urlscan.io logo urlscan.io
SecurityTrails logo

rookie-baby.hello-charles.com Open in urlscan Pro
2606:4700:10::6816:4ec5  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://rookie-baby.hello-charles.com/
Effective URL: https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations
Submission: On December 11 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 2606:4700:10::6816:4ec5, located in United States and belongs to CLOUDFLARENET, US. The main domain is rookie-baby.hello-charles.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 9th 2023. Valid for: a year.
This is the only time rookie-baby.hello-charles.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a04:4e42::622 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
20 5
Apex Domain
Subdomains		 Transfer
12 hello-charles.com
rookie-baby.hello-charles.com
cdn.hello-charles.com — Cisco Umbrella Rank: 264805
3 MB
3 appcues.com
fast.appcues.com — Cisco Umbrella Rank: 4861
134 KB
2 gstatic.com
www.gstatic.com
18 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
931 B
0 heapanalytics.com Failed
cdn.heapanalytics.com Failed
20 5
Domain Requested by
10 rookie-baby.hello-charles.com 1 redirects rookie-baby.hello-charles.com
3 fast.appcues.com rookie-baby.hello-charles.com
fast.appcues.com
2 cdn.hello-charles.com rookie-baby.hello-charles.com
2 www.gstatic.com rookie-baby.hello-charles.com
1 fonts.googleapis.com rookie-baby.hello-charles.com
0 cdn.heapanalytics.com Failed rookie-baby.hello-charles.com
20 6

This site contains links to these domains. Also see Links.

Domain
oauth.prod.charlesidentity.com
Subject Issuer Validity Valid
hello-charles.com
Cloudflare Inc ECC CA-3		 2023-10-09 -
2024-10-08		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
fast.appcues.com
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-08-05 -
2024-09-05		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations
Frame ID: A81B173CA966DB95D35C8D69221F4A3F
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Charles Universe

Page URL History Show full URLs

  1. http://rookie-baby.hello-charles.com/ HTTP 301
    https://rookie-baby.hello-charles.com/ Page URL
  2. https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /firebasejs/([\d.]+)/firebase

Page Statistics

20
Requests

85 %
HTTPS

100 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

2852 kB
Transfer

12644 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://rookie-baby.hello-charles.com/ HTTP 301
    https://rookie-baby.hello-charles.com/ Page URL
  2. https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://rookie-baby.hello-charles.com/ HTTP 301
  • https://rookie-baby.hello-charles.com/

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
rookie-baby.hello-charles.com/
Redirect Chain
  • http://rookie-baby.hello-charles.com/
  • https://rookie-baby.hello-charles.com/
9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rookie-baby.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ce40e53d478fc55f3d7646d76becc8b09eb5bdc37b374eb1e57fef60b3d00c8
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-523630b34bab338f415a6ec5a65e2d52' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-523630b34bab338f415a6ec5a65e2d52' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
834165a7bda31947-FRA
content-encoding
gzip
content-security-policy
default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-523630b34bab338f415a6ec5a65e2d52' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-523630b34bab338f415a6ec5a65e2d52' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
content-type
text/html
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
date
Mon, 11 Dec 2023 23:09:45 GMT
expect-ct
max-age=0
expires
0
last-modified
Mon, 04 Dec 2023 09:47:37 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=0; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
995b9595-daaf-4aab-92f8-ce6cd2ffc37c
x-xss-protection
0

Redirect headers

CF-RAY
834165a77feb4dcb-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Mon, 11 Dec 2023 23:09:45 GMT
Expires
Tue, 12 Dec 2023 00:09:45 GMT
Location
https://rookie-baby.hello-charles.com/
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
css2
fonts.googleapis.com/ 		3 KB
931 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Karla:ital,wght@0,400;0,700;1,400;1,700&display=swap
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c65d97091b3775acbfbbd978d5b6b73100d3ef2bad63d052a74ce4713fc696bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 11 Dec 2023 23:09:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 11 Dec 2023 23:09:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 11 Dec 2023 23:09:45 GMT
130785.js
fast.appcues.com/ 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.appcues.com/130785.js
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Cowboy /
Resource Hash
fe442b1562283f7a27f022c2aafacd83b520e421f2dfbfc6385fea9c51410993

