urlscan.io logo urlscan.io
SecurityTrails logo

app.giftbit.com Open in urlscan Pro
2606:4700:10::6816:35eb  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://gft.link/2yhGrRvGXUQ
Effective URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Submission: On January 29 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2606:4700:10::6816:35eb, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.giftbit.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 26th 2023. Valid for: a year.
This is the only time app.giftbit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 54.231.197.157 16509 (AMAZON-02)
2 12 2606:4700:10:... 13335 (CLOUDFLAR...)
2 13.249.9.42 16509 (AMAZON-02)
1 2600:1f18:24e... 14618 (AMAZON-AES)
13 3
Apex Domain
Subdomains		 Transfer
14 giftbit.com
app.giftbit.com
emailimages.giftbit.com
528 KB
1 browser-intake-datadoghq.com
csp-report.browser-intake-datadoghq.com — Cisco Umbrella Rank: 13890
1 gft.link
gft.link
284 B
13 3
Domain Requested by
12 app.giftbit.com 2 redirects app.giftbit.com
2 emailimages.giftbit.com app.giftbit.com
1 csp-report.browser-intake-datadoghq.com app.giftbit.com
1 gft.link 1 redirects
13 4

This site contains links to these domains. Also see Links.

Domain
www.giftbit.com
info.giftbit.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-26 -
2024-04-25		 a year crt.sh
giftbit.com
Amazon RSA 2048 M01		 2023-05-29 -
2024-06-25		 a year crt.sh
*.browser-intake-datadoghq.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-17 -
2024-06-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Frame ID: 755C02E5039FBEC51BA79250CAA43008
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Your Gift Details

Page URL History Show full URLs

  1. http://gft.link/2yhGrRvGXUQ HTTP 301
    https://app.giftbit.com/sl/2yhGrRvGXUQ HTTP 302
    https://app.giftbit.com/viewGift?id=20d4ee8532fe47699947cff2c56a9c3c HTTP 302
    https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div [^>]*class="[^"]*(?:small|medium|large)-\d{1,2} columns
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

