statuspage.io
2	m.stripe.network	js.stripe.com m.stripe.network
2	cdn.pendo.io	atlas.securityscorecard.io platform.securityscorecard.io
1	fonts.gstatic.com	platform.securityscorecard.io
1	rs.fullstory.com	edge.fullstory.com
1	script.impactproduct.com	platform.securityscorecard.io
1	edge.fullstory.com	platform.securityscorecard.io
1	fonts.googleapis.com	client
1	rum-http-intake.logs.datadoghq.com	atlas.securityscorecard.io
1	m.stripe.com	m.stripe.network
1	www.fullstory.com	atlas.securityscorecard.io
1	fullstory.com	1 redirects
0	script-api.impactproduct.com Failed	script.impactproduct.com
57	23

This site contains links to these domains. Also see Links.

Domain
securityscorecard.com

Subject Issuer	Validity	Valid
*.atlas.securityscorecard.io Amazon	`2022-07-28` - `2023-08-26`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2022-08-31` - `2023-01-10`	4 months	crt.sh
cdn.pendo.io Amazon	`2022-07-30` - `2023-08-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.securityscorecard.io Amazon	`2022-01-26` - `2023-02-23`	a year	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-06` - `2022-12-07`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-15` - `2023-01-26`	4 months	crt.sh
*.logs.datadoghq.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-26` - `2023-04-26`	a year	crt.sh
accounts.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.statuspage.io DigiCert TLS RSA SHA256 2020 CA1	`2022-08-08` - `2023-08-22`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
edge.fullstory.com GTS CA 1D4	`2022-10-06` - `2023-01-04`	3 months	crt.sh
impactproduct.com R3	`2022-09-21` - `2022-12-20`	3 months	crt.sh
cdn.heapanalytics.com Amazon	`2022-07-29` - `2023-08-27`	a year	crt.sh
*.appspot.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.fullstory.com R3	`2022-10-12` - `2023-01-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.auryc.com R3	`2022-09-29` - `2022-12-28`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://platform.securityscorecard.io/
Frame ID: 41A199A5CD96C60285B6803DDD65FBF8
Requests: 40 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 1BFF4CA3551AAC2F9FBF694178E32577
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 2C2A530F8E15C58B0EE17FF27367ACF8
Requests: 4 HTTP requests in this frame

Frame: https://f9zwqyg9kgyd.statuspage.io/embed/frame
Frame ID: 67B0FCA1CFA9315108CC7693A4595991
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/gsi/button?type=standard&shape=rectangular&theme=filled_white&context=signin&size=large&logo_alignment=center&width=354&client_id=991989676802-2osgcafrmlegupjfifkajm8nnauet4l6.apps.googleusercontent.com&iframe_id=gsi_438681_356535&as=fvX8mtOmM2gVQorMZQe3tA&hl=en-US
Frame ID: 09CD78351DA7A67B663B501D7D62AB2B
Requests: 3 HTTP requests in this frame

Frame: https://accounts.google.com/gsi/button?type=standard&shape=rectangular&theme=filled_white&context=signin&size=large&logo_alignment=center&width=354&client_id=991989676802-2osgcafrmlegupjfifkajm8nnauet4l6.apps.googleusercontent.com&iframe_id=gsi_438708_886859&as=fvX8mtOmM2gVQorMZQe3tA&hl=en-US
Frame ID: A2BD282911BE6DEA6E4B1EC297EA8B4F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login to SecurityScorecard

Page URL History Show full URLs

https://atlas.securityscorecard.io/ Page URL
https://platform.securityscorecard.io/ Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Heap (Analytics) Expand

Overall confidence: 100%
Detected patterns

heap-\d+\.js

Page Statistics

57
Requests

89 %
HTTPS

41 %
IPv6

15
Domains

23
Subdomains

22
IPs

4
Countries

10025 kB
Transfer

26732 kB
Size

9
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://securityscorecard.com/
Title: About us

Search URL Search Domain Scan URL

URL: https://securityscorecard.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://securityscorecard.com/eusa
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://securityscorecard.com/
Title: About us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://atlas.securityscorecard.io/ Page URL
https://platform.securityscorecard.io/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://fullstory.com/s/fs.js HTTP 301
https://www.fullstory.com/s/fs.js

57 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
atlas.securityscorecard.io/ 3 KB
4 KB 614ms
56ms Document
text/html 65.9.95.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://atlas.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-75.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e25880e509b2dcf1833fef0dbb1653f7a47e5ff89cc48a77a7bdfe3e0a9744f4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .securityscorecard.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://.fullstory.com https://www.google-analytics.com https://.pendo.io .storage.googleapis.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com .storage.googleapis.com https://fonts.googleapis.com/; img-src 'self' blob: https://atlas.securityscorecard.tech/ data: pendo-static-5689581948633088.storage.googleapis.com https://.pendo.io https://www.google-analytics.com https://s3.amazonaws.com/ssc-static/ https://stats.g.doubleclick.net/ .storage.googleapis.com https://atlas.securityscorecard.tech/; connect-src 'self' http://localhost:5000 https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com https://rs.fullstory.com .securityscorecard.io https://www.google-analytics.com .storage.googleapis.com https://js.stripe.com/ https://sentry.io https://.datadoghq.com; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; child-src https://.pendo.io; frame-src 'self' https://.pendo.io https://js.stripe.com/; frame-ancestors https://.pendo.io; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1273
content-length: 2577
content-security-policy: default-src 'self' *.securityscorecard.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://*.fullstory.com https://www.google-analytics.com https://*.pendo.io *.storage.googleapis.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com *.storage.googleapis.com https://fonts.googleapis.com/; img-src 'self' blob: https://atlas.securityscorecard.tech/ data: pendo-static-5689581948633088.storage.googleapis.com https://*.pendo.io https://www.google-analytics.com https://s3.amazonaws.com/ssc-static/ https://stats.g.doubleclick.net/ *.storage.googleapis.com https://atlas.securityscorecard.tech/; connect-src 'self' http://localhost:5000 https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com https://rs.fullstory.com *.securityscorecard.io https://www.google-analytics.com *.storage.googleapis.com https://js.stripe.com/ https://sentry.io https://*.datadoghq.com; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; child-src https://*.pendo.io; frame-src 'self' https://*.pendo.io https://js.stripe.com/; frame-ancestors https://*.pendo.io; object-src 'none'
content-type: text/html
date: Tue, 18 Oct 2022 16:39:22 GMT
etag: "f9abc6b50d1845693ed90d0351d24734"
last-modified: Thu, 29 Sep 2022 23:11:47 GMT
referrer-policy: origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 0c8bf5614b4bcc3e76982cb7ff9a7662.cloudfront.net (CloudFront)
x-amz-cf-id: _B9k6bqS19qe8G58yiBkRisTXYyexMWoWFt5avvNieFJ3mXPE1M6Hg==
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: sameorigin
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
js.stripe.com/v3/ 372 KB
90 KB 39ms
6ms Script
text/javascript 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

493f90e19a3c2305e203475dfadaf0112d116273314b7d12b12cc5a4cdc5fbe7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://atlas.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 18 Oct 2022 17:00:34 GMT
via: 1.1 varnish
age: 21
x-cache: HIT
content-length: 91692
x-request-id: 32294171-1cb8-43be-b7ec-46c858bf5d8b
x-served-by: cache-hhn4070-HHN
last-modified: Tue, 18 Oct 2022 00:27:01 GMT
server: Fastly
etag: "111d7535335f2d9fa3b9fa5811b1f1e0"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 4

GET
H2 200 main.a40fdf17.js Show response
atlas.securityscorecard.io/static/js/ 5 MB
5 MB 72ms
72ms Script
application/javascript 65.9.95.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://atlas.securityscorecard.io/static/js/main.a40fdf17.js

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-75.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

832b32c46f2850000fed5ef3052aff7ab1dfaf0a9ccbbb452260936573ad1b98

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .securityscorecard.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://.fullstory.com https://www.google-analytics.com https://.pendo.io .storage.googleapis.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com .storage.googleapis.com https://fonts.googleapis.com/; img-src 'self' blob: https://atlas.securityscorecard.tech/ data: pendo-static-5689581948633088.storage.googleapis.com https://.pendo.io https://www.google-analytics.com https://s3.amazonaws.com/ssc-static/ https://stats.g.doubleclick.net/ .storage.googleapis.com https://atlas.securityscorecard.tech/; connect-src 'self' http://localhost:5000 https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com https://rs.fullstory.com .securityscorecard.io https://www.google-analytics.com .storage.googleapis.com https://js.stripe.com/ https://sentry.io https://.datadoghq.com; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; child-src https://.pendo.io; frame-src 'self' https://.pendo.io https://js.stripe.com/; frame-ancestors https://.pendo.io; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://atlas.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'self' *.securityscorecard.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://*.fullstory.com https://www.google-analytics.com https://*.pendo.io *.storage.googleapis.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com *.storage.googleapis.com https://fonts.googleapis.com/; img-src 'self' blob: https://atlas.securityscorecard.tech/ data: pendo-static-5689581948633088.storage.googleapis.com https://*.pendo.io https://www.google-analytics.com https://s3.amazonaws.com/ssc-static/ https://stats.g.doubleclick.net/ *.storage.googleapis.com https://atlas.securityscorecard.tech/; connect-src 'self' http://localhost:5000 https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com https://rs.fullstory.com *.securityscorecard.io https://www.google-analytics.com *.storage.googleapis.com https://js.stripe.com/ https://sentry.io https://*.datadoghq.com; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; child-src https://*.pendo.io; frame-src 'self' https://*.pendo.io https://js.stripe.com/; frame-ancestors https://*.pendo.io; object-src 'none'
x-content-type-options: nosniff
date: Tue, 18 Oct 2022 16:05:53 GMT
via: 1.1 0c8bf5614b4bcc3e76982cb7ff9a7662.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: PRG50-C1
age: 3282
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 4735143
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Thu, 29 Sep 2022 23:11:47 GMT
server: AmazonS3
etag: "09587b5dc566aae4e933ba5b34cf1041"
x-frame-options: sameorigin
content-type: application/javascript
accept-ranges: bytes
x-amz-cf-id: 0y_ZO_WLE7L7DwJ1nHcQ7uO1ImA9Et-7r600S2h2Fn5za-gL7N4bLg==

GET
H2 200 main.ef241559.css
atlas.securityscorecard.io/static/css/ 42 KB
44 KB 55ms
55ms Stylesheet
text/css 65.9.95.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://atlas.securityscorecard.io/static/css/main.ef241559.css

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-75.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

27e7456415c02ffce90ee3757b71ae1c6694d9e2514b14b844c38c36085eaa02

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .securityscorecard.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://.fullstory.com https://www.google-analytics.com https://.pendo.io .storage.googleapis.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com .storage.googleapis.com https://fonts.googleapis.com/; img-src 'self' blob: https://atlas.securityscorecard.tech/ data: pendo-static-5689581948633088.storage.googleapis.com https://.pendo.io https://www.google-analytics.com https://s3.amazonaws.com/ssc-static/ https://stats.g.doubleclick.net/ .storage.googleapis.com https://atlas.securityscorecard.tech/; connect-src 'self' http://localhost:5000 https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com https://rs.fullstory.com .securityscorecard.io https://www.google-analytics.com .storage.googleapis.com https://js.stripe.com/ https://sentry.io https://.datadoghq.com; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; child-src https://.pendo.io; frame-src 'self' https://.pendo.io https://js.stripe.com/; frame-ancestors https://.pendo.io; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://atlas.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'self' *.securityscorecard.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://*.fullstory.com https://www.google-analytics.com https://*.pendo.io *.storage.googleapis.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com *.storage.googleapis.com https://fonts.googleapis.com/; img-src 'self' blob: https://atlas.securityscorecard.tech/ data: pendo-static-5689581948633088.storage.googleapis.com https://*.pendo.io https://www.google-analytics.com https://s3.amazonaws.com/ssc-static/ https://stats.g.doubleclick.net/ *.storage.googleapis.com https://atlas.securityscorecard.tech/; connect-src 'self' http://localhost:5000 https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com https://rs.fullstory.com *.securityscorecard.io https://www.google-analytics.com *.storage.googleapis.com https://js.stripe.com/ https://sentry.io https://*.datadoghq.com; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; child-src https://*.pendo.io; frame-src 'self' https://*.pendo.io https://js.stripe.com/; frame-ancestors https://*.pendo.io; object-src 'none'
x-content-type-options: nosniff
date: Tue, 18 Oct 2022 16:39:22 GMT
via: 1.1 0c8bf5614b4bcc3e76982cb7ff9a7662.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: PRG50-C1
age: 1272
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 43302
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Thu, 29 Sep 2022 23:11:47 GMT
server: AmazonS3
etag: "dc1af9c0e5da3c988e1f7f651a064fe9"
x-frame-options: sameorigin
content-type: text/css
accept-ranges: bytes
x-amz-cf-id: WXlt5gxdX7fRy9Q4PTtCagDiPcxcOCA0QeOfC2mOKJXTcza1xDyYrQ==

GET
H2

404

fs.js
www.fullstory.com/s/
Redirect Chain

https://fullstory.com/s/fs.js
https://www.fullstory.com/s/fs.js

0
0

93ms
45ms

Script
text/html

2a05:d014:275:cb02:b2b8:b4ca:8518:7335
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fullstory.com/s/fs.js
Requested by: Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/
Protocol: H2
Server: 2a05:d014:275:cb02:b2b8:b4ca:8518:7335 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Redirect headers

x-nf-request-id: 01GFP0MC1DZADERA4PWCW6M3CW
date: Tue, 18 Oct 2022 16:17:35 GMT
strict-transport-security: max-age=31536000
referrer-policy: same-origin
x-content-type-options: nosniff
server: Netlify
age: 2579
x-frame-options: DENY
content-type: text/plain
location: https://www.fullstory.com/s/fs.js
cache-control: public, max-age=0, must-revalidate
content-length: 48
x-xss-protection: 1; mode=block

GET
H2 200 pendo.js Show response
cdn.pendo.io/agent/static/c18819ef-f185-46a7-6c2f-59bf376fc654/ 404 KB
133 KB 153ms
69ms Script
application/javascript 2600:9000:2127:c00:1f:aa31:7740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pendo.io/agent/static/c18819ef-f185-46a7-6c2f-59bf376fc654/pendo.js
Requested by: Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:c00:1f:aa31:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 15c60a04ddc45d1b8ea1866c85b1878c1ee01d526ea9fc20687bec80b9791342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://atlas.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 16:59:27 GMT
content-encoding: gzip
via: 1.1 77d19519a1c9ed821ab469548b9d17f4.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 67
x-guploader-uploadid: ADPycduxlpURlVqFcNv-yqP3fxG4BfE-xdUUxVnfuSmufiVO376gq2vW2NOWlOnWE9E8FgHc1deKWfuJ747Zda2KiV2MvHGRuSoJ
x-cache: Hit from cloudfront
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 135580
last-modified: Thu, 13 Oct 2022 18:08:51 GMT
server: UploadServer
etag: "98789296e0b4353b9fefb5ef0f8a665b"
vary: Accept-Encoding
x-goog-generation: 1665684531569626
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=O7YmAQ==, md5=mHiSluC0NTuf77XvD4pmWw==
access-control-expose-headers: *
cache-control: max-age=450
x-goog-stored-content-length: 135580
accept-ranges: bytes
x-amz-cf-id: h1ee-xz92N5JSLag6DygpW9t4Tzi8bdbG8cYtOjNaabHkBtXK-ZsRw==
expires: Tue, 18 Oct 2022 17:06:57 GMT

GET heap-%HEAP_APP_ID%.js
cdn.heapanalytics.com/js/ 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 195ms
38ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/static/js/main.a40fdf17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://atlas.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 18 Oct 2022 15:01:59 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 7115
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Tue, 18 Oct 2022 17:01:59 GMT

OPTIONS
H2 204 myself
platform-api.securityscorecard.io/ Frame 0
0 523ms
464ms Preflight 65.9.95.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.securityscorecard.io/myself

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-65.prg50.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: cache-control,pragma
Access-Control-Request-Method: GET
Origin: https://atlas.securityscorecard.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Accept-Encoding,Accept-Language,Authorization,Cache-Control,Connection,Content-Type,Cookie,Host,If-Modified-Since,If-None-Match,Origin,Pragma,Referer,User-Agent,X-Requested-With,X-CSRF-Token,x-datadog-origin,x-datadog-parent-id,x-datadog-sampled,x-datadog-sampling-priority,x-datadog-trace-id
access-control-allow-methods: GET,HEAD,OPTIONS,PUT,POST,PATCH,DELETE
access-control-allow-origin: https://atlas.securityscorecard.io
access-control-expose-headers: x-csrf-token
access-control-max-age: 21600
date: Tue, 18 Oct 2022 17:00:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
x-amz-cf-id: LdjFZRSH4_W3OZDXTwKre8ZKDzDiZbUqx8L33vcVXj7QoT8AbHqq-A==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 myself Show response
platform-api.securityscorecard.io/ 41 B
668 B 507ms
462ms XHR
application/json 65.9.95.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.securityscorecard.io/myself

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/static/js/main.a40fdf17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-65.prg50.r.cloudfront.net

Software

Resource Hash

91758902c04522a98036171e4aeecdb5bc84293dfddc667b0f166aee838415b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Pragma: no-cache
Cache-Control: no-cache, no-store
Referer: https://atlas.securityscorecard.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 17:00:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 3da92f19744e3229b09a019ec66be172.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
etag: W/"29-G+FrC/VlS6tWD6XGdoonrSk4Jco"
vary: Origin, Accept-Encoding
x-frame-options: DENY
content-type: application/json; charset=utf-8
access-control-allow-origin: https://atlas.securityscorecard.io
x-cache: Miss from cloudfront
access-control-expose-headers: x-csrf-token
access-control-allow-credentials: true
content-length: 41
x-xss-protection: 1; mode=block
x-amz-cf-id: G6qKIUWdH3hOZPZEFn_fPtXppRS2tbx5KxDwMrgEcvxUujrbbbmfnw==

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame 1BFF 200 B
785 B 8ms
7ms Document
text/html 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://atlas.securityscorecard.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 506714
cache-control: max-age=31536000
content-encoding: br
content-length: 122
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 18 Oct 2022 17:00:34 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Wed, 12 Oct 2022 20:13:44 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 287234
x-content-type-options: nosniff
x-request-id: 64d68769-effa-47a2-a23b-804f928130bb
x-served-by: cache-hhn4070-HHN

GET
H2 200 proximanova-bold.otf
atlas.securityscorecard.io/fonts/ 62 KB
64 KB 53ms
52ms Font
font/ttf 65.9.95.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://atlas.securityscorecard.io/fonts/proximanova-bold.otf

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-75.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b9e81a47aecd3d05445ae775f48d08b3de46b2039f1d229a58a87be194e327ec

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .securityscorecard.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://.fullstory.com https://www.google-analytics.com https://.pendo.io .storage.googleapis.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com .storage.googleapis.com https://fonts.googleapis.com/; img-src 'self' blob: https://atlas.securityscorecard.tech/ data: pendo-static-5689581948633088.storage.googleapis.com https://.pendo.io https://www.google-analytics.com https://s3.amazonaws.com/ssc-static/ https://stats.g.doubleclick.net/ .storage.googleapis.com https://atlas.securityscorecard.tech/; connect-src 'self' http://localhost:5000 https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com https://rs.fullstory.com .securityscorecard.io https://www.google-analytics.com .storage.googleapis.com https://js.stripe.com/ https://sentry.io https://.datadoghq.com; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; child-src https://.pendo.io; frame-src 'self' https://.pendo.io https://js.stripe.com/; frame-ancestors https://.pendo.io; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://atlas.securityscorecard.io/
Origin: https://atlas.securityscorecard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: default-src 'self' *.securityscorecard.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://*.fullstory.com https://www.google-analytics.com https://*.pendo.io *.storage.googleapis.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com *.storage.googleapis.com https://fonts.googleapis.com/; img-src 'self' blob: https://atlas.securityscorecard.tech/ data: pendo-static-5689581948633088.storage.googleapis.com https://*.pendo.io https://www.google-analytics.com https://s3.amazonaws.com/ssc-static/ https://stats.g.doubleclick.net/ *.storage.googleapis.com https://atlas.securityscorecard.tech/; connect-src 'self' http://localhost:5000 https://*.pendo.io pendo-static-5689581948633088.storage.googleapis.com https://rs.fullstory.com *.securityscorecard.io https://www.google-analytics.com *.storage.googleapis.com https://js.stripe.com/ https://sentry.io https://*.datadoghq.com; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; child-src https://*.pendo.io; frame-src 'self' https://*.pendo.io https://js.stripe.com/; frame-ancestors https://*.pendo.io; object-src 'none'
x-content-type-options: nosniff
date: Tue, 18 Oct 2022 16:39:23 GMT
via: 1.1 0c8bf5614b4bcc3e76982cb7ff9a7662.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-cf-pop: PRG50-C1
age: 1271
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 63808
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Thu, 29 Sep 2022 23:11:47 GMT
server: AmazonS3
etag: "72b6f2c9990bd3d37b8013a59ed78902"
x-frame-options: sameorigin
content-type: font/ttf
accept-ranges: bytes
x-amz-cf-id: PPnPalSVETPuCMkrFXn4-eb9QgC9FXGYv-s9gsRKDAcubfNlJWy9cw==

POST
H2 200 csp-report
q.stripe.com/ Frame 1BFF 0
570 B 530ms
173ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 18 Oct 2022 17:00:35 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1BFF 0
571 B 528ms
172ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 18 Oct 2022 17:00:35 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
content-length: 0
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 1BFF 526 B
391 B 7ms
6ms Script
text/javascript 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 18 Oct 2022 17:00:34 GMT
via: 1.1 varnish
age: 506713
x-cache: HIT
content-length: 256
x-request-id: 052930bc-b09e-4266-9b6d-dec68724a0cf
x-served-by: cache-hhn4070-HHN
last-modified: Wed, 12 Oct 2022 20:13:43 GMT
server: Fastly
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 255965

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
152 B 48ms
47ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=116610251&t=pageview&_s=1&dl=https%3A%2F%2Fatlas.securityscorecard.io%2F&dp=%2F&ul=en-us&de=UTF-8&dt=ATLAS&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAAC~&jid=1311872828&gjid=561335763&cid=822452717.1666112435&tid=UA-126922233-1&_gid=1384534174.1666112435&_r=1&_slc=1&z=624711126

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/static/js/main.a40fdf17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://atlas.securityscorecard.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 18 Oct 2022 17:00:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://atlas.securityscorecard.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 38ms
38ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=116610251&t=pageview&_s=2&dl=https%3A%2F%2Fatlas.securityscorecard.io%2F&dp=%2F&ul=en-us&de=UTF-8&dt=ATLAS&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAAC~&jid=&gjid=&cid=822452717.1666112435&tid=UA-126922233-1&_gid=1384534174.1666112435&z=266941215

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://atlas.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Oct 2022 11:09:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 21066
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 2C2A 930 B
2 KB 90ms
21ms Document
text/html 2600:9000:2127:8e00:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:8e00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6
cache-control: max-age=300, public
content-length: 930
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 18 Oct 2022 17:00:33 GMT
etag: "fc2e029628f163bb59adc6fa5a31161c"
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-id: Zam9sO5SOU1H8KU_sp8mLeUEFkLOsKfhT0mVt-QY6bXcwwqMlILXxA==
x-amz-cf-pop: PRG50-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 csp-report
q.stripe.com/ Frame 2C2A 0
344 B 412ms
172ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Tue, 18 Oct 2022 17:00:35 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
server: nginx
cross-origin-opener-policy: same-origin
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 1
x-robots-tag: none
content-length: 0
expires: 0

GET
H2 200 out-4.5.42.js Show response
m.stripe.network/ Frame 2C2A 86 KB
14 KB 26ms
25ms Script
text/javascript 2600:9000:2127:8e00:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.42.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:8e00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 18 Oct 2022 16:56:49 GMT
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
server: Cloudfront
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
etag: W/"21df7244385e5c0bdf32da01d0dad6c0"
age: 251
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
x-amz-cf-id: FcTcOxzVPoOsSKIs8c2OwCpA-9mLWwmH-RHjIQ6ps3mHZOu6s1sYow==

POST
H2 200 6 Show response
m.stripe.com/ Frame 2C2A 156 B
523 B 575ms
180ms XHR
application/json 52.42.109.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.42.109.198 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-42-109-198.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

4834e69b9244732d17f67963c00f6da8632958b32c96f9b823a1f170f48dbba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 18 Oct 2022 17:00:35 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: nginx
content-type: application/json;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
38ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=116610251&t=timing&_s=3&dl=https%3A%2F%2Fatlas.securityscorecard.io%2F&ul=en-us&de=UTF-8&dt=ATLAS&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1673&pdt=2&dns=22&rrt=0&srt=56&tcp=536&dit=699&clt=1432&_gst=1201&_gbt=1488&_u=IEBAAAABAAAAAC~&jid=&gjid=&cid=822452717.1666112435&tid=UA-126922233-1&_gid=1384534174.1666112435&z=979554663

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://atlas.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Oct 2022 20:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 75441
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 401 info
platform-api.securityscorecard.io/atlas/users/current/ 53 B
684 B 456ms
456ms XHR
application/json 65.9.95.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.securityscorecard.io/atlas/users/current/info?include_credit_history=true

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/static/js/main.a40fdf17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-65.prg50.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Pragma: no-cache
Cache-Control: no-cache, no-store
Referer: https://atlas.securityscorecard.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 17:00:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 3da92f19744e3229b09a019ec66be172.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
etag: W/"35-QsDNrA5rGKlHUyAm6A+34mDycc4"
vary: Origin, Accept-Encoding
x-frame-options: DENY
content-type: application/json; charset=utf-8
access-control-allow-origin: https://atlas.securityscorecard.io
x-cache: Error from cloudfront
access-control-expose-headers: x-csrf-token
access-control-allow-credentials: true
content-length: 53
x-xss-protection: 1; mode=block
x-amz-cf-id: Fbn1DHN3xQhJilxmTeYrh52dOXw9I_nPxebT4jN4oEvDvkzmyCOrIQ==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 41ms
40ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=116610251&t=timing&_s=4&dl=https%3A%2F%2Fatlas.securityscorecard.io%2F&ul=en-us&de=UTF-8&dt=ATLAS&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&utc=API&utv=user%2FgetMyself&utt=1036&_u=KEBAAAABAAAAAC~&jid=&gjid=&cid=822452717.1666112435&tid=UA-126922233-1&_gid=1384534174.1666112435&z=502007762

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://atlas.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 Oct 2022 20:03:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 75441
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 info
platform-api.securityscorecard.io/atlas/users/current/ Frame 0
0 448ms
446ms Preflight 65.9.95.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.securityscorecard.io/atlas/users/current/info?include_credit_history=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-65.prg50.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: cache-control,pragma
Access-Control-Request-Method: GET
Origin: https://atlas.securityscorecard.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Accept-Encoding,Accept-Language,Authorization,Cache-Control,Connection,Content-Type,Cookie,Host,If-Modified-Since,If-None-Match,Origin,Pragma,Referer,User-Agent,X-Requested-With,X-CSRF-Token,x-datadog-origin,x-datadog-parent-id,x-datadog-sampled,x-datadog-sampling-priority,x-datadog-trace-id
access-control-allow-methods: GET,HEAD,OPTIONS,PUT,POST,PATCH,DELETE
access-control-allow-origin: https://atlas.securityscorecard.io
access-control-expose-headers: x-csrf-token
access-control-max-age: 21600
date: Tue, 18 Oct 2022 17:00:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
via: 1.1 c76f57c516237f120f723cde4dab446e.cloudfront.net (CloudFront)
x-amz-cf-id: QxNj1HRgi-flpChPUAtvomxRhR6sKYP8Q9REAceGqSNMWrDyORX4cQ==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-frame-options: DENY
x-xss-protection: 1; mode=block

POST
H2 200 puba9e51778f5a0b3b17f7e1685ffe6e2b1
rum-http-intake.logs.datadoghq.com/v1/input/ 0
0 439ms
218ms Ping
application/json 2600:1f18:24e6:b901:6790:af1:bf99:3f63
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/puba9e51778f5a0b3b17f7e1685ffe6e2b1?_dd.application_id=7c8ce887-7d1f-4756-b6e7-a10a0ec5b167&ddsource=browser&ddtags=sdk_version:1.26.3,env:prod,service:atlas&batch_time=1666112436851
Requested by: Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/static/js/main.a40fdf17.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:6790:af1:bf99:3f63 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://atlas.securityscorecard.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 Primary Request / Show response
platform.securityscorecard.io/ 43 KB
11 KB 541ms
475ms Document
text/html 65.9.95.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.securityscorecard.io/

Requested by

Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/static/js/main.a40fdf17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-77.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f2552540cf7b63d876916129654376671609808cdf59d2d7a870aca211543c16

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://atlas.securityscorecard.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3475
cache-control: max-age=30
content-encoding: gzip
content-length: 10722
content-security-policy: frame-ancestors 'none';
content-type: text/html; charset=utf-8
date: Tue, 18 Oct 2022 16:02:43 GMT
etag: "d675905b77000b28cc301a9b8d92a8a3"
last-modified: Fri, 14 Oct 2022 18:49:47 GMT
referrer-policy: origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains; preload
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
x-amz-cf-id: 2NdrzJ99X6csGmM25wwqQTuj5QNyZyESPaK1UkfOxCXwKW3A2Q0uKA==
x-amz-cf-pop: PRG50-C1
x-amz-id-2: G91UnvWNELYXczCn6++rioOiw5MlVqIt1OatvZaLCAXxHR8UBg9aubYSJjwg8TYeZPySw8DEa/M=
x-amz-request-id: H1HSXAEBG67QQJ0Q
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: sameorigin
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

GET
H2 200 ssc-ui-core.vendor.js Show response
platform.securityscorecard.io/build/ 2 MB
570 KB 66ms
66ms Script
application/javascript 65.9.95.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.securityscorecard.io/build/ssc-ui-core.vendor.js?66e3cbbbd89f4f1162d2

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-77.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2e3de4eb5abc0239959ce372ad644d14b2e0600ca29bbb826c25e0683472ba91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none';
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
date: Tue, 18 Oct 2022 16:10:26 GMT
x-amz-request-id: VCDVF8ZXG9TYBB2N
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
age: 3011
x-cache: Hit from cloudfront
content-length: 582632
x-amz-id-2: Iiv9y6KBPXaNblX5e7d3m0e+4FKtWRINsz+orzgvN0EjoRkn6uFgpx0dEzzT1JpZrAutGookMLc=
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Fri, 14 Oct 2022 18:49:44 GMT
server: AmazonS3
etag: "4bdd0a87b8529cf27cf811f0a6b2df63"
x-frame-options: sameorigin
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000
accept-ranges: bytes
x-amz-cf-id: bcgiXisw_l5Iwn4PLjxnJYV9oBPgOscuSd1LWPoCKXZMFrdmOknGiQ==

GET
H2 200 ssc-ui-core.main.js Show response
platform.securityscorecard.io/build/ 5 KB
3 KB 144ms
143ms Script
application/javascript 65.9.95.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.securityscorecard.io/build/ssc-ui-core.main.js?66e3cbbbd89f4f1162d2

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-77.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

4e1bcc86fc72730a7a85209082c81478d331d8178e96a07c8db70aba66ce5762

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none';
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
date: Tue, 18 Oct 2022 16:34:32 GMT
x-amz-request-id: 5WN8591QZCJ5SY1Y
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
age: 1566
x-cache: Hit from cloudfront
content-length: 2558
x-amz-id-2: J+mizeq/Qj3c1IT/bq8d8sH+KHWyobRGGy6Z0nK2hkOpk4AjpMAtGqz1rWdArZzDGruUbT0m6ww=
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Fri, 14 Oct 2022 18:49:43 GMT
server: AmazonS3
etag: "3ceed125fc8cdd41f5fd64542afa22f7"
x-frame-options: sameorigin
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000
accept-ranges: bytes
x-amz-cf-id: 5IS_CtPrLnV6_IlDglgQcucxc5FgUb59wZ_hkMWOaXwt8El4UZq2Uw==

GET
H2 200 client Show response
accounts.google.com/gsi/ 190 KB
76 KB 153ms
62ms Script
application/javascript 2a00:1450:4001:830::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8c4930584b07df39cc843c3f2c763d1f2a7caeef0089dc94b7074cdabf95f86a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-o8er8H86FDxHcnD4cGFEog' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 17:00:37 GMT
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-o8er8H86FDxHcnD4cGFEog' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Tue, 18 Oct 2022 17:00:37 GMT

GET
H2 200 ssc-ui-core.chunk-73.40126d864cc2f2b7e23f.js Show response
platform.securityscorecard.io/build/ 5 MB
1 MB 88ms
87ms Script
application/javascript 65.9.95.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.securityscorecard.io/build/ssc-ui-core.chunk-73.40126d864cc2f2b7e23f.js

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/build/ssc-ui-core.main.js?66e3cbbbd89f4f1162d2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-77.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

6b7013d51ce45a0a5437abb73c19c1093ac1f1fe014dc27a892dd256e5826b50

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none';
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
date: Tue, 18 Oct 2022 16:40:36 GMT
x-amz-request-id: J3GA5C304MRP35BE
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
age: 1202
x-cache: Hit from cloudfront
content-length: 1355480
x-amz-id-2: KW8i4SACJDDPKohJc8JQBHEcIC1yaK+3MWSuDZ48b2xk66++ztPdCswsqm+il69LuPeJhLN3HW8=
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Fri, 14 Oct 2022 18:49:41 GMT
server: AmazonS3
etag: "783442b56259bb70fccac022c6e21d0d"
x-frame-options: sameorigin
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
accept-ranges: bytes
x-amz-cf-id: Z74s725f0JRPYKE0W5sJt4Hmf5MeMs-8FGlBPP8fLutiuXDjB39L8g==

GET
H2 200 ssc-ui-core.chunk-446.845012e29016a5da84bc.js Show response
platform.securityscorecard.io/build/ 11 MB
2 MB 173ms
172ms Script
application/javascript 65.9.95.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.securityscorecard.io/build/ssc-ui-core.chunk-446.845012e29016a5da84bc.js

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/build/ssc-ui-core.main.js?66e3cbbbd89f4f1162d2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-77.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

56cb95651ccd45c8c6988880ae48f436a1c054a7b3925d0949a2b45f0f0b6837

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none';
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
date: Tue, 18 Oct 2022 16:47:29 GMT
x-amz-request-id: 68FPH98CKYC6NYCY
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
age: 789
x-cache: Hit from cloudfront
content-length: 2318723
x-amz-id-2: Prs1pG4H5WDxxOKl3Mrjls31mbUkQhu+QlM/UyG5bJfcE0CX0AWVJ019dmOy1lUAdu59E0rXmDE=
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Fri, 14 Oct 2022 18:49:40 GMT
server: AmazonS3
etag: "ab6b8d3bce0f900fff97c17f3a325788"
x-frame-options: sameorigin
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
accept-ranges: bytes
x-amz-cf-id: dYVk4fYzFXSGR0ngF0pwMKcvJPLNT60I5_yYpixHPwkySYZeFXmP8A==

GET
H2 200 browser-support-check.js Show response
platform.securityscorecard.io/ 747 B
1 KB 64ms
64ms Script
application/javascript 65.9.95.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.securityscorecard.io/browser-support-check.js

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-77.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

cabf48f5cc13824593e69570ffd3c7b04aef6e9569587de39da685c031f36d07

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: frame-ancestors 'none';
x-content-type-options: nosniff
date: Tue, 18 Oct 2022 16:42:18 GMT
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
x-amz-request-id: MPF18740CK81N5RM
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
age: 1100
x-cache: Hit from cloudfront
content-length: 747
x-amz-id-2: C8cBcbzYoR8fnVzvA68mzjodQc6ay2Xb77Ys+vBIvuf1maCzxHiZ5T8+cZ7BngHEXcsDw6Pe5SE=
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Fri, 14 Oct 2022 18:49:24 GMT
server: AmazonS3
etag: "9e3eb936a202dd9feb532b8ff0e78dda"
x-frame-options: sameorigin
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
accept-ranges: bytes
x-amz-cf-id: Y1taks7bSCkVDBcfrmQICFYyhka9Ot3QqY49vg1lgOGWkftv_g1htg==

GET
H2 200 script.js Show response
f9zwqyg9kgyd.statuspage.io/embed/ 2 KB
1 KB 265ms
149ms Script
text/javascript 52.215.192.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://f9zwqyg9kgyd.statuspage.io/embed/script.js

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.215.192.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-192-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

44cce793cfba201f0816ab24f597c1bf9bc1b4a3cffe33a8210ab3cb5817a313

Security Headers

Name	Value
Strict-Transport-Security	max-age=259200
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=259200
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 18 Oct 2022 17:00:37 GMT
x-permitted-cross-domain-policies: none
age: 737
x-statuspage-skip-logging: true
x-cache: HIT
x-statuspage-version: f78d3212c5797ba1fde53f9d5df07194449a3095
x-xss-protection: 1; mode=block
x-request-id: bcf87ca2-73c8-4877-b6eb-5ad44ee452f6
x-runtime: 0.052924
referrer-policy: strict-origin-when-cross-origin
etag: W/"gz[44cce793cfba201f0816ab24f597c1bf]"
x-download-options: noopen
vary: Accept,Accept-Encoding,Fastly-SSL
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes

GET
H2 200 frame Show response
f9zwqyg9kgyd.statuspage.io/embed/ Frame 67B0 12 KB
4 KB 149ms
148ms Document
text/html 52.215.192.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://f9zwqyg9kgyd.statuspage.io/embed/frame

Requested by

Host: f9zwqyg9kgyd.statuspage.io
URL: https://f9zwqyg9kgyd.statuspage.io/embed/script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.215.192.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-192-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

01fd20629180a7add64df10cad1d59041582da620a5779f697c8b5797c4d9294

Security Headers

Name	Value
Strict-Transport-Security	max-age=259200
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://platform.securityscorecard.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 452
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 18 Oct 2022 17:00:38 GMT
etag: W/"gz[01fd20629180a7add64df10cad1d5904]"
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=259200
vary: Accept,Accept-Encoding,Fastly-SSL
x-cache: HIT
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: e3cdd5fd-f32e-4793-b312-76d118f6774e
x-runtime: 0.135622
x-statuspage-skip-logging: true
x-statuspage-version: f78d3212c5797ba1fde53f9d5df07194449a3095
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 133ms
48ms Stylesheet
text/css 2a00:1450:4001:806::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 18 Oct 2022 17:00:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 16:39:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Oct 2022 17:00:38 GMT

GET style
accounts.google.com/gsi/ 0
0

GET
H3 200 button
accounts.google.com/gsi/ Frame 09CD 103 KB
37 KB 195ms
118ms Document
text/html 2a00:1450:4001:830::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/button?type=standard&shape=rectangular&theme=filled_white&context=signin&size=large&logo_alignment=center&width=354&client_id=991989676802-2osgcafrmlegupjfifkajm8nnauet4l6.apps.googleusercontent.com&iframe_id=gsi_438681_356535&as=fvX8mtOmM2gVQorMZQe3tA&hl=en-US

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SgsAPJD30bnnFZRoy7i-4w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://platform.securityscorecard.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-SgsAPJD30bnnFZRoy7i-4w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
cross-origin-resource-policy: cross-origin
date: Tue, 18 Oct 2022 17:00:38 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 button
accounts.google.com/gsi/ Frame A2BD 103 KB
37 KB 167ms
92ms Document
text/html 2a00:1450:4001:830::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/gsi/client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http script-src 'report-sample' 'nonce-bsBzAzAKYGWZBn4O4PWCCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://platform.securityscorecard.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http script-src 'report-sample' 'nonce-bsBzAzAKYGWZBn4O4PWCCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
cross-origin-resource-policy: cross-origin
date: Tue, 18 Oct 2022 17:00:38 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6117bb4dde6e99644819d70fe704abaf7a0570cb7134996b06ef0b82c05228a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 fs.js
edge.fullstory.com/s/ 252 KB
63 KB 105ms
34ms Script
application/javascript 35.201.112.186

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/build/ssc-ui-core.chunk-446.845012e29016a5da84bc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

Referer: https://platform.securityscorecard.io/
Origin: https://platform.securityscorecard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 16:10:57 GMT
content-encoding: br
age: 2981
x-guploader-uploadid: ADPycdvWmsFQy3-jWq_OFnppFwCdW2Ff5eWj1CpDIxFxOw5l61cweR3OBrdDHoq-RewfhhSkQoHymxAcA0fdgohtEM0x2iQyrfq0
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64329
last-modified: Tue, 11 Oct 2022 14:35:45 GMT
server: UploadServer
etag: "ec908c0e361566cf5e6be2f0d0795cc4"
vary: Accept-Encoding
x-goog-generation: 1665498945705044
x-goog-hash: crc32c=QhX7mw==, md5=7JCMDjYVZs9ea+Lw0HlcxA==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 64329
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 18 Oct 2022 17:10:57 GMT

GET
H2 200 pendo.js
cdn.pendo.io/agent/static/c18819ef-f185-46a7-6c2f-59bf376fc654/ 404 KB
133 KB 21ms
21ms Script
application/javascript 2600:9000:2127:c00:1f:aa31:7740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pendo.io/agent/static/c18819ef-f185-46a7-6c2f-59bf376fc654/pendo.js
Requested by: Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/build/ssc-ui-core.chunk-446.845012e29016a5da84bc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:c00:1f:aa31:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 16:59:27 GMT
content-encoding: gzip
via: 1.1 77d19519a1c9ed821ab469548b9d17f4.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 71
x-guploader-uploadid: ADPycduxlpURlVqFcNv-yqP3fxG4BfE-xdUUxVnfuSmufiVO376gq2vW2NOWlOnWE9E8FgHc1deKWfuJ747Zda2KiV2MvHGRuSoJ
x-cache: Hit from cloudfront
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 135580
last-modified: Thu, 13 Oct 2022 18:08:51 GMT
server: UploadServer
etag: "98789296e0b4353b9fefb5ef0f8a665b"
vary: Accept-Encoding
x-goog-generation: 1665684531569626
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=O7YmAQ==, md5=mHiSluC0NTuf77XvD4pmWw==
access-control-expose-headers: *
cache-control: max-age=450
x-goog-stored-content-length: 135580
accept-ranges: bytes
x-amz-cf-id: g1ayfOKjlgyDZCS09x9PricCj5R-0azuhCTYt2qsAvpqyscj44TfwA==
expires: Tue, 18 Oct 2022 17:06:57 GMT

GET
H2 200 script.js Show response
script.impactproduct.com/ 13 KB
14 KB 111ms
34ms Script
application/javascript 34.102.206.94

General

Check archive.org

Show headers Download Go to

Full URL: https://script.impactproduct.com/script.js?uuid=3bcd32f3-3c70-4705-8495-1f5340f3bcca
Requested by: Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/build/ssc-ui-core.chunk-446.845012e29016a5da84bc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.206.94 -, , ASN (),
Reverse DNS
Software: UploadServer /
Resource Hash: c8f6d717e17ec986512a81ef01714a9920d82ed5c23a0f2fb2e5a3da3c20172d

Request headers

Referer: https://platform.securityscorecard.io/
Origin: https://platform.securityscorecard.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 16:55:40 GMT
age: 298
x-guploader-uploadid: ADPycdtDa_sZzoWSMpjtdog17gDsBS7tjGLuv4TP4tsYbvb9RglwqdQ97CYaZ-c6MJ9xm8llQmgAVCHeyt_q5UTwLTzGG8GMJVmP
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13755
last-modified: Tue, 18 Oct 2022 14:49:50 GMT
server: UploadServer
etag: "777a090b96a72c721bda40718e94b257"
x-goog-generation: 1666104590487137
x-goog-hash: crc32c=4Q3sEg==, md5=d3oJC5anLHIb2kBxjpSyVw==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 13755
accept-ranges: bytes
content-type: application/javascript
expires: Tue, 18 Oct 2022 17:55:40 GMT

GET
H2 200 heap-714539924.js Show response
cdn.heapanalytics.com/js/ 112 KB
44 KB 115ms
44ms Script
application/javascript 65.9.95.87

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.heapanalytics.com/js/heap-714539924.js

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/build/ssc-ui-core.chunk-446.845012e29016a5da84bc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.87 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

6737e7c099eb86ac9cb396ae872eebaa3f2e7cbd70d5f663a5eaa4208742bc62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 17:00:23 GMT
content-encoding: gzip
via: 1.1 b031f43146c9801101822eabdc464390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
x-amz-cf-pop: PRG50-C1
age: 14
etag: W/"1c1cf-P64cv6QIuU6Et0eY16L3jw"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=120
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 6xhuy-TydLvZ-6RP-4E2Rn48E66LAKqkSC520bd-cN9i72Pba4UjdA==

GET
H2 200 479af3e60a0cf31ad63e.worker.js
platform.securityscorecard.io/build/ 756 KB
215 KB 85ms
84ms Other
application/javascript 65.9.95.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.securityscorecard.io/build/479af3e60a0cf31ad63e.worker.js

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-77.prg50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none';
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: none
date: Tue, 18 Oct 2022 16:23:50 GMT
x-amz-request-id: SFS0HK6YYHQ4GA3N
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
age: 2209
x-cache: Hit from cloudfront
content-length: 219480
x-amz-id-2: sLisM52Py7VDqtBqDLDbS9/D/0jfVBWvWofxvzUc4M4ku1xpc7M6nQRbVTpQRq7amTVxJYJfp4k=
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Fri, 14 Oct 2022 18:49:24 GMT
server: AmazonS3
etag: "b1c7cfcccad0852cbf28fd208a1a13cd"
x-frame-options: sameorigin
content-type: application/javascript; charset=utf-8
cache-control: max-age=30
accept-ranges: bytes
x-amz-cf-id: U9HibbuIzMXsc4HkRQS69FXC_Fd5Y6hv9Xb2uU8thRxDGBKOZPSFVw==

POST
H2 204 identity-sign-in-google-http
csp.withgoogle.com/csp/ Frame A2BD 0
0 448ms
146ms Other
text/html 2a00:1450:4001:80e::2011

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.withgoogle.com/csp/identity-sign-in-google-http
Requested by: Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2011 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://accounts.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/csp-report

Response headers

POST
H2 204 identity-sign-in-google-http
csp.withgoogle.com/csp/ Frame 09CD 0
0 937ms
638ms Other
text/html 2a00:1450:4001:80e::2011

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.withgoogle.com/csp/identity-sign-in-google-http
Requested by: Host: atlas.securityscorecard.io
URL: https://atlas.securityscorecard.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2011 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://accounts.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/csp-report

Response headers

POST script
script-api.impactproduct.com/ 0
0

GET
H3 200 container.js
cdn.heapanalytics.com/js/replay/1788-Main-prod-heap/ 9 KB
4 KB 288ms
22ms Script
application/javascript 65.9.95.87

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.heapanalytics.com/js/replay/1788-Main-prod-heap/container.js
Requested by: Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/heap-714539924.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.9.95.87 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: 3JisUe4zTSUbScwLV_bZpypvIKtc9Wj7
content-encoding: gzip
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
date: Tue, 18 Oct 2022 08:42:23 GMT
age: 29907
x-amz-cf-pop: PRG50-C1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 4267
last-modified: Wed, 12 Oct 2022 14:16:21 GMT
server: AmazonS3
etag: "c6e8e0f35ff40113e16d2738061743d0"
content-type: application/javascript
cache-control: public,max-age=86400
accept-ranges: bytes
x-amz-cf-id: 9DH2pb2COHcNM3JkVeqCsKHOJ_bUZ1KP2eGRD3chUn0qgR7NvuPaUg==

POST
H2 200 page
rs.fullstory.com/rec/ 4 KB
2 KB 553ms
330ms XHR
application/json 35.186.194.58

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/page
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.194.58 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://platform.securityscorecard.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 18 Oct 2022 17:00:39 GMT
content-encoding: gzip
via: 1.1 google
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.securityscorecard.io
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1378

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf
fonts.gstatic.com/s/googlesans/v14/ Frame 09CD 51 KB
27 KB 238ms
39ms Font
font/ttf 2a00:1450:4001:82a::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwM.ttf

Requested by

Host: platform.securityscorecard.io
URL: https://platform.securityscorecard.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
Origin: https://accounts.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 22:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 413066
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27431
x-xss-protection: 0
last-modified: Mon, 22 Apr 2019 23:43:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Oct 2023 22:16:13 GMT

GET
H2 200 releasesettings
client-api.auryc.com/ 2 B
177 B 119ms
118ms XHR
application/json 34.67.250.180

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.auryc.com/releasesettings?lib=Web

Requested by

Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/replay/1788-Main-prod-heap/container.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.67.250.180 -, , ASN (),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-authorized-identity: 1788-Main-prod-heap
Referer: https://platform.securityscorecard.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
x-authorized-token: afb20448558408861dac1f78dec85169

Response headers

pragma: no-cache
date: Tue, 18 Oct 2022 17:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: istio-envoy
vary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: https://platform.securityscorecard.io
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
content-length: 28
x-xss-protection: 1; mode=block
expires: 0

OPTIONS
H2 200 releasesettings
client-api.auryc.com/ Frame 0
0 370ms
117ms Preflight 34.67.250.180

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.auryc.com/releasesettings?lib=Web

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.67.250.180 -, , ASN (),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: x-authorized-identity,x-authorized-token
Access-Control-Request-Method: GET
Origin: https://platform.securityscorecard.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-authorized-identity, x-authorized-token
access-control-allow-methods: OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://platform.securityscorecard.io
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
date: Tue, 18 Oct 2022 17:00:38 GMT
expires: 0
pragma: no-cache
server: istio-envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
x-frame-options: DENY
x-xss-protection: 1; mode=block

POST bundle
rs.fullstory.com/rec/ 0
0

GET
H3 200 auryc.lib.js
cdn.heapanalytics.com/js/replay/libs/latest/ 670 KB
178 KB 24ms
23ms Script
application/javascript 65.9.95.87

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.heapanalytics.com/js/replay/libs/latest/auryc.lib.js
Requested by: Host: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/replay/1788-Main-prod-heap/container.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.9.95.87 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.securityscorecard.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id: Wzc9isea8OxANBe2rKsR7C0epvnhr4zc
content-encoding: gzip
via: 1.1 7bb80b5d9f75710222feac15033d6af0.cloudfront.net (CloudFront)
date: Tue, 18 Oct 2022 09:02:28 GMT
age: 28712
x-amz-cf-pop: PRG50-C1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 181781
last-modified: Tue, 11 Oct 2022 18:45:42 GMT
server: AmazonS3
etag: "27ddebcf0a22ddcc2ad8a0b94252d562"
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: ZnxntlndvAU0Hm7TdfCdEmPpoNf51XSskxEz1BzO5L7yElC3eS3-OA==

GET
H2 200 siteconfig
client-api.auryc.com/ 2 KB
1 KB 118ms
117ms XHR
application/json 34.67.250.180

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.auryc.com/siteconfig?lib=web

Requested by

Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.67.250.180 -, , ASN (),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

x-authorized-identity: 1788-Main-prod-heap
Referer: https://platform.securityscorecard.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
x-authorized-token: afb20448558408861dac1f78dec85169
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 18 Oct 2022 17:00:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: istio-envoy
vary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: https://platform.securityscorecard.io
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
content-length: 989
x-xss-protection: 1; mode=block
expires: 0

OPTIONS
H2 200 siteconfig
client-api.auryc.com/ Frame 0
0 116ms
116ms Preflight 34.67.250.180

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.auryc.com/siteconfig?lib=web

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.67.250.180 -, , ASN (),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-authorized-identity,x-authorized-token
Access-Control-Request-Method: GET
Origin: https://platform.securityscorecard.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type, x-authorized-identity, x-authorized-token
access-control-allow-methods: OPTIONS,HEAD,GET,PUT,POST,DELETE,PATCH
access-control-allow-origin: https://platform.securityscorecard.io
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
date: Tue, 18 Oct 2022 17:00:39 GMT
expires: 0
pragma: no-cache
server: istio-envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
x-envoy-upstream-service-time: 1
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET 565765c9-140e-41f8-bd52-133766927fc2
https://platform.securityscorecard.io/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.heapanalytics.com
URL: https://cdn.heapanalytics.com/js/heap-%HEAP_APP_ID%.js

Domain: accounts.google.com
URL: https://accounts.google.com/gsi/style

Domain: script-api.impactproduct.com
URL: https://script-api.impactproduct.com/script

Domain: rs.fullstory.com
URL: https://rs.fullstory.com/rec/bundle?OrgId=35500&UserId=6729123587657728&SessionId=4778973953757184&PageId=4656080519401472&Seq=1&PageStart=1666112439352&PrevBundleTime=0&LastActivity=10&IsNewSession=true

Domain: platform.securityscorecard.io
URL: blob:https://platform.securityscorecard.io/565765c9-140e-41f8-bd52-133766927fc2

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
atlas.securityscorecard.io/	1970-01-20 06:48:33	Name: _dd_s Value: rum=1&id=15d094ce-d2a9-4a39-bba2-b83e89e74866&created=1666112434676&expire=1666113334676
.atlas.securityscorecard.io/	1970-01-20 16:24:32	Name: _ga Value: GA1.3.822452717.1666112435
.atlas.securityscorecard.io/	1970-01-20 06:49:58	Name: _gid Value: GA1.3.1384534174.1666112435
.atlas.securityscorecard.io/	1970-01-20 06:48:32	Name: _gat Value: 1
m.stripe.com/	1970-01-20 16:24:32	Name: m Value: 821c776a-83ed-4a96-81c8-6515e5315f057db103
.atlas.securityscorecard.io/	1970-01-20 15:34:08	Name: __stripe_mid Value: d7a0d1b8-438f-4aa1-8f95-699614d3ba1b059dd3
.atlas.securityscorecard.io/	1970-01-20 06:48:34	Name: __stripe_sid Value: 6c7171b7-28f5-4b64-8cdf-990d7ca355e7b64e3d
platform-api.securityscorecard.io/	1970-01-20 06:48:36	Name: connect.sid Value: s%3APuuykCh7wQ0I9dQalcHUA3cP7HSi8y_D.1%2B%2FEmYG0nteNoPugjn7xatlA1DWNtdhwYNuVI3%2F5G%2Bg
platform.securityscorecard.io/	1970-01-20 06:48:32	Name: selected-version Value: a1baaa1

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://atlas.securityscorecard.io/ Message: Refused to load the script 'https://cdn.heapanalytics.com/js/heap-%HEAP_APP_ID%.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://.fullstory.com https://www.google-analytics.com https://.pendo.io .storage.googleapis.com https://js.stripe.com/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
network	error	URL: https://www.fullstory.com/s/fs.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
network	error	URL: https://platform-api.securityscorecard.io/atlas/users/current/info?include_credit_history=true Message: Failed to load resource: the server responded with a status of 401 ()
security	error	URL: https://platform.securityscorecard.io/#/external/atlas(Line 7) Message: The Content Security Policy directive 'frame-ancestors' is ignored when delivered via a <meta> element.
security	error	URL: https://f9zwqyg9kgyd.statuspage.io/embed/script.js(Line 29) Message: The Content Security Policy directive 'frame-ancestors' is ignored when delivered via a <meta> element.
security	error	URL: https://accounts.google.com/gsi/client(Line 312) Message: Refused to load the stylesheet 'https://accounts.google.com/gsi/style' because it violates the following Content Security Policy directive: "style-src 'self' https://platform-beta.securityscorecard.io https://www.gstatic.com 'unsafe-inline' blob: https://fonts.googleapis.com https://cdn.pendo.io https://app.pendo.io https://pendo-static-5689581948633088.storage.googleapis.com https://fast.wistia.com https://heapanalytics.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://accounts.google.com/gsi/client(Line 315) Message: The Content Security Policy directive 'frame-ancestors' is ignored when delivered via a <meta> element.
security	error	URL: https://accounts.google.com/gsi/client(Line 315) Message: The Content Security Policy directive 'frame-ancestors' is ignored when delivered via a <meta> element.
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
worker	error	URL: https://platform.securityscorecard.io/#/external/atlas Message: The Content Security Policy directive 'frame-ancestors' is ignored when delivered via a <meta> element.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .securityscorecard.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com pendo-io-static.storage.googleapis.com https://fullstory.com/ https://.fullstory.com https://www.google-analytics.com https://.pendo.io .storage.googleapis.com https://js.stripe.com/; style-src 'self' 'unsafe-inline' https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com .storage.googleapis.com https://fonts.googleapis.com/; img-src 'self' blob: https://atlas.securityscorecard.tech/ data: pendo-static-5689581948633088.storage.googleapis.com https://.pendo.io https://www.google-analytics.com https://s3.amazonaws.com/ssc-static/ https://stats.g.doubleclick.net/ .storage.googleapis.com https://atlas.securityscorecard.tech/; connect-src 'self' http://localhost:5000 https://.pendo.io pendo-static-5689581948633088.storage.googleapis.com https://rs.fullstory.com .securityscorecard.io https://www.google-analytics.com .storage.googleapis.com https://js.stripe.com/ https://sentry.io https://.datadoghq.com; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; child-src https://.pendo.io; frame-src 'self' https://.pendo.io https://js.stripe.com/; frame-ancestors https://.pendo.io; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
atlas.securityscorecard.io
cdn.heapanalytics.com
cdn.pendo.io
client-api.auryc.com
csp.withgoogle.com
edge.fullstory.com
f9zwqyg9kgyd.statuspage.io
fonts.googleapis.com
fonts.gstatic.com
fullstory.com
js.stripe.com
m.stripe.com
m.stripe.network
platform-api.securityscorecard.io
platform.securityscorecard.io
q.stripe.com
rs.fullstory.com
rum-http-intake.logs.datadoghq.com
script-api.impactproduct.com
script.impactproduct.com
www.fullstory.com
www.google-analytics.com
accounts.google.com
cdn.heapanalytics.com
platform.securityscorecard.io
rs.fullstory.com
script-api.impactproduct.com
147.75.40.150
151.101.128.176
2600:1f18:24e6:b901:6790:af1:bf99:3f63
2600:9000:2127:8e00:19:7d10:bd80:93a1
2600:9000:2127:c00:1f:aa31:7740:93a1
2a00:1450:4001:806::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:80e::2011
2a00:1450:4001:82a::2003
2a00:1450:4001:830::200d
2a05:d014:275:cb02:b2b8:b4ca:8518:7335
34.102.206.94
34.67.250.180
35.186.194.58
35.201.112.186
52.215.192.133
52.42.109.198
54.187.159.182
65.9.95.65
65.9.95.75
65.9.95.77
65.9.95.87
01fd20629180a7add64df10cad1d59041582da620a5779f697c8b5797c4d9294
15c60a04ddc45d1b8ea1866c85b1878c1ee01d526ea9fc20687bec80b9791342
27e7456415c02ffce90ee3757b71ae1c6694d9e2514b14b844c38c36085eaa02
2e3de4eb5abc0239959ce372ad644d14b2e0600ca29bbb826c25e0683472ba91
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
44cce793cfba201f0816ab24f597c1bf9bc1b4a3cffe33a8210ab3cb5817a313
4834e69b9244732d17f67963c00f6da8632958b32c96f9b823a1f170f48dbba7
493f90e19a3c2305e203475dfadaf0112d116273314b7d12b12cc5a4cdc5fbe7
4e1bcc86fc72730a7a85209082c81478d331d8178e96a07c8db70aba66ce5762
56cb95651ccd45c8c6988880ae48f436a1c054a7b3925d0949a2b45f0f0b6837
6117bb4dde6e99644819d70fe704abaf7a0570cb7134996b06ef0b82c05228a2
6737e7c099eb86ac9cb396ae872eebaa3f2e7cbd70d5f663a5eaa4208742bc62
6b7013d51ce45a0a5437abb73c19c1093ac1f1fe014dc27a892dd256e5826b50
832b32c46f2850000fed5ef3052aff7ab1dfaf0a9ccbbb452260936573ad1b98
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8c4930584b07df39cc843c3f2c763d1f2a7caeef0089dc94b7074cdabf95f86a
8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353
91758902c04522a98036171e4aeecdb5bc84293dfddc667b0f166aee838415b0
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b9e81a47aecd3d05445ae775f48d08b3de46b2039f1d229a58a87be194e327ec
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
c8f6d717e17ec986512a81ef01714a9920d82ed5c23a0f2fb2e5a3da3c20172d
cabf48f5cc13824593e69570ffd3c7b04aef6e9569587de39da685c031f36d07
e25880e509b2dcf1833fef0dbb1653f7a47e5ff89cc48a77a7bdfe3e0a9744f4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2552540cf7b63d876916129654376671609808cdf59d2d7a870aca211543c16
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083

platform.securityscorecard.io Open in urlscan Pro 65.9.95.77 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

57 Requests

89 %HTTPS

41 %IPv6

15 Domains

23 Subdomains

22 IPs

4 Countries

10025 kBTransfer

26732 kBSize

9 Cookies

4 Outgoing links

Page URL History

Redirected requests

57 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

platform.securityscorecard.io Open in urlscan Pro
65.9.95.77 Public Scan

Screenshot
Live screenshot

Full Image

57
Requests

89 %
HTTPS

41 %
IPv6

15
Domains

23
Subdomains

22
IPs

4
Countries

10025 kB
Transfer

26732 kB
Size

9
Cookies

57 HTTP transactions
1 data transactions