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:46 GMT
content-encoding
gzip
via
1.1 varnish
age
0
x-cache
MISS
content-length
5292
x-request-id
F5_pvfR7gQW7AVwf543j
x-served-by
cache-fra-eddf8230075-FRA
server
Cowboy
x-timer
S1702336186.633857,VS0,VE680
vary
accept-encoding, Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=120,public
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Authorization
x-cache-hits
0
vendor.616a2d10.js
rookie-baby.hello-charles.com/js/ 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://rookie-baby.hello-charles.com/js/vendor.616a2d10.js
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6eb8344528e850e3c4df5c78d3afb5f6e3e44d4824b19b3c45b8eefed06a7737
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-9252941917cf69152e8ca64b802a5285' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-9252941917cf69152e8ca64b802a5285' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:45 GMT
content-security-policy
default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-9252941917cf69152e8ca64b802a5285' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-9252941917cf69152e8ca64b802a5285' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 google
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
fbfe6bf2-984b-4253-831e-fd642590bb61
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 04 Dec 2023 09:47:37 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
"5606e8-6FDyKO0kU3zw8lCXTo+MJHE80LE"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-download-options
noopen
cache-control
public, max-age=31536000
cf-ray
834165a94ed01947-FRA
app.4b99408a.js
rookie-baby.hello-charles.com/js/ 		3 MB
760 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rookie-baby.hello-charles.com/js/app.4b99408a.js
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c713af24709270ff08e04dcf7f242d5d52266026fb0020317c7da3afbdf63797
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-a90a84b465a6fca09cd8288aa0d3ad65' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-a90a84b465a6fca09cd8288aa0d3ad65' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:46 GMT
content-security-policy
default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-a90a84b465a6fca09cd8288aa0d3ad65' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-a90a84b465a6fca09cd8288aa0d3ad65' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 google
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
46ca2b8d-21d2-480b-9c84-ab63e8062608
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 04 Dec 2023 09:47:37 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
"30c688-Eaj2fSOBXATOgZjWRwPuS9s/cvg"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-download-options
noopen
cache-control
public, max-age=31536000
cf-ray
834165ab38371947-FRA
app.0292b014.css
rookie-baby.hello-charles.com/css/ 		561 KB
105 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rookie-baby.hello-charles.com/css/app.0292b014.css
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8103f23aa36ebb5ff0539c9068c4519346842bfd0eb5d1f39538155341ab532
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-c86c7422127cc59e0178684c3dcdb999' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-c86c7422127cc59e0178684c3dcdb999' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:45 GMT
content-security-policy
default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-c86c7422127cc59e0178684c3dcdb999' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-c86c7422127cc59e0178684c3dcdb999' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 google
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
7b02cdf8-d36f-4060-b7e5-b922835b9f74
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 04 Dec 2023 09:47:37 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
"8c47a-MFnF6FUKj9nthPmTHmETeIINox0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-download-options
noopen
cache-control
public, max-age=31536000
cf-ray
834165a80dd91947-FRA
firebase-app.js
www.gstatic.com/firebasejs/8.4.1/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/8.4.1/firebase-app.js
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 22:13:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6763
x-xss-protection
0
last-modified
Tue, 13 Apr 2021 06:56:11 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 10 Dec 2024 22:13:46 GMT
firebase-messaging.js
www.gstatic.com/firebasejs/8.4.1/ 		40 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 05 Dec 2023 17:17:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
539508
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10908
x-xss-protection
0
last-modified
Tue, 13 Apr 2021 06:56:17 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 04 Dec 2024 17:17:57 GMT
appcues.main.d0231f3d493abd624afa4a834d21141fbe717bea.js
fast.appcues.com/generic/main/4.60.54/ 		447 KB
127 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.appcues.com/generic/main/4.60.54/appcues.main.d0231f3d493abd624afa4a834d21141fbe717bea.js
Requested by
Host: fast.appcues.com
URL: https://fast.appcues.com/130785.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://rookie-baby.hello-charles.com/
Origin
https://rookie-baby.hello-charles.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:46 GMT
content-encoding
gzip
via
1.1 varnish
x-amz-request-id
KASBPG7S5GFRZN6A
age
6617
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
129146
x-amz-id-2
ReJJKxLafVpdgyouS5+Y6w/ftIh7XM7BHaGO9cw2hYFkNBmj1OpOIrSo85yrlEdT1R/3FW7IM48jjbY646+lYA==
x-served-by
cache-fra-eddf8230031-FRA
last-modified
Mon, 11 Dec 2023 21:03:01 GMT
server
AmazonS3
x-timer
S1702336186.338076,VS0,VE0
etag
"136a0e750c76bb82358dc6d429683b01"
vary
Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Authorization
x-cache-hits
2
heap-3355954813.js
cdn.heapanalytics.com/js/ 		0
0
emojis-json.afcc65c7.js
rookie-baby.hello-charles.com/js/ 		0
28 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://rookie-baby.hello-charles.com/js/emojis-json.afcc65c7.js
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/js/app.4b99408a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-8065371c4be103eb55580c06204d2382' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-8065371c4be103eb55580c06204d2382' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:46 GMT
content-security-policy
default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-8065371c4be103eb55580c06204d2382' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-8065371c4be103eb55580c06204d2382' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 google
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
cdcc4958-52ab-427c-af0c-cd1d9126b1d2
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 04 Dec 2023 09:47:37 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
"34db4-VzUeNqV2o0rH46X7xHqb1vGMw2o"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-download-options
noopen
cache-control
public, max-age=31536000
cf-ray
834165afbba21947-FRA
truncated
/ 		66 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
image/webp
me
rookie-baby.hello-charles.com/api/v0/ 		138 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rookie-baby.hello-charles.com/api/v0/me
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/js/vendor.616a2d10.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-03f26559c4f183f9808daa7b8bd387d6' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-03f26559c4f183f9808daa7b8bd387d6' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json; charset=utf-8
Referer
https://rookie-baby.hello-charles.com/
X-Client-Type
Charles SDK JavaScript
X-Client-Version
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:46 GMT
content-security-policy
default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-03f26559c4f183f9808daa7b8bd387d6' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-03f26559c4f183f9808daa7b8bd387d6' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
via
1.1 google
x-permitted-cross-domain-policies
none
cf-cache-status
DYNAMIC
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
server-timing
total; dur=5.917948; desc="Total Response Time"
content-length
138
x-xss-protection
0
x-request-id
68ccaa85-d735-45d2-9f65-f99da09cc7e6
x-response-time
8.844ms
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"8a-amEz3A+haUXqw8CQPKoi+uR0Xig"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Origin
content-type
application/json; charset=utf-8
content-language
de-DE
x-download-options
noopen
access-control-expose-headers
Content-Type,Content-Language,Authorization,Accept,Accept-Language,Origin,X-Resource-Count,X-Charles-Cache,X-Requested-With,X-HTTP-Method-Override,Server-Timing
access-control-allow-credentials
true
x-ratelimit-reset
1702336755
x-ratelimit-limit
10000
cf-ray
834165afcba41947-FRA
x-ratelimit-remaining
9999
8ac0dd9f-f80e-4eff-b457-bf7e824cfacd
https://rookie-baby.hello-charles.com/ 		4 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://rookie-baby.hello-charles.com/8ac0dd9f-f80e-4eff-b457-bf7e824cfacd
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Length
4520
Content-Type
application/javascript
8ac0dd9f-f80e-4eff-b457-bf7e824cfacd
https://rookie-baby.hello-charles.com/ 		4 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://rookie-baby.hello-charles.com/8ac0dd9f-f80e-4eff-b457-bf7e824cfacd
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Length
4520
Content-Type
application/javascript
Primary Request auth
rookie-baby.hello-charles.com/api/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/js/app.4b99408a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
921bf1ff62082b68c62e8bfa267bbb21bad82ae86e99f699139c0caa99aa853b
Security Headers
Name Value
Content-Security-Policy default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-665b9eab89d13e063cf65d5bfce1a238' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-665b9eab89d13e063cf65d5bfce1a238' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://rookie-baby.hello-charles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-expose-headers
Content-Type,Content-Language,Authorization,Accept,Accept-Language,Origin,X-Resource-Count,X-Charles-Cache,X-Requested-With,X-HTTP-Method-Override,Server-Timing
cf-cache-status
DYNAMIC
cf-ray
834165b01bf21947-FRA
content-encoding
gzip
content-language
de-DE
content-security-policy
default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-665b9eab89d13e063cf65d5bfce1a238' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-665b9eab89d13e063cf65d5bfce1a238' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
date
Mon, 11 Dec 2023 23:09:46 GMT
expect-ct
max-age=0
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
server-timing
total; dur=39.995396; desc="Total Response Time"
strict-transport-security
max-age=0; includeSubDomains; preload
vary
Origin
via
1.1 google
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-ratelimit-limit
10000
x-ratelimit-remaining
9999
x-ratelimit-reset
1702336756
x-request-id
749b1652-48d7-4f6f-9b93-cc86c2e880e6
x-response-time
46.014ms
x-xss-protection
0
container.d0231f3d493abd624afa4a834d21141fbe717bea.css
fast.appcues.com/generic/main/4.60.54/ 		16 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fast.appcues.com/generic/main/4.60.54/container.d0231f3d493abd624afa4a834d21141fbe717bea.css
Requested by
Host: fast.appcues.com
URL: https://fast.appcues.com/generic/main/4.60.54/appcues.main.d0231f3d493abd624afa4a834d21141fbe717bea.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://rookie-baby.hello-charles.com/
Origin
https://rookie-baby.hello-charles.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:46 GMT
content-encoding
gzip
via
1.1 varnish
x-amz-request-id
H942V0CWD7JH8P5P
age
6676
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
1992
x-amz-id-2
MugJZRiankxCqvsPHQnR9AVZ8uhZw2e/GKo3bHBC7j41qqiABh4WWsT6kWYZ+X+CkJSfeRfkeQo=
x-served-by
cache-fra-eddf8230031-FRA
last-modified
Mon, 11 Dec 2023 21:03:01 GMT
server
AmazonS3
x-timer
S1702336187.936473,VS0,VE0
etag
"5be05ce494e7cac41d062a0b12a1657c"
vary
Accept-Encoding
access-control-allow-methods
GET,PUT,POST,DELETE,OPTIONS
content-type
text/css; charset=utf-8;
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Authorization
x-cache-hits
314
style.css
rookie-baby.hello-charles.com/api/public/stylesheets/ 		3 MB
241 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rookie-baby.hello-charles.com/api/public/stylesheets/style.css
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dacc7944c13d1fa21eaf26b49314810d5f6be866030f443017914f46d1a69cc5
Security Headers
Name Value
Content-Security-Policy default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-a074c23a93b605af528c9bebb63b0ef9' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-a074c23a93b605af528c9bebb63b0ef9' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:47 GMT
content-security-policy
default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-a074c23a93b605af528c9bebb63b0ef9' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-a074c23a93b605af528c9bebb63b0ef9' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
via
1.1 google
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
x-xss-protection
0
x-request-id
20b500c3-07b7-40b8-b7d9-468b012383a0
x-response-time
16.436ms
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 04 Dec 2023 09:49:14 GMT
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"2cb01b-m2lWQlDYRkX4nvJZ2wbaqaMZwK0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=utf-8
x-download-options
noopen
cache-control
max-age=36000, must-revalidate
cf-ray
834165b09c441947-FRA
login.js
rookie-baby.hello-charles.com/api/oauth/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rookie-baby.hello-charles.com/api/oauth/login.js
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
562f25537a9f3ccfceee414e65f529d18677f0817b2c4e0eb529465659c18f5a
Security Headers
Name Value
Content-Security-Policy default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-88a8122b365beb8f0a3ccb94d04b2ea9' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-88a8122b365beb8f0a3ccb94d04b2ea9' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:47 GMT
content-security-policy
default-src 'self';frame-src 'self';script-src 'self' cdn.hello-charles.com cdn.jsdelivr.net cdnjs.cloudflare.com 'nonce-88a8122b365beb8f0a3ccb94d04b2ea9' 'unsafe-inline' 'strict-dynamic';object-src 'none';img-src 'self' data: charles-cdn.storage.googleapis.com cdn.hello-charles.com;script-src-attr 'none';script-src-elem 'self' 'nonce-88a8122b365beb8f0a3ccb94d04b2ea9' 'unsafe-inline' 'strict-dynamic';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self';font-src 'self' https: data:;base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=0; includeSubDomains; preload
via
1.1 google
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
server-timing
total; dur=4.352265; desc="Total Response Time"
x-xss-protection
0
x-request-id
686f4c56-f733-4cd0-b902-1cdacd187871
x-response-time
8.702ms
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
cross-origin-opener-policy
same-origin-allow-popups
etag
W/"4a9-h34ht4Kai7vJaOPchlvgL8vIIzY"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
content-language
de-DE
x-download-options
noopen
access-control-expose-headers
Content-Type,Content-Language,Authorization,Accept,Accept-Language,Origin,X-Resource-Count,X-Charles-Cache,X-Requested-With,X-HTTP-Method-Override,Server-Timing
access-control-allow-credentials
true
x-ratelimit-reset
1702336756
x-ratelimit-limit
10000
cf-ray
834165b09c451947-FRA
x-ratelimit-remaining
9999
logo_text.svg
cdn.hello-charles.com/charles-agent-ui/statics/logo/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.hello-charles.com/charles-agent-ui/statics/logo/logo_text.svg
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
247c637963da1a490b39fde9308c2f0c3976b1482cc740e0e7b025411b7702eb
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:47 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
content-encoding
gzip
x-guploader-uploadid
ABPtcPpzQPnblQhhpxGUt9Ir2shG7CMwOd6OtgcuG5gQxZY4pXfTkmKjPV_Hwk1p0mFQtUDL5c8FKs1wxMweEb-eEjCfbA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
last-modified
Fri, 12 Mar 2021 10:30:09 GMT
server
cloudflare
etag
W/"e63f010afde448ac2da8c6915b31764f"
vary
Accept-Encoding
x-goog-hash
crc32c=mTvQCQ==, md5=5j8BCv3kSKwtqMaRWzF2Tw==
x-goog-generation
1615545009109758
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
2781
cf-ray
834165b0ac4c1947-FRA
expires
Tue, 12 Dec 2023 00:09:47 GMT
typie-black-outline.png
cdn.hello-charles.com/assets/icons/integrations/charles/charles-identity/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.hello-charles.com/assets/icons/integrations/charles/charles-identity/typie-black-outline.png
Requested by
Host: rookie-baby.hello-charles.com
URL: https://rookie-baby.hello-charles.com/api/auth?redirect_path=%2Fconversations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3051a54e14015e206c5a2550730917a918554e5476bd07a72db59d07eccc2dab
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rookie-baby.hello-charles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:09:47 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
x-guploader-uploadid
ABPtcPrwn_V1qG_bDUmApWbEbyFjRXrcezQScO3LEwysSDcV8qGS8eJeWcGK5nITJ1PrlS4oU2nCVL7uWA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-length
21238
last-modified
Wed, 03 May 2023 12:39:32 GMT
server
cloudflare
etag
"02e3d0a0d4fb49037b77e0d77f383e90"
vary
Accept-Encoding
x-goog-generation
1683117572319877
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=s5efFA==, md5=AuPQoNT7SQN7d+DXfzg+kA==
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
21238
accept-ranges
bytes
cf-ray
834165b0ac4d1947-FRA
expires
Tue, 12 Dec 2023 00:09:47 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn.heapanalytics.com
URL
https://cdn.heapanalytics.com/js/heap-3355954813.js

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture undefined| authCode undefined| refreshToken undefined| accessToken function| initAuth function| signInCallback function| post

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://rookie-baby.hello-charles.com/api/v0/me
Message:
Failed to load resource: the server responded with a status of 401 ()
network warning URL: https://fast.appcues.com/generic/main/4.60.54/appcues.main.d0231f3d493abd624afa4a834d21141fbe717bea.js
Message:
WebSocket connection to 'wss://api.appcues.net/v1/socket/websocket?vsn=2.0.0' failed: WebSocket is closed before the connection is established.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';connect-src 'self' wss://rookie-baby.hello-charles.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com api.hello-charles.com staging-3.hello-charles.com staging-4.hello-charles.com api.charlesuniversesdev.com api.charlesuniversestest.com sentry.io o355257.ingest.sentry.io cdn.hello-charles.com charles-cdn.storage.googleapis.com api.giphy.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com maps.gstatic.com proxy-cdn.chls.to https://heapanalytics.com uni-3e99479a-184a-434e-b7b0-66ad43949105.storage.googleapis.com;script-src 'self' cdn.hello-charles.com https://cdn.heapanalytics.com https://heapanalytics.com 'nonce-523630b34bab338f415a6ec5a65e2d52' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://*.appcues.com https://*.appcues.net;object-src 'none';img-src 'self' https://heapanalytics.com data: https: https://*.appcues.com https://*.appcues.net res.cloudinary.com twemoji.maxcdn.com;media-src 'self' https:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' fonts.googleapis.com https://heapanalytics.com https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com;frame-ancestors 'self';frame-src 'self' https://*.hello-charles.com *.marketplace.hello-charles.com https://charles-flows.com https://*.charles-flows.com https://charlesidentity.com https://*.charlesidentity.com https://*.appcues.com;font-src 'self' https: data: fonts.gstatic.com charles-cdn.storage.googleapis.com https://heapanalytics.com https://fonts.gstatic.com 'nonce-523630b34bab338f415a6ec5a65e2d52' 'unsafe-inline';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests;form-action 'self'
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0