3
IPs

1
Countries

523 kB
Transfer

1705 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://gft.link/2yhGrRvGXUQ HTTP 301
    https://app.giftbit.com/sl/2yhGrRvGXUQ HTTP 302
    https://app.giftbit.com/viewGift?id=20d4ee8532fe47699947cff2c56a9c3c HTTP 302
    https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 20d4ee8532fe47699947cff2c56a9c3c
app.giftbit.com/claimGift/index/
Redirect Chain
  • http://gft.link/2yhGrRvGXUQ
  • https://app.giftbit.com/sl/2yhGrRvGXUQ
  • https://app.giftbit.com/viewGift?id=20d4ee8532fe47699947cff2c56a9c3c
  • https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
8 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eea600ea7e3708d8391e6d2fa238c59c505b34b0c942fc0d62d5158f82b5dcb7
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-MzM3OTk4NDc4LDM0NjQzNTQwMDI=' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
84d1a5032dee1905-FRA
content-encoding
gzip
content-language
de-DE
content-security-policy
script-src 'self' 'nonce-MzM3OTk4NDc4LDM0NjQzNTQwMDI=' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
content-type
text/html;charset=UTF-8
date
Mon, 29 Jan 2024 12:58:05 GMT
expect-ct
max-age=86400, enforce
p3p
CP="Giftbit"
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-id
scxq64kaSSW0mePUdGLPeFwGTy8CXQ4scgOIHMnox3fD0fjkttkwjw==
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
84d1a4fef94c1905-FRA
content-security-policy
script-src 'self' 'nonce-MTMzMjA2NTA2OCwyNzExOTYyMjQz' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
date
Mon, 29 Jan 2024 12:58:04 GMT
expect-ct
max-age=86400, enforce
location
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
p3p
CP="Giftbit"
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
via
1.1 1ee1abe42f3acbda66e5d1252319566a.cloudfront.net (CloudFront)
x-amz-cf-id
ySWuXGJyTmUn2Kai8MiymTIL6HUkOP0h5FC7FcxmZg2C2ngSmqPCrQ==
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
jQueryModule-b99d1953fd9ec669955569f42f3a21c2.js
app.giftbit.com/assets/ 		88 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/jQueryModule-b99d1953fd9ec669955569f42f3a21c2.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e010e138a5e826dc84a4a875d0d1268654f99c2afe8729acfc0fd662bf84fa97
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-MTgyOTY2OCw4MzAyNTE0NDg=' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:05 GMT
content-encoding
gzip
via
1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce-MTgyOTY2OCw4MzAyNTE0NDg=' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
age
39779
x-amz-cf-pop
FRA56-C2
x-permitted-cross-domain-policies
none
x-cache
Miss from cloudfront
content-length
31188
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 24 Jan 2024 14:56:02 GMT
server
cloudflare
etag
"jQueryModule-b99d1953fd9ec669955569f42f3a21c2.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
84d1a506b9ae1905-FRA
x-amz-cf-id
cm5Gy1pxQuzztQm3UDSpEfC6x96U4guBeOmTfn9wLAApQyyV7IG3HQ==
coreReactModule-50110219a93310598d4c347b86769089.css
app.giftbit.com/assets/ 		69 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/coreReactModule-50110219a93310598d4c347b86769089.css
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b516e87c99319f1acc5a3c828db7e6714151da17bb26a469b34a98c56accc2bb
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-MjQ2MjY2ODEwMywxMDQ2MjE3NDAx' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:05 GMT
content-encoding
gzip
via
1.1 22b9ddafebf39d72780d68dad970d218.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce-MjQ2MjY2ODEwMywxMDQ2MjE3NDAx' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
age
39779
x-amz-cf-pop
FRA56-C2
x-permitted-cross-domain-policies
none
x-cache
Miss from cloudfront
content-length
13437
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 24 Jan 2024 14:56:04 GMT
server
cloudflare
etag
"coreReactModule-50110219a93310598d4c347b86769089.css"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
84d1a506b9a51905-FRA
x-amz-cf-id
o4yDEsDqxH6wadzG7nf3sKpNZVT3QlRZHsE1U5L4TuTobIiMyewChQ==
coreJSModule-fbd4322a03ab3d4f89536c94abb87969.js
app.giftbit.com/assets/ 		1 MB
443 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/coreJSModule-fbd4322a03ab3d4f89536c94abb87969.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abe26fa46d3e67d929d77441c9bf8ca7946f6fed3adc9cfcce99c01cef785284
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-MjEyODYyNDQsMTk1Njg2NzAyOQ==' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:05 GMT
content-encoding
gzip
via
1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce-MjEyODYyNDQsMTk1Njg2NzAyOQ==' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
age
39779
x-amz-cf-pop
FRA56-C2
x-permitted-cross-domain-policies
none
x-cache
Miss from cloudfront
content-length
451317
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 24 Jan 2024 14:56:02 GMT
server
cloudflare
etag
"coreJSModule-fbd4322a03ab3d4f89536c94abb87969.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
84d1a506b9af1905-FRA
x-amz-cf-id
GOMXfjM6wGoCRa0_Qmetf3rZgBA1KR9gb7-cdwScFERr00ewaMyVRA==
giftClaimLayoutModule-709813a0ed3a85e49edd1cb44ee8b366.css
app.giftbit.com/assets/ 		29 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/giftClaimLayoutModule-709813a0ed3a85e49edd1cb44ee8b366.css
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
150b580ed05f1ac04cfc1e26fbb5d86efb1847010191c9aa20c5c0b9cea7341e
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-MTk4MjgyODIwNCw0MjEzNzkyOTAy' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:05 GMT
content-encoding
gzip
via
1.1 0363fab377de19b9b4f85394469f6fca.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce-MTk4MjgyODIwNCw0MjEzNzkyOTAy' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
age
39779
x-amz-cf-pop
FRA56-C2
x-permitted-cross-domain-policies
none
x-cache
Miss from cloudfront
content-length
4351
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 24 Jan 2024 14:56:04 GMT
server
cloudflare
etag
"giftClaimLayoutModule-709813a0ed3a85e49edd1cb44ee8b366.css"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
84d1a506b9aa1905-FRA
x-amz-cf-id
e94pjcMSUr87HSoP-jwBIfj6OnuSaL3YTsaBGNxdgjMYlW-jinyZrw==
giftLayoutModule-4dc0e7648aeccefb11282f2f1b076ed5.js
app.giftbit.com/assets/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/giftLayoutModule-4dc0e7648aeccefb11282f2f1b076ed5.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39063632d79b93a575a074bf1f45e3f5429e2f03d3c9cda234fc4421f9bfc9ad
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-MjEwOTkyNzUwLDE5OTE1ODkwMzU=' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:05 GMT
content-encoding
gzip
via
1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce-MjEwOTkyNzUwLDE5OTE1ODkwMzU=' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
age
39779
x-amz-cf-pop
FRA56-C2
x-permitted-cross-domain-policies
none
x-cache
Miss from cloudfront
content-length
2661
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 24 Jan 2024 14:56:00 GMT
server
cloudflare
etag
"giftLayoutModule-4dc0e7648aeccefb11282f2f1b076ed5.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
84d1a506b9b01905-FRA
x-amz-cf-id
krJah2vEYopsM7Q49KhEFqGNuD9Q8bhOHjRK3Mo7H2wkjPjt_VgcdQ==
creditCardModule-e559e0c4b54aa3231ccd6974ca523513.css
app.giftbit.com/assets/ 		12 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/creditCardModule-e559e0c4b54aa3231ccd6974ca523513.css
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a763376d452d9f874793a87693c77e9183ecf2b29f2c68e77d5c03755e5aec1
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-NzE3NDQzOTc5LDQ4MjQwNjM2NA==' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:05 GMT
content-encoding
gzip
via
1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce-NzE3NDQzOTc5LDQ4MjQwNjM2NA==' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-amz-cf-pop
FRA56-C2
x-permitted-cross-domain-policies
none
x-cache
Miss from cloudfront
content-length
2222
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 24 Jan 2024 14:56:02 GMT
server
cloudflare
etag
"creditCardModule-e559e0c4b54aa3231ccd6974ca523513.css"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
84d1a506b9ab1905-FRA
x-amz-cf-id
h6rgIw1t5CO0X57JWIryUF4-LM_mJTsiRuvczedlLWRAKk3bfjgdHA==
creditCardModule-ff84c2dd0beb4b3297804683064a428d.js
app.giftbit.com/assets/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/creditCardModule-ff84c2dd0beb4b3297804683064a428d.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b82c4ba8ff30b0d53b3de9207a9e668760405beb88273063ee32b91d043befa4
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-MzQ2MDE1NzE0NCwzMTg5Mzg2NjA5' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:05 GMT
content-encoding
gzip
via
1.1 039ee779486557ccf22d128d6266e00e.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce-MzQ2MDE1NzE0NCwzMTg5Mzg2NjA5' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-amz-cf-pop
AMS58-P5
x-permitted-cross-domain-policies
none
x-cache
Miss from cloudfront
content-length
1400
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 24 Jan 2024 14:56:02 GMT
server
cloudflare
etag
"creditCardModule-ff84c2dd0beb4b3297804683064a428d.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
84d1a506b9b11905-FRA
x-amz-cf-id
fsKRA2s2ol1VUdFis0tG07SS3XBgyCQtxgcuu9C1b5IPu6DWaclb7Q==
errormessage-03cb24af2190516016d8d2b96a9616ae.js
app.giftbit.com/assets/js/modules/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/assets/js/modules/errormessage-03cb24af2190516016d8d2b96a9616ae.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2194e873e756ae055c72d504454629b6ccac2f9216c29519c6bd22ab99aa110e
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'nonce-Mjg3NzEzNjI5NywyMDQyOTg4MTg0' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:05 GMT
content-encoding
gzip
via
1.1 8bb90d44758ce70476efdf577c8bd268.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'nonce-Mjg3NzEzNjI5NywyMDQyOTg4MTg0' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
x-amz-cf-pop
AMS58-P5
x-permitted-cross-domain-policies
none
x-cache
Miss from cloudfront
content-length
1302
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 24 Jan 2024 14:56:00 GMT
server
cloudflare
etag
"js/modules/errormessage-03cb24af2190516016d8d2b96a9616ae.js"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
permissions-policy
accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges
bytes
cf-ray
84d1a506b9b21905-FRA
x-amz-cf-id
jyRkuMQ1EiX1mS3jLtHpSGNoEx1A-1ZswGpRMa4jl-GVWCuyKUOfzg==
visa-logo.png
emailimages.giftbit.com/general/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://emailimages.giftbit.com/general/visa-logo.png
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-42.cdg53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
984071da5ea4a4b632fd8b4148d9dc47fca23b94e62968d6916b8f91b6045c5b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:06 GMT
via
1.1 a64d90720955c3d3de37aa0526d1a7a4.cloudfront.net (CloudFront)
last-modified
Fri, 21 Oct 2016 21:23:39 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
etag
"8d9d533b3c906a13f30d95014f345eca"
x-cache
Miss from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
3416
x-amz-cf-id
hbeDOojsWys6GdQa2XZqgoJYtgOSQXdR5mgSHiLOVFw6FC1NrV2jkg==
giftbit-logo-gift-footer.png
emailimages.giftbit.com/logos/ 		969 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://emailimages.giftbit.com/logos/giftbit-logo-gift-footer.png
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-42.cdg53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
715d5b3a32f9b7811774841b50d6f8c96502599e7d61bc0a48cf3ceab933bf0e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:31:56 GMT
via
1.1 a64d90720955c3d3de37aa0526d1a7a4.cloudfront.net (CloudFront)
last-modified
Fri, 03 Mar 2023 21:28:56 GMT
server
AmazonS3
x-amz-cf-pop
CDG53-C1
age
1570
x-amz-server-side-encryption
AES256
etag
"b3cb2f6718323c370c8ac0f6601a0561"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
969
x-amz-cf-id
41uV2ZsIQ2NgxV2kJn-7oALiR1XiSnxSdX7NZLVPCPaCUM-KMyteCA==
email-decode.min.js
app.giftbit.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
824 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.giftbit.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:35eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 29 Jan 2024 12:58:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 26 Jan 2024 10:32:07 GMT
server
cloudflare
etag
W/"65b38a27-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
84d1a507cace1905-FRA
expires
Wed, 31 Jan 2024 12:58:05 GMT
logs
csp-report.browser-intake-datadoghq.com/api/v2/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Requested by
Host: app.giftbit.com
URL: https://app.giftbit.com/claimGift/index/20d4ee8532fe47699947cff2c56a9c3c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b901:4fde:ae29:9087:aec7 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://app.giftbit.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/csp-report

Response headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| process function| $ function| jQuery object| webpackChunkgiftbitReact object| SENTRY_RELEASE object| SENTRY_RELEASES object| KIIND

4 Cookies

Domain/Path Name / Value
app.giftbit.com/ Name: JSESSIONID
Value: 73434A1E790FBDA400326571CA372C3E
app.giftbit.com/ Name: AWSELB
Value: 39A71593100010396AA895D447D743B029389175DC01A85A8679DA0D461607ACD91140969DFEF9E90499A0BD3C2B104BBD9692BD8EB12B438B622A8C9836738C3C76F99595
app.giftbit.com/ Name: AWSELBCORS
Value: 39A71593100010396AA895D447D743B029389175DC01A85A8679DA0D461607ACD91140969DFEF9E90499A0BD3C2B104BBD9692BD8EB12B438B622A8C9836738C3C76F99595
.giftbit.com/ Name: recipient
Value: true

10 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'unoptimized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'unsized-media'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'nonce-MzM3OTk4NDc4LDM0NjQzNTQwMDI=' *.giftbit.com t.co analytics.twitter.com static.ads-twitter.com edge.fullstory.com rs.fullstory.com fullstory.com widget.intercom.io api.intercom.io app.intercom.io js.intercomcdn.com js.hsforms.net app.hubspot.com forms.hsforms.com *.hscollectedforms.net js.hubspot.com js.hubspotfeedback.com js.hsleadflows.net js.hs-banner.com js.hs-analytics.net js.hsadspixel.net *.hs-scripts.com consent.cookiebot.com consentcdn.cookiebot.com cdnjs.cloudflare.com code.jquery.com cdn.zapier.com js.stripe.com ws.zoominfo.com snap.licdn.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.doubleclick.net *.googletagmanager.com www.gstatic.com www.google.com www.googleadservices.com *.google-analytics.com tagmanager.google.com apis.google.com tpc.googlesyndication.com tracking.g2crowd.com tags.clickagy.com hemsync.clickagy.com *.ingest.sentry.io *.sentry.io sentry.io *.sentry-cdn.com *.maxmind.com maxmind.com cloudflare.hcaptcha.com challenges.cloudflare.com bat.bing.com www.clarity.ms *.clearbitscripts.com *.clearbitjs.com; frame-src 'self' *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.stripe.com www.googletagmanager.com www.facebook.com www.google.com *.doubleclick.net tpc.googlesyndication.com www.intercom-reporting.com intercom-sheets.com consentcdn.cookiebot.com hemsync.clickagy.com challenges.cloudflare.com www.youtube.com m.youtube.com player.vimeo.com auth.giftbit.com preprodauth.giftbit.com; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net www.googletagmanager.com intercom-sheets.com www.intercom-reporting.com www.youtube.com m.youtube.com player.vimeo.com fast.wistia.net; object-src 'none'; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubffffe4c735d1c7e7466b11ba7a7aeb08&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff