app.navan.com Open in urlscan Pro
2606:4700:4400::ac40:94ce Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://collector.tripactions.com/r/tp2?p=web&e=se&se_ca=df945e9c-56e2-45c7-a5b6-6d7cffa6f961&se_ac=link&uid=618ff810-c41a-4ce5-98...
Effective URL:
https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Submission: On December 04 via api (December 4th 2023, 9:24:35 am UTC) from US — Scanned from DE

Summary HTTP 71 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 12 domains to perform 71 HTTP transactions. The main IP is 2606:4700:4400::ac40:94ce, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.navan.com. The Cisco Umbrella rank of the primary domain is 79009.
TLS certificate: Issued by GTS CA 1P5 on October 21st 2023. Valid for: 3 months.

This is the only time app.navan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700::68... 2606:4700::6812:9178	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	2606:4700:440... 2606:4700:4400::ac40:94ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	151.101.0.176 151.101.0.176	54113 (FASTLY) (FASTLY)
6	2a04:4e42:600... 2a04:4e42:600::622	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
6	54.187.159.182 54.187.159.182	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:205... 2600:9000:2057:b600:19:7d10:bd80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.215.46.190 34.215.46.190	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c0c::54	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
2	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
3	2600:9000:243... 2600:9000:243d:e00:3:d543:c240:21	() ()
2	2600:9000:223... 2600:9000:223c:4200:19:3b4b:48c0:21	() ()
2	162.247.243.29 162.247.243.29	() ()
71	16

1 2606:4700::6812:9178 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

collector.tripactions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:4400::ac40:94ce (United States)

ASN13335 (CLOUDFLARENET, US)

app.navan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.0.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a04:4e42:600::622 (United States)

ASN54113 (FASTLY, US)

fast.appcues.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2057:b600:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.215.46.190 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-215-46-190.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0c::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:243d:e00:3:d543:c240:21 (None, )

ASN- ()

d35qahma2tlngp.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:4200:19:3b4b:48c0:21 (None, )

ASN- ()

d2w7f1pl8j4yzn.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.29 (None, )

ASN- ()

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	navan.com app.navan.com — Cisco Umbrella Rank: 79009 dev-amp-proxy.navan.com Failed	6 MB
14	stripe.com js.stripe.com — Cisco Umbrella Rank: 1282 q.stripe.com — Cisco Umbrella Rank: 7730 m.stripe.com — Cisco Umbrella Rank: 1245	318 KB
6	appcues.com fast.appcues.com — Cisco Umbrella Rank: 4861	268 KB
5	cloudfront.net d35qahma2tlngp.cloudfront.net d2w7f1pl8j4yzn.cloudfront.net	117 KB
5	google.com apis.google.com — Cisco Umbrella Rank: 116 accounts.google.com — Cisco Umbrella Rank: 23	50 KB
4	stripe.network m.stripe.network — Cisco Umbrella Rank: 1361	36 KB
2	nr-data.net bam.nr-data.net	741 B
2	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 590	48 KB
2	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 357	66 KB
1	gstatic.com www.gstatic.com	37 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	1 KB
1	tripactions.com 1 redirects collector.tripactions.com — Cisco Umbrella Rank: 89811	579 B
71	12

	Domain	Requested by
26	app.navan.com	app.navan.com js-agent.newrelic.com
6	q.stripe.com	app.navan.com
6	fast.appcues.com	app.navan.com fast.appcues.com js-agent.newrelic.com
6	js.stripe.com	app.navan.com js.stripe.com js-agent.newrelic.com
4	m.stripe.network	js.stripe.com m.stripe.network
3	d35qahma2tlngp.cloudfront.net	app.navan.com
3	accounts.google.com	apis.google.com app.navan.com www.gstatic.com
2	bam.nr-data.net	js-agent.newrelic.com
2	d2w7f1pl8j4yzn.cloudfront.net	app.navan.com
2	js-agent.newrelic.com	app.navan.com js-agent.newrelic.com
2	apis.google.com	app.navan.com apis.google.com
2	m.stripe.com	m.stripe.network
2	maps.googleapis.com	app.navan.com maps.googleapis.com
1	www.gstatic.com	accounts.google.com
1	cdnjs.cloudflare.com	app.navan.com
1	collector.tripactions.com	1 redirects
0	dev-amp-proxy.navan.com Failed	js-agent.newrelic.com
71	17

This site contains links to these domains. Also see Links.

Domain
navan.com

Subject Issuer	Validity	Valid
navan.com GTS CA 1P5	`2023-10-21` - `2024-01-19`	3 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2023-10-30` - `2024-01-25`	3 months	crt.sh
fast.appcues.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-05` - `2024-09-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-10-09` - `2024-01-18`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-05` - `2024-01-18`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Frame ID: 5C19986D20A9E840A0F6DD51494401A7
Requests: 50 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Frame ID: 01F9206FC6F13E4505EFECD309B7EC7F
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: A53F43D08A418A21BB84420C8F024709
Requests: 4 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 76762B00DAB9DD1663420622FFD26879
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Frame ID: BDB1CA1042EB8A07455EFD87F8A394AD
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 819C0A23B953929DD1F57C46F9235023
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Navan

Page URL History Show full URLs

https://collector.tripactions.com/r/tp2?p=web&e=se&se_ca=df945e9c-56e2-45c7-a5b6-6d7cffa6f961&se_ac=link&uid=6... HTTP 302
https://app.navan.com/app/user/profile?tab=traveler Page URL
https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZ... Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Page Statistics

71
Requests

96 %
HTTPS

69 %
IPv6

12
Domains

17
Subdomains

16
IPs

3
Countries

6752 kB
Transfer

25470 kB
Size

8
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://navan.com/privacy
Title: Navan Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://collector.tripactions.com/r/tp2?p=web&e=se&se_ca=df945e9c-56e2-45c7-a5b6-6d7cffa6f961&se_ac=link&uid=618ff810-c41a-4ce5-9848-94667aa93bdc&aid=email&tna=PassportExpiringEmail&u=https://app.navan.com/app/user/profile?tab=traveler&utm_source=PassportExpiringEmail&utm_medium=email HTTP 302
https://app.navan.com/app/user/profile?tab=traveler Page URL
https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://collector.tripactions.com/r/tp2?p=web&e=se&se_ca=df945e9c-56e2-45c7-a5b6-6d7cffa6f961&se_ac=link&uid=618ff810-c41a-4ce5-9848-94667aa93bdc&aid=email&tna=PassportExpiringEmail&u=https://app.navan.com/app/user/profile?tab=traveler&utm_source=PassportExpiringEmail&utm_medium=email HTTP 302
https://app.navan.com/app/user/profile?tab=traveler

71 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

profile Show response
app.navan.com/app/user/
Redirect Chain

https://collector.tripactions.com/r/tp2?p=web&e=se&se_ca=df945e9c-56e2-45c7-a5b6-6d7cffa6f961&se_ac=link&uid=618ff810-c41a-4ce5-9848-94667aa93bdc&aid=email&tna=PassportExpiringEmail&u=https://app.n...
https://app.navan.com/app/user/profile?tab=traveler

3 KB
2 KB

289ms
258ms

Document
text/html

2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e032fcbcc0e1f657ffcc944d857911d419f8e0f141e884bd08357b504ee0346f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8302ff16fe51bbc7-FRA
content-encoding: br
content-language: de-DE
content-type: text/html;charset=UTF-8
date: Mon, 04 Dec 2023 09:24:27 GMT
server: cloudflare
ta-commit-id: e804b86
ta-request-uuid: c7fb6487-f250-4b34-b98b-5ec1a84e21f7
vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8302ff157bab0414-FRA
content-length: 0
date: Mon, 04 Dec 2023 09:24:27 GMT
location: https://app.navan.com/app/user/profile?tab=traveler
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
server: cloudflare

GET
H2 200 styles.css
app.navan.com/wro/ 945 KB
140 KB 892ms
890ms Stylesheet
text/css 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/wro/styles.css?v=e804b86
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f8be722c29070e9f32fe7465584d327e66138f06c1bf36a166df5bb1ead1328

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:28 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:56:51 GMT
server: cloudflare
etag: W/"b2073bc9f1bdcfcda8a078de44949c6a14e04b46"
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
cache-control: public, max-age=315360000
cf-ray: 8302ff1898c9bbc7-FRA
ta-request-uuid: 82fbac34-d328-4024-8aff-3fdd5ef2dde9
expires: Sat, 30 Nov 2024 22:56:51 GMT

GET
H2 200 bowser.min.js Show response
app.navan.com/bower_components/bowser/ 7 KB
3 KB 786ms
784ms Script
text/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/bower_components/bowser/bowser.min.js
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0df36faa8c0da70e17455582d9546a49749d3b4053b285f85f706d90be77e3ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:28 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:40:00 GMT
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: text/javascript
cf-ray: 8302ff1898cabbc7-FRA
ta-request-uuid: 27db7ca9-e9a5-412e-9ada-dee440cb53d8

GET
H2 200 header-vendor.js Show response
app.navan.com/wro/ 0
122 B 790ms
788ms Script
text/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/wro/header-vendor.js?v=e804b86
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:28 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:56:51 GMT
server: cloudflare
etag: W/"da39a3ee5e6b4b0d3255bfef95601890afd80709"
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: public, max-age=315360000
cf-ray: 8302ff1898ccbbc7-FRA
ta-request-uuid: 05c02e1e-7c17-4731-9b9c-a11f210e3037
expires: Sat, 30 Nov 2024 22:56:51 GMT

GET
H2 200 / Show response
js.stripe.com/v3/ 560 KB
155 KB 115ms
13ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

eb5036bad8662eb3aeca1984456f9d3bbc3ad934ef96c6e46f64a86fbae1d5af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 09:24:27 GMT
via: 1.1 varnish
age: 37
x-cache: HIT
content-length: 158203
x-request-id: 88159cc0-0679-467b-ac0f-7f4024be8ea8
x-served-by: cache-fra-eddf8230044-FRA
last-modified: Fri, 01 Dec 2023 21:48:23 GMT
server: Fastly
etag: "cd52d1197822ef515efcd0a52a691074"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 25

GET
H2 200 58995.js Show response
fast.appcues.com/ 22 KB
5 KB 40ms
15ms Script
text/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.appcues.com/58995.js
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 0421273210f95466116756f716807b23c7d561d05f8c5bac8de3d921886be0e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:27 GMT
content-encoding: gzip
via: 1.1 varnish
age: 51
x-cache: HIT
content-length: 5182
x-request-id: F52WmLuEvw-rzojpOdOh
x-served-by: cache-fra-eddf8230131-FRA
server: Cowboy
x-timer: S1701681868.643139,VS0,VE1
vary: accept-encoding, Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=120,public
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With,Authorization
x-cache-hits: 1

GET
H2 200 vendor.js Show response
app.navan.com/wro/ 2 MB
507 KB 305ms
304ms Script
text/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/wro/vendor.js?v=e804b86
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a0820d7d0114cb802446697011f0363a9485f006a200b4aa033d95c2d56a77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:56:51 GMT
server: cloudflare
etag: W/"a7ceada8fdaf9e97ef10bbe42c26d1bf2ed4341a"
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: public, max-age=315360000
cf-ray: 8302ff1898cdbbc7-FRA
ta-request-uuid: 96eae54c-7264-4845-b0da-3b190fff927a
expires: Sat, 30 Nov 2024 22:56:51 GMT

GET
H2 200 templateCache.js Show response
app.navan.com/assets/common/ 687 KB
140 KB 304ms
303ms Script
text/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/assets/common/templateCache.js?v=e804b86
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2c1223867bf3edef761f9e9da920acec90a1008f368cb07d8ced8bd9fda704b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:37:48 GMT
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: text/javascript
cf-ray: 8302ff1898cebbc7-FRA
ta-request-uuid: d45c9684-279b-43b8-9da1-e7d64ae430ec

GET
H2 200 templateCache.js Show response
app.navan.com/assets/user/ 2 MB
415 KB 727ms
726ms Script
text/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/assets/user/templateCache.js?v=e804b86
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 862c6f0e8c648e31824e648460554450b30f94f0aa02eb6b01b6fee42b9fa2b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:28 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:37:48 GMT
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: text/javascript
cf-ray: 8302ff1898cfbbc7-FRA
ta-request-uuid: 97751d0d-6b5f-4f34-8300-077e883c5705

GET
H2 200 svgCache.js Show response
app.navan.com/assets/user/ 5 MB
2 MB 246ms
245ms Script
text/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/assets/user/svgCache.js?v=e804b86
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9c7e4003d0e2102bd991793016a04c0791978b6adff2bbcf40d8dd001e1a623

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:37:48 GMT
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: text/javascript
cf-ray: 8302ff1898d0bbc7-FRA
ta-request-uuid: 2abcabe6-9cf5-4081-b4ef-7da30f950175

GET
H2 200 user.js Show response
app.navan.com/wro/ 3 MB
680 KB 229ms
229ms Script
text/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/wro/user.js?v=e804b86
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e5df6626a7b934e467ddd5fbb6bb613e5820d95701128a0244a884d255f9dd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:27 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:56:51 GMT
server: cloudflare
etag: W/"dbddb93b2b17bc536275713b675e47c04298fb00"
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
cache-control: public, max-age=315360000
cf-ray: 8302ff1898d1bbc7-FRA
ta-request-uuid: 88eab5fe-b7c2-4817-9e92-7526cc97800b
expires: Sat, 30 Nov 2024 22:56:51 GMT

GET
H2 200 appcues.main.6419acf5aaf9241c9d5ea40d0059c214ae900e82.js Show response
fast.appcues.com/generic/main/4.60.47/ 447 KB
127 KB 42ms
14ms Script
application/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.appcues.com/generic/main/4.60.47/appcues.main.6419acf5aaf9241c9d5ea40d0059c214ae900e82.js
Requested by: Host: fast.appcues.com
URL: https://fast.appcues.com/58995.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0552a7557e5e284a66ce6125d74adaefb93e1b24594d160b1b09742c740fbe7c

Request headers

Referer: https://app.navan.com/
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:28 GMT
content-encoding: gzip
via: 1.1 varnish
x-amz-request-id: CBRHFC1A53034AG0
age: 300054
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 129022
x-amz-id-2: c7cGhD+0sCL7qWNIG/y3qwMhwZ4pVBy42JMW01dCLi7f1ftjoMFWbWJpIFms+aEhGi1XjhfujC4=
x-served-by: cache-fra-eddf8230101-FRA
last-modified: Thu, 30 Nov 2023 21:27:28 GMT
server: AmazonS3
x-timer: S1701681869.900467,VS0,VE0
etag: "94993118ccff89b1c3e4d9675c025e8d"
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With,Authorization
x-cache-hits: 242

GET
H2 200 larsseit-regular-webfont.woff2
app.navan.com/fonts/larsseit/woff/ 21 KB
22 KB 246ms
245ms Font
font/woff2 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/fonts/larsseit/woff/larsseit-regular-webfont.woff2
Requested by: Host: app.navan.com
URL: https://app.navan.com/wro/styles.css?v=e804b86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1741da31bdbe994a0ca036e92916e3e6f31c26bf22e4653776c3763636d5dfbd

Request headers

Referer: https://app.navan.com/wro/styles.css?v=e804b86
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:29 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:40:00 GMT
server: cloudflare
ta-commit-id: e804b86
access-control-max-age: 3600
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH, HEAD
content-type: font/woff2
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8302ff20bb24bbc7-FRA
access-control-allow-headers: x-tripactions-locale, x-requested-with, authorization, Content-Type, X-XSRF-TOKEN, x-ta-region, x-agent-desktop, x-gateway-authorization
content-length: 21712
ta-request-uuid: e84473e7-aebe-4286-8760-2f73af34b838

GET
H2 200 container.6419acf5aaf9241c9d5ea40d0059c214ae900e82.css
fast.appcues.com/generic/main/4.60.47/ 16 KB
2 KB 65ms
65ms Stylesheet
text/css 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.appcues.com/generic/main/4.60.47/container.6419acf5aaf9241c9d5ea40d0059c214ae900e82.css
Requested by: Host: fast.appcues.com
URL: https://fast.appcues.com/generic/main/4.60.47/appcues.main.6419acf5aaf9241c9d5ea40d0059c214ae900e82.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c2f5a697cf483b8a50b286ec9481c2767bcc448ad563047894e7e623de8049eb

Request headers

Referer: https://app.navan.com/
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:29 GMT
content-encoding: gzip
via: 1.1 varnish
x-amz-request-id: GZPW2T2YDT687SS9
age: 300078
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 1992
x-amz-id-2: AqfrhUYKy9Z7SAYi8zdwx0gzEyNg0KsoPd+3+D5oMbTA3ZC846/qZILxUKfpjRxkQGmOyjJAu24=
x-served-by: cache-fra-eddf8230101-FRA
last-modified: Thu, 30 Nov 2023 21:27:28 GMT
server: AmazonS3
x-timer: S1701681869.048549,VS0,VE0
etag: "5be05ce494e7cac41d062a0b12a1657c"
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/css; charset=utf-8;
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With,Authorization
x-cache-hits: 9854

GET
H2 200 angular-locale_en-us.js Show response
cdnjs.cloudflare.com/ajax/libs/angular-i18n/1.5.7/ 3 KB
1 KB 65ms
35ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/angular-i18n/1.5.7/angular-locale_en-us.js

Requested by

Host: app.navan.com
URL: https://app.navan.com/wro/user.js?v=e804b86

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be1a99b11acde26fa93149b45583b86994c7d7e388ffd24b0b4da17eb7d33f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2251953
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 850
last-modified: Mon, 04 May 2020 16:04:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d20-a98"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=11Spz7BFSx9j6vUB%2BZF7ISYyzbbpRyUREpzAzDqVxIRgwqdMG3n%2B%2BPku1bwUuPgc4SxUDnD9zJiMRgsYCO20OPH1Tb9LQh4EU3mJCUC7GMGgFbPSOSh5ClKACJFGRFEr6RadmJvhy%2FKHJF4OW24Qq3YN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8302ff28cbe15d3e-FRA
expires: Sat, 23 Nov 2024 09:24:30 GMT

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 195 KB
66 KB 154ms
84ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?libraries=geometry,places&v=3&key=AIzaSyAQdr0Ipy83wf3QTIDbVCn4r5rt73pbjF8&callback=googleMapsAPILoaded&language=en

Requested by

Host: app.navan.com
URL: https://app.navan.com/wro/user.js?v=e804b86

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

4ac564886d16f582421ecad0a9ec946fbcbff72b8053c4db9aa31a8f3087aeef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67208
x-xss-protection: 0

GET
H2 200 locale-en-US.json Show response
app.navan.com/assets/common/i18n/ 230 KB
90 KB 782ms
782ms XHR
application/json 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/assets/common/i18n/locale-en-US.json?v=e804b86
Requested by: Host: app.navan.com
URL: https://app.navan.com/wro/vendor.js?v=e804b86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78e1e9e986b786cb5e5d1cfb467fab0b39d31586ae12f0d14a7d3ab28f0d6c2a

Request headers

Accept: application/json, text/plain, */*
Referer: https://app.navan.com/app/user/profile?tab=traveler
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:42:24 GMT
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: application/json
cf-ray: 8302ff289d87bbc7-FRA
ta-request-uuid: 963b001f-3da4-42c5-97de-d4d538f34a2e

GET
H2 200 m-outer-27c67c0d52761104439bb051c7856ab1.html Show response
js.stripe.com/v3/ Frame 01F9 200 B
841 B 12ms
12ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.navan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 370896
cache-control: max-age=31536000
content-encoding: br
content-length: 154
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 04 Dec 2023 09:24:30 GMT
etag: "27c67c0d52761104439bb051c7856ab1"
last-modified: Fri, 08 Sep 2023 21:23:50 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 140933
x-content-type-options: nosniff
x-request-id: 20669253-74ed-4c59-85d7-3491b5279df4
x-served-by: cache-fra-eddf8230044-FRA

GET
H2 200 m-outer-6576085ca35ee42f2f484cda6763e4aa.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 01F9 631 B
534 B 14ms
14ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 09:24:30 GMT
via: 1.1 varnish
age: 2948767
x-cache: HIT
content-length: 399
x-request-id: 734c2da6-2b62-455f-b4d8-0d7609ab67a0
x-served-by: cache-fra-eddf8230044-FRA
last-modified: Fri, 08 Sep 2023 21:23:49 GMT
server: Fastly
etag: "70cacf09ae81711ac6dcbc5ee59750c4"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 134671

POST
H2 200 csp-report
q.stripe.com/ Frame 01F9 0
716 B 552ms
184ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 04 Dec 2023 09:24:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1701681870660987
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 0
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1701681870660631
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 01F9 0
715 B 552ms
185ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 04 Dec 2023 09:24:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1701681870661015
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 0
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1701681870660655
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame A53F 930 B
2 KB 40ms
17ms Document
text/html 2600:9000:2057:b600:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:b600:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 65
cache-control: max-age=300, public
content-length: 930
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 04 Dec 2023 09:23:26 GMT
etag: "06bfcd88af438673a8bf9b845a11aa6e"
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-id: BTRqYLHNs5OWPQNOe9XN3Em4DEkfa6o9ZoDIs_cqpt6XgQvTJVIhVw==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 csp-report
q.stripe.com/ Frame A53F 0
491 B 492ms
184ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 04 Dec 2023 09:24:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1701681870661235
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
x-stripe-server-envoy-upstream-service-time-ms: 0
x-stripe-client-envoy-start-time-us: 1701681870660684
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
expires: 0

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame A53F 87 KB
16 KB 16ms
15ms Script
text/javascript 2600:9000:2057:b600:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:b600:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:19:49 GMT
content-encoding: gzip
via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
age: 282
x-content-type-options: nosniff
etag: W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop: FRA6-C1
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
x-amz-cf-id: qT-w1-q0vgeZ6KsaNDXyr9q4Cw_IRRzBl2VdskQurE6WVhUZUfYyuw==

POST
H2 200 6 Show response
m.stripe.com/ Frame A53F 156 B
668 B 807ms
187ms XHR
application/json 34.215.46.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.215.46.190 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-215-46-190.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

8cb6f2adbd57b63f9bade5d6bb89d26d6c6d5c28b4585cd4e750943cfc6778e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: blue
date: Mon, 04 Dec 2023 09:24:31 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1701681871039520
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 3
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1701681871038884
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
355 B 76ms
29ms XHR
application/json 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?libraries=geometry,places&v=3&key=AIzaSyAQdr0Ipy83wf3QTIDbVCn4r5rt73pbjF8&callback=googleMapsAPILoaded&language=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://app.navan.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 richmarker.js Show response
app.navan.com/bower_components/rich-marker/ 20 KB
5 KB 265ms
265ms Script
text/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/bower_components/rich-marker/richmarker.js
Requested by: Host: app.navan.com
URL: https://app.navan.com/wro/user.js?v=e804b86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3694364ccd37e28a655a0a5c2718d91c6a51f4b058b3e02e013d103882ea01b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:40:00 GMT
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: text/javascript
cf-ray: 8302ff29efe7bbc7-FRA
ta-request-uuid: 7c729bd2-edf3-4029-b3b1-861831d90f2c

GET
H2 200 api.js Show response
apis.google.com/js/ 18 KB
8 KB 72ms
29ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js?onload=_startgSignIn

Requested by

Host: app.navan.com
URL: https://app.navan.com/wro/user.js?v=e804b86

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc528f5b51eb3092157bb5a1059dfd3346ed4de0d0ae457243fd3f0819c3b04f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 09:24:31 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7118
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "6d919240eaa2d027"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 04 Dec 2023 09:24:31 GMT

GET
H2 401 company
app.navan.com/api/user/policies/ 288 B
590 B 791ms
790ms XHR
application/json 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.navan.com/api/user/policies/company

Requested by

Host: app.navan.com
URL: https://app.navan.com/wro/vendor.js?v=e804b86

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
X-TIME-ZONE: Europe/Berlin
Referer: https://app.navan.com/app/user/profile?tab=traveler
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 09:24:32 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
ta-commit-id: f8d53fa
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
x-frame-options: DENY
content-type: application/json
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-ray: 8302ff328aefbbc7-FRA
ta-request-uuid: 6e6050a5-fa40-42eb-8c32-862c325b7a1b
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 logo-new.svg
app.navan.com/images/svg/ 3 KB
2 KB 773ms
771ms Image
image/svg+xml 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.navan.com/images/svg/logo-new.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:40:00 GMT
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 8302ff329b01bbc7-FRA
ta-request-uuid: a634974b-c7dc-4c64-8e71-a85c389d26ce

GET download_appstore.png
app.navan.com/images/ 0
0

GET
H2 200 download_play.png
app.navan.com/images/ 62 KB
63 KB 213ms
212ms Image
image/png 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.navan.com/images/download_play.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:31 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:40:00 GMT
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
cf-ray: 8302ff329b06bbc7-FRA
content-length: 63946
ta-request-uuid: f33e9ce6-9d1f-4328-850a-e03b914130be

GET
H2 200 download_super_admin.png
app.navan.com/images/ 46 KB
46 KB 230ms
229ms Image
image/png 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.navan.com/images/download_super_admin.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:31 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 30 Nov 2023 22:40:00 GMT
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
cf-ray: 8302ff329b07bbc7-FRA
content-length: 46924
ta-request-uuid: 7813c5eb-a582-458b-a7fc-7a7cebe96d10

GET
H2 200 %7B%7B$root.BRAND.logo%7D%7D
app.navan.com/app/user/ 3 KB
3 KB 757ms
756ms Image
text/html 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.navan.com/app/user/%7B%7B$root.BRAND.logo%7D%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-language: de-DE
content-type: text/html;charset=UTF-8
cf-ray: 8302ff329b08bbc7-FRA
ta-request-uuid: c396d882-c5e5-49db-8da8-03d50870f50a

GET
H2 200 %7B%7B$root.BRAND.logoPlusTa%7D%7D
app.navan.com/app/user/ 3 KB
3 KB 218ms
218ms Image
text/html 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.navan.com/app/user/%7B%7B$root.BRAND.logoPlusTa%7D%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user/profile?tab=traveler
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
ta-commit-id: e804b86
vary: Accept-Encoding
content-language: de-DE
content-type: text/html;charset=UTF-8
cf-ray: 8302ff329b09bbc7-FRA
ta-request-uuid: ae3aa877-982b-40de-b4d0-af68b321d73f

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.XSQ9KzmFQfs.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-9vp1YmI2-b8fDK9wsefeYrUiI8Q/ 119 KB
40 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.XSQ9KzmFQfs.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-9vp1YmI2-b8fDK9wsefeYrUiI8Q/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js?onload=_startgSignIn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a251bcf90febe4190636c35ab590607d35c97d146f34e15d4820678b9ad1cc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 19:33:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568260
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40776
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 22:37:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 19:33:31 GMT

GET
H2 200 iframe
accounts.google.com/o/oauth2/ Frame 7676 287 B
1 KB 574ms
525ms Document
text/html 2a00:1450:400c:c0c::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.XSQ9KzmFQfs.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-9vp1YmI2-b8fDK9wsefeYrUiI8Q/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::54 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-y5CyieFFrTDFzPseze_xtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://app.navan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-y5CyieFFrTDFzPseze_xtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 09:24:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Primary Request eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0= Show response
app.navan.com/app/user2/auth/ 17 KB
4 KB 717ms
717ms Document
text/html 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Requested by: Host: app.navan.com
URL: https://app.navan.com/wro/user.js?v=e804b86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5537bc5b5953bf2398f369bada345db113bbd14f77e5810e17683deb1aa90e01

Request headers

Referer: https://app.navan.com/app/user/profile?tab=traveler
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8302ff333bd3bbc7-FRA
content-encoding: br
content-type: text/html
date: Mon, 04 Dec 2023 09:24:32 GMT
last-modified: Mon, 04 Dec 2023 07:15:13 GMT
server: cloudflare
ta-request-uuid: 63f5567e-91d3-4929-942d-e2355b8ba180
vary: Accept-Encoding

GET
H2 200 m=base
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.GU3DlRjl7lI.es5.O/am=CAM/d=1/rs=AOaEmlE_jgkoSmPDyN2H4K2hkGa3TbneCw/ Frame 7676 107 KB
37 KB 61ms
18ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.GU3DlRjl7lI.es5.O/am=CAM/d=1/rs=AOaEmlE_jgkoSmPDyN2H4K2hkGa3TbneCw/m=base

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 21:55:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37615
x-xss-protection: 0
last-modified: Wed, 22 Nov 2023 23:45:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Mon, 02 Dec 2024 21:55:14 GMT

POST
H2 400 cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame 7676 2 KB
916 B 30ms
29ms Other
text/html 2a00:1450:400c:c0c::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/_/IdpIFrameHttp/cspreport

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::54 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 iframerpc
accounts.google.com/o/oauth2/ Frame 7676 49 B
94 B 26ms
26ms XHR
application/json 2a00:1450:400c:c0c::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fapp.navan.com&client_id=1093463791317-qmon9edql9ghjc2elgi1l3km703nfsac.apps.googleusercontent.com

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.GU3DlRjl7lI.es5.O/am=CAM/d=1/rs=AOaEmlE_jgkoSmPDyN2H4K2hkGa3TbneCw/m=base

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::54 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-7i1GblDGW_KXVJ-S67kNSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
X-Requested-With: XmlHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-7i1GblDGW_KXVJ-S67kNSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 08:52:59 GMT
content-encoding: gzip
age: 1893
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Origin
content-type: application/json; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 04 Dec 2023 09:52:59 GMT

GET
H2 200 / Show response
js.stripe.com/v3/ 560 KB
155 KB 14ms
13ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

eb5036bad8662eb3aeca1984456f9d3bbc3ad934ef96c6e46f64a86fbae1d5af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 09:24:32 GMT
via: 1.1 varnish
age: 14
x-cache: HIT
content-length: 158203
x-request-id: bf44eb29-5dc8-4756-9a1b-207874bc438b
x-served-by: cache-fra-eddf8230044-FRA
last-modified: Fri, 01 Dec 2023 21:45:14 GMT
server: Fastly
etag: "cd52d1197822ef515efcd0a52a691074"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 9

GET
H2 200 58995.js Show response
fast.appcues.com/ 22 KB
5 KB 15ms
14ms Script
text/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.appcues.com/58995.js
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 0421273210f95466116756f716807b23c7d561d05f8c5bac8de3d921886be0e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: gzip
via: 1.1 varnish
age: 56
x-cache: HIT
content-length: 5182
x-request-id: F52WmLuEvw-rzojpOdOh
x-served-by: cache-fra-eddf8230131-FRA
server: Cowboy
x-timer: S1701681873.618931,VS0,VE0
vary: accept-encoding, Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=120,public
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With,Authorization
x-cache-hits: 2

GET
H2 200 nr-loader-spa-1.248.0.min.js Show response
js-agent.newrelic.com/ 54 KB
19 KB 43ms
14ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0854cf1a0ce3f0e51ef7a606e18f26cde6fd063f013996275ba3334aa9ed7719

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: FL7sB0izI6BzJX5mTX5rrgA_Enu5uFqr
content-encoding: br
via: 1.1 varnish
date: Mon, 04 Dec 2023 09:24:32 GMT
strict-transport-security: max-age=300
x-amz-request-id: YJ070Y5Q75R2CCAE
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 18848
x-amz-id-2: xmt8xGQKLZuJJV3EvCASIsCM+kVkUpdB+fGW4RgOohr7sD3FlvtP1Yz5LdfzN9ftuWqkwGOSzcE=
x-served-by: cache-fra-eddf8230103-FRA
last-modified: Mon, 27 Nov 2023 21:18:43 GMT
server: AmazonS3
x-timer: S1701681873.647145,VS0,VE0
etag: "ad1f970587443c551676ebad7953b992"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 6

GET
H2 200 runtime.32c9c146e8b46035.js Show response
app.navan.com/app/user2/ 9 KB
5 KB 230ms
230ms Script
application/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/app/user2/runtime.32c9c146e8b46035.js
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b35038a0fd17540e8ff5d80ed6b740a3d60d671b2d27b890d711dfa54325168

Request headers

Referer: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 04 Dec 2023 07:15:10 GMT
server: cloudflare
etag: W/"656d7c7e-22c2"
access-control-max-age: 3600
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600
vary: Accept-Encoding
cf-ray: 8302ff37d9adbbc7-FRA
access-control-allow-headers: x-tripactions-locale, x-requested-with, authorization, Content-Type, X-XSRF-TOKEN, x-ta-region, x-agent-desktop, x-gateway-authorization
ta-request-uuid: 9560f8d0-6d7b-4653-833a-5ef1ae799e6e

GET
H2 200 polyfills.d7d44250c607419d.js Show response
app.navan.com/app/user2/ 459 KB
149 KB 248ms
247ms Script
application/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/app/user2/polyfills.d7d44250c607419d.js
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b09dcd1808af6f13b9d22768d0c6b666bc1742e8a5a260a7762aae7e5d6542c8

Request headers

Referer: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 04 Dec 2023 07:15:10 GMT
server: cloudflare
etag: W/"656d7c7e-72c4a"
access-control-max-age: 3600
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600
vary: Accept-Encoding
cf-ray: 8302ff37d9aebbc7-FRA
access-control-allow-headers: x-tripactions-locale, x-requested-with, authorization, Content-Type, X-XSRF-TOKEN, x-ta-region, x-agent-desktop, x-gateway-authorization
ta-request-uuid: e43c69a5-6a45-45be-9317-4214b31508cc

GET
H2 200 scripts.ffdba5eb99ff5ceb.js Show response
app.navan.com/app/user2/ 3 KB
1 KB 214ms
214ms Script
application/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/app/user2/scripts.ffdba5eb99ff5ceb.js
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fedbdb0e2b84201df42bc0dbe144a77af8d48d6efe02507ef4f1b8f50589329c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 04 Dec 2023 07:15:10 GMT
server: cloudflare
etag: W/"656d7c7e-cac"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=600
cf-ray: 8302ff383a1bbbc7-FRA
ta-request-uuid: 54bb028e-ad7e-49d6-ab80-aefcf2ebb288

GET
H2 200 main.df70f02b40abb55b.js Show response
app.navan.com/app/user2/ 7 MB
2 MB 205ms
205ms Script
application/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/app/user2/main.df70f02b40abb55b.js
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74d04b31dad1fd30d990aeb8d5b744cfe466cc5f21815c8139630c05d15eec49

Request headers

Referer: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 04 Dec 2023 07:15:10 GMT
server: cloudflare
etag: W/"656d7c7e-6a2caa"
access-control-max-age: 3600
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600
vary: Accept-Encoding
cf-ray: 8302ff37d9b0bbc7-FRA
access-control-allow-headers: x-tripactions-locale, x-requested-with, authorization, Content-Type, X-XSRF-TOKEN, x-ta-region, x-agent-desktop, x-gateway-authorization
ta-request-uuid: c02f2a70-70a9-4da3-b92e-530922a643be

GET
H2 200 styles.b3a22dad16ec8b6f.css
app.navan.com/app/user2/ 129 KB
21 KB 247ms
247ms Stylesheet
text/css 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/app/user2/styles.b3a22dad16ec8b6f.css
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d94fae2a77d913ab9c9f9f36b1346ae783d7278b1daf7c5a76ded64899ca78f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 04 Dec 2023 07:15:10 GMT
server: cloudflare
etag: W/"656d7c7e-202b2"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=600
cf-ray: 8302ff383a1dbbc7-FRA
ta-request-uuid: 4f8423a5-34d5-4e10-9639-ff3ab7db7f1c

GET
H2 200 appcues.main.6419acf5aaf9241c9d5ea40d0059c214ae900e82.js Show response
fast.appcues.com/generic/main/4.60.47/ 447 KB
126 KB 14ms
14ms Script
application/javascript 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.appcues.com/generic/main/4.60.47/appcues.main.6419acf5aaf9241c9d5ea40d0059c214ae900e82.js
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0552a7557e5e284a66ce6125d74adaefb93e1b24594d160b1b09742c740fbe7c

Request headers

Referer: https://app.navan.com/
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:32 GMT
content-encoding: gzip
via: 1.1 varnish
x-amz-request-id: CBRHFC1A53034AG0
age: 300058
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 129022
x-amz-id-2: c7cGhD+0sCL7qWNIG/y3qwMhwZ4pVBy42JMW01dCLi7f1ftjoMFWbWJpIFms+aEhGi1XjhfujC4=
x-served-by: cache-fra-eddf8230101-FRA
last-modified: Thu, 30 Nov 2023 21:27:28 GMT
server: AmazonS3
x-timer: S1701681873.936580,VS0,VE0
etag: "94993118ccff89b1c3e4d9675c025e8d"
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With,Authorization
x-cache-hits: 244

GET
H2 200 container.6419acf5aaf9241c9d5ea40d0059c214ae900e82.css
fast.appcues.com/generic/main/4.60.47/ 16 KB
2 KB 9ms
9ms Stylesheet
text/css 2a04:4e42:600::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.appcues.com/generic/main/4.60.47/container.6419acf5aaf9241c9d5ea40d0059c214ae900e82.css
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c2f5a697cf483b8a50b286ec9481c2767bcc448ad563047894e7e623de8049eb

Request headers

Referer: https://app.navan.com/
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:33 GMT
content-encoding: gzip
via: 1.1 varnish
x-amz-request-id: GZPW2T2YDT687SS9
age: 300082
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 1992
x-amz-id-2: AqfrhUYKy9Z7SAYi8zdwx0gzEyNg0KsoPd+3+D5oMbTA3ZC846/qZILxUKfpjRxkQGmOyjJAu24=
x-served-by: cache-fra-eddf8230101-FRA
last-modified: Thu, 30 Nov 2023 21:27:28 GMT
server: AmazonS3
x-timer: S1701681873.020137,VS0,VE0
etag: "5be05ce494e7cac41d062a0b12a1657c"
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: text/css; charset=utf-8;
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With,Authorization
x-cache-hits: 9856

GET
H2 200 i18n-base.5b57f9f95cd04560.js Show response
app.navan.com/app/user2/ 368 KB
15 KB 237ms
237ms Script
application/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/app/user2/i18n-base.5b57f9f95cd04560.js
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 377532549eb8d6a99b81d1959544020139b61e2525fd86616364ae8e7236b5bb

Request headers

Referer: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:33 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 04 Dec 2023 07:15:10 GMT
server: cloudflare
etag: W/"656d7c7e-5bf3d"
access-control-max-age: 3600
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600
vary: Accept-Encoding
cf-ray: 8302ff3e49d6bbc7-FRA
access-control-allow-headers: x-tripactions-locale, x-requested-with, authorization, Content-Type, X-XSRF-TOKEN, x-ta-region, x-agent-desktop, x-gateway-authorization
ta-request-uuid: fb69659a-a783-4f8d-8af8-ce5c10dec9e9

GET
H2 200 m-outer-27c67c0d52761104439bb051c7856ab1.html Show response
js.stripe.com/v3/ Frame BDB1 200 B
839 B 12ms
12ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html

Requested by

Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.navan.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 370900
cache-control: max-age=31536000
content-encoding: br
content-length: 154
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 04 Dec 2023 09:24:33 GMT
etag: "27c67c0d52761104439bb051c7856ab1"
last-modified: Fri, 08 Sep 2023 21:23:50 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 140938
x-content-type-options: nosniff
x-request-id: c3167f1e-8af5-4e8e-bae6-553e1ee1cd09
x-served-by: cache-fra-eddf8230044-FRA

GET
H2 200 m-outer-6576085ca35ee42f2f484cda6763e4aa.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame BDB1 631 B
533 B 12ms
12ms Script
text/javascript 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Dec 2023 09:24:33 GMT
via: 1.1 varnish
age: 2948770
x-cache: HIT
content-length: 399
x-request-id: 60034312-0383-4328-b6de-3d8527b4223b
x-served-by: cache-fra-eddf8230044-FRA
last-modified: Fri, 08 Sep 2023 21:23:49 GMT
server: Fastly
etag: "70cacf09ae81711ac6dcbc5ee59750c4"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 134676

POST
H2 200 csp-report
q.stripe.com/ Frame BDB1 0
716 B 186ms
186ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 04 Dec 2023 09:24:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1701681873839348
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 1
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1701681873838921
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame BDB1 0
716 B 184ms
184ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 04 Dec 2023 09:24:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1701681873839276
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 0
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1701681873838964
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 819C 930 B
2 KB 18ms
18ms Document
text/html 2600:9000:2057:b600:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:b600:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 68
cache-control: max-age=300, public
content-length: 930
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 04 Dec 2023 09:23:26 GMT
etag: "06bfcd88af438673a8bf9b845a11aa6e"
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-id: UcqcUhnRBhWfrgOhwUNP2ZAq3VFkNc6GziLR17ePYNixz5-EjsPq8g==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 csp-report
q.stripe.com/ Frame 819C 0
490 B 192ms
192ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: app.navan.com
URL: https://app.navan.com/app/user/profile?tab=traveler

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 04 Dec 2023 09:24:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1701681873873381
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
x-stripe-server-envoy-upstream-service-time-ms: 0
x-stripe-client-envoy-start-time-us: 1701681873873061
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
expires: 0

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame 819C 87 KB
16 KB 15ms
15ms Script
text/javascript 2600:9000:2057:b600:19:7d10:bd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:b600:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Cloudfront /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:19:49 GMT
content-encoding: gzip
via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
last-modified: Fri, 30 Jun 2023 14:32:28 GMT
server: Cloudfront
age: 285
x-content-type-options: nosniff
etag: W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop: FRA6-C1
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
x-amz-cf-id: lCid16CRCkJJCN4asoZEMxG4Ay9qXZK68R7LXNHJSxzc7p1lFNq7jA==

POST
H2 200 6 Show response
m.stripe.com/ Frame 819C 156 B
668 B 429ms
429ms XHR
application/json 34.215.46.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.215.46.190 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-215-46-190.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

8cb6f2adbd57b63f9bade5d6bb89d26d6c6d5c28b4585cd4e750943cfc6778e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: blue
date: Mon, 04 Dec 2023 09:24:34 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1701681874141335
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 1
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1701681874141047
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 9943.e7c461ba0a3880d0.js Show response
app.navan.com/app/user2/ 103 KB
21 KB 228ms
228ms Script
application/javascript 2606:4700:4400::ac40:94ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.navan.com/app/user2/9943.e7c461ba0a3880d0.js
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:94ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5360ec254bdbe6c9372308e91719dd8f711147c433d0c4deaf6ab6c728a1c2b2

Request headers

Referer: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 09:24:34 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 04 Dec 2023 07:15:10 GMT
server: cloudflare
etag: W/"656d7c7e-19c19"
access-control-max-age: 3600
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS, PATCH, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=600
vary: Accept-Encoding
cf-ray: 8302ff400c1fbbc7-FRA
access-control-allow-headers: x-tripactions-locale, x-requested-with, authorization, Content-Type, X-XSRF-TOKEN, x-ta-region, x-agent-desktop, x-gateway-authorization
ta-request-uuid: e42218d0-e763-41fc-a7e8-a59c9e224105

GET
H2 200 NeueHaasGroteskTXPro-Roman.woff2
d35qahma2tlngp.cloudfront.net/web/fonts/NeueHaasGroteskTXPro/ 37 KB
38 KB 194ms
34ms Font
binary/octet-stream 2600:9000:243d:e00:3:d543:c240:21

General

Check archive.org

Show headers Download Go to

Full URL: https://d35qahma2tlngp.cloudfront.net/web/fonts/NeueHaasGroteskTXPro/NeueHaasGroteskTXPro-Roman.woff2
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:e00:3:d543:c240:21 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: de2ef743fcfe6c581af477c54852a579c8ab860cfeaade767a534b5c08c0b0a7

Request headers

Referer: https://app.navan.com/
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 07:44:55 GMT
via: 1.1 5d1a69823c5f0381c7fe170df3cfc5ea.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P4
age: 6010
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 38164
last-modified: Mon, 23 Jan 2023 22:56:31 GMT
server: AmazonS3
etag: "6ad0dcd1e159008b7496febcf5d85592"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=3600, immutable
accept-ranges: bytes
x-amz-cf-id: qn7Fj_oNrfEWxgBevJH4pPPY2LIBZNQRbdX1rLBiT9z086046_T8LA==

GET
H2 200 navan-dynamic.svg
d2w7f1pl8j4yzn.cloudfront.net/logos/navan/ 2 KB
1 KB 92ms
40ms Image
image/svg+xml 2600:9000:223c:4200:19:3b4b:48c0:21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2w7f1pl8j4yzn.cloudfront.net/logos/navan/navan-dynamic.svg
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:4200:19:3b4b:48c0:21 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c63985ba0aa292982c80122093d3fb5ce7b3ee4bf88e4e9bc648d5c8748fefd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 00:33:01 GMT
content-encoding: gzip
via: 1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
last-modified: Mon, 23 Jan 2023 22:56:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 31894
x-amz-server-side-encryption: AES256
etag: W/"0215d073d3a51a3596e83a1794904d58"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=3600, immutable
x-amz-cf-id: fi-wt6jOFyTbluSrRB-5b3okhwb0oQiCxBX_xAIRmgUjzAlsgGpaaQ==

GET
H2 200 navan-login.svg
d2w7f1pl8j4yzn.cloudfront.net/login-backgrounds/ 1 KB
947 B 92ms
41ms Image
image/svg+xml 2600:9000:223c:4200:19:3b4b:48c0:21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2w7f1pl8j4yzn.cloudfront.net/login-backgrounds/navan-login.svg
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:4200:19:3b4b:48c0:21 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 05de7fb1b2bf6843d137c395b639cae55eca28c9e54a9dceae4d9e4180dcb6ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.navan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 02:17:51 GMT
content-encoding: gzip
via: 1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
last-modified: Mon, 23 Jan 2023 22:56:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 25691
x-amz-server-side-encryption: AES256
etag: W/"c13cd68dc66dda886c26f9b3a870970e"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=3600, immutable
x-amz-cf-id: EfDXjAjwSTDXOJYjFgTMUgN4J7HgqURk7QR3LwQa0n0plqDDp7WFXg==

GET
H2 200 NeueHaasGroteskTXPro-Medium.woff2
d35qahma2tlngp.cloudfront.net/web/fonts/NeueHaasGroteskTXPro/ 40 KB
41 KB 17ms
17ms Font
binary/octet-stream 2600:9000:243d:e00:3:d543:c240:21

General

Check archive.org

Show headers Download Go to

Full URL: https://d35qahma2tlngp.cloudfront.net/web/fonts/NeueHaasGroteskTXPro/NeueHaasGroteskTXPro-Medium.woff2
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:e00:3:d543:c240:21 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1430a41a2bba6ad50cb49bd4623e7dbf3e75c431183cfbc0d721cbb1ed77c91c

Request headers

Referer: https://app.navan.com/
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 11:16:41 GMT
via: 1.1 5d1a69823c5f0381c7fe170df3cfc5ea.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P4
age: 79674
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 40976
last-modified: Mon, 23 Jan 2023 22:56:31 GMT
server: AmazonS3
etag: "dcc69ac1aab578ff1181a0e05c4494e8"
vary: Accept-Encoding
content-type: binary/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=3600, immutable
accept-ranges: bytes
x-amz-cf-id: YNA2PIVoIHg__6YYy_OoRKqg-57mdFXuMv7O_QmnPwSRhk9kZakROw==

GET
H2 200 Sanomat-Semibold.woff2
d35qahma2tlngp.cloudfront.net/web/fonts/Sanomat/ 36 KB
37 KB 42ms
42ms Font
binary/octet-stream 2600:9000:243d:e00:3:d543:c240:21

General

Check archive.org

Show headers Download Go to

Full URL: https://d35qahma2tlngp.cloudfront.net/web/fonts/Sanomat/Sanomat-Semibold.woff2
Requested by: Host: app.navan.com
URL: https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:e00:3:d543:c240:21 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8c1db2abeb36a8381d7ad18d07a09d38235bda54004d5a05841c221dbdb925c

Request headers

Referer: https://app.navan.com/
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 07:17:55 GMT
via: 1.1 5d1a69823c5f0381c7fe170df3cfc5ea.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P4
age: 7698
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 36921
last-modified: Mon, 23 Jan 2023 22:56:31 GMT
server: AmazonS3
etag: "a1b59fd1d6e3fc9a630946e68b81d08a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=3600, immutable
accept-ranges: bytes
x-amz-cf-id: SWBfVUt9PR37RqMEfiATn9ZuCOygZueLHLSO2A7T2SRqaaGPStGsIA==

GET
H2 200 nr-spa-1.248.0.min.js Show response
js-agent.newrelic.com/ 87 KB
29 KB 39ms
14ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1.248.0.min.js

Requested by

Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8e4147148517b1b092a5bf8fb1fb4e78b568bdc40a127ec16732de62ddbb472a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://app.navan.com/
Origin: https://app.navan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: WdicPIzDGJD8og5dR8sXZo1iUf3RkEzi
content-encoding: br
via: 1.1 varnish
date: Mon, 04 Dec 2023 09:24:34 GMT
strict-transport-security: max-age=300
x-amz-request-id: KPSAA6596B5W9WAE
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 29446
x-amz-id-2: kK7PfSmN+43+Jj0qkIS4Cd0s6EyntbGFa2u05oT4gNKZizW0KbsABqTWJcaxq3TCCYeEjgaLlvk=
x-served-by: cache-fra-eddf8230029-FRA
last-modified: Thu, 16 Nov 2023 17:54:54 GMT
server: AmazonS3
x-timer: S1701681874.329092,VS0,VE0
etag: "9aea0ff91a800a354637269e96e31dac"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 1015853

POST
H/1.1 200 NRJS-d0e82c054a0db776b2e Show response
bam.nr-data.net/1/ 40 B
401 B 608ms
127ms XHR
text/plain 162.247.243.29

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-d0e82c054a0db776b2e?a=967033548&sa=1&v=1.248.0&t=Unnamed%20Transaction&rst=2490&ck=0&s=64f5d42598189c5d&ref=https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0%253D&af=err,xhr,stn,ins,spa&be=718&fe=1717&dc=1059&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1701681871866,%22n%22:0,%22u%22:744,%22ue%22:744,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:1,%22rp%22:718,%22rpe%22:720,%22di%22:809,%22ds%22:1777,%22de%22:1777,%22dc%22:2433,%22l%22:2433,%22le%22:2435%7D,%22navigation%22:%7B%7D%7D&fp=2055&fcp=2347
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a

Request headers

Referer: https://app.navan.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 04 Dec 2023 09:24:34 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://app.navan.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 40
x-served-by: cache-fra-eddf8230058-FRA

POST
H/1.1 200 NRJS-d0e82c054a0db776b2e Show response
bam.nr-data.net/events/1/ 24 B
340 B 144ms
144ms XHR
image/gif 162.247.243.29

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/NRJS-d0e82c054a0db776b2e?a=967033548&sa=1&v=1.248.0&t=Unnamed%20Transaction&rst=3105&ck=0&s=64f5d42598189c5d&ref=https://app.navan.com/app/user2/auth/eyJwcmV2aW91c1JvdXRlIjoiL2FwcC91c2VyL3Byb2ZpbGU@@@dGFiPXRyYXZlbGVyIn0%253D
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-loader-spa-1.248.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://app.navan.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 04 Dec 2023 09:24:35 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://app.navan.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 24
x-served-by: cache-fra-eddf8230058-FRA

OPTIONS httpapi
dev-amp-proxy.navan.com/2/ Frame 0
0

POST httpapi
dev-amp-proxy.navan.com/2/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: app.navan.com
URL: https://app.navan.com/images/download_appstore.png

Domain: dev-amp-proxy.navan.com
URL: https://dev-amp-proxy.navan.com/2/httpapi

Domain: dev-amp-proxy.navan.com
URL: https://dev-amp-proxy.navan.com/2/httpapi

Verdicts & Comments Add Verdict or Comment

182 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tripactions.com/	1970-01-21 01:26:57	Name: tripactions_snowplow Value: 3668a630-8359-47b0-a3c2-6e10495eb71b
.tripactions.com/	1970-01-20 16:41:23	Name: __cf_bm Value: IWhW5WY2JVFdYMQ.nEie6B4QIaIU3BpZtpNtkgobZFc-1701681867-0-AZmleZdpsC4nB+IPOa1rem2yO/aHWTSemKXJ+qlrCQJT8v5QXV2XG57PROMJPKdJopO+q8TsBKY7bXK0MDkOjgs=
m.stripe.com/	1970-01-21 02:17:21	Name: m Value: e86f64e1-7160-4dc5-b681-86cb3cba4799d96673
.app.navan.com/	1970-01-21 01:26:57	Name: __stripe_mid Value: b74d2227-958e-4ec2-93c1-b1e2cc3d5d57ecec46
.app.navan.com/	1970-01-20 16:41:23	Name: __stripe_sid Value: c01360fe-3c3d-4405-bca0-05843cdcecfe63cad7
.google.com/	1970-01-20 21:04:53	Name: NID Value: 511=eKIxJrVJnrlahjS--vRrBv_NQWTGsQMCVGLf_lNQvgsJv8Oa_pOp4WTYIGKf_DLnLbLAiYGeizPbDHwqaQ5m7D5Eua2G-Exm-KoeZkOVnCDe0qPKXCS13142RP9b1clugrk2466iw-GjFOL0Cx6pTzTJQpWTPc4M9rs0P2K4b0c
.app.navan.com/	1970-01-21 02:17:21	Name: G_ENABLED_IDPS Value: google
.navan.com/	1970-01-21 01:26:57	Name: AMP_222bb75b75 Value: JTdCJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJkZXZpY2VJZCUyMiUzQSUyMjZlNmQyZGZjLTZhM2UtNDk2Ni05MTgwLTM1Yzc0OTEzMmJkYSUyMiUyQyUyMmxhc3RFdmVudFRpbWUlMjIlM0ExNzAxNjgxODc0MjA5JTJDJTIyc2Vzc2lvbklkJTIyJTNBMTcwMTY4MTg3NDE5NyU3RA==

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security	warning	URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.XSQ9KzmFQfs.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-9vp1YmI2-b8fDK9wsefeYrUiI8Q/cb=gapi.loaded_0?le=scs(Line 186) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://accounts.google.com/_/IdpIFrameHttp/cspreport Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://app.navan.com/api/user/policies/company Message: Failed to load resource: the server responded with a status of 401 ()
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
apis.google.com
app.navan.com
bam.nr-data.net
cdnjs.cloudflare.com
collector.tripactions.com
d2w7f1pl8j4yzn.cloudfront.net
d35qahma2tlngp.cloudfront.net
dev-amp-proxy.navan.com
fast.appcues.com
js-agent.newrelic.com
js.stripe.com
m.stripe.com
m.stripe.network
maps.googleapis.com
q.stripe.com
www.gstatic.com
app.navan.com
dev-amp-proxy.navan.com
151.101.0.176
151.101.130.137
162.247.243.29
2600:9000:2057:b600:19:7d10:bd80:93a1
2600:9000:223c:4200:19:3b4b:48c0:21
2600:9000:243d:e00:3:d543:c240:21
2606:4700:4400::ac40:94ce
2606:4700::6811:190e
2606:4700::6812:9178
2a00:1450:4001:809::2003
2a00:1450:4001:813::200a
2a00:1450:4001:81c::200e
2a00:1450:400c:c0c::54
2a04:4e42:600::622
34.215.46.190
54.187.159.182
0421273210f95466116756f716807b23c7d561d05f8c5bac8de3d921886be0e5
0552a7557e5e284a66ce6125d74adaefb93e1b24594d160b1b09742c740fbe7c
05de7fb1b2bf6843d137c395b639cae55eca28c9e54a9dceae4d9e4180dcb6ba
0854cf1a0ce3f0e51ef7a606e18f26cde6fd063f013996275ba3334aa9ed7719
0c63985ba0aa292982c80122093d3fb5ce7b3ee4bf88e4e9bc648d5c8748fefd
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0df36faa8c0da70e17455582d9546a49749d3b4053b285f85f706d90be77e3ec
1430a41a2bba6ad50cb49bd4623e7dbf3e75c431183cfbc0d721cbb1ed77c91c
1741da31bdbe994a0ca036e92916e3e6f31c26bf22e4653776c3763636d5dfbd
2a251bcf90febe4190636c35ab590607d35c97d146f34e15d4820678b9ad1cc3
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
3694364ccd37e28a655a0a5c2718d91c6a51f4b058b3e02e013d103882ea01b1
377532549eb8d6a99b81d1959544020139b61e2525fd86616364ae8e7236b5bb
4ac564886d16f582421ecad0a9ec946fbcbff72b8053c4db9aa31a8f3087aeef
4f8be722c29070e9f32fe7465584d327e66138f06c1bf36a166df5bb1ead1328
5360ec254bdbe6c9372308e91719dd8f711147c433d0c4deaf6ab6c728a1c2b2
5537bc5b5953bf2398f369bada345db113bbd14f77e5810e17683deb1aa90e01
5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a
74d04b31dad1fd30d990aeb8d5b744cfe466cc5f21815c8139630c05d15eec49
78e1e9e986b786cb5e5d1cfb467fab0b39d31586ae12f0d14a7d3ab28f0d6c2a
79a0820d7d0114cb802446697011f0363a9485f006a200b4aa033d95c2d56a77
862c6f0e8c648e31824e648460554450b30f94f0aa02eb6b01b6fee42b9fa2b0
8b35038a0fd17540e8ff5d80ed6b740a3d60d671b2d27b890d711dfa54325168
8cb6f2adbd57b63f9bade5d6bb89d26d6c6d5c28b4585cd4e750943cfc6778e7
8e4147148517b1b092a5bf8fb1fb4e78b568bdc40a127ec16732de62ddbb472a
8e5df6626a7b934e467ddd5fbb6bb613e5820d95701128a0244a884d255f9dd2
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
b09dcd1808af6f13b9d22768d0c6b666bc1742e8a5a260a7762aae7e5d6542c8
be1a99b11acde26fa93149b45583b86994c7d7e388ffd24b0b4da17eb7d33f4b
c2f5a697cf483b8a50b286ec9481c2767bcc448ad563047894e7e623de8049eb
c9c7e4003d0e2102bd991793016a04c0791978b6adff2bbcf40d8dd001e1a623
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d94fae2a77d913ab9c9f9f36b1346ae783d7278b1daf7c5a76ded64899ca78f0
de2ef743fcfe6c581af477c54852a579c8ab860cfeaade767a534b5c08c0b0a7
e032fcbcc0e1f657ffcc944d857911d419f8e0f141e884bd08357b504ee0346f
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e2c1223867bf3edef761f9e9da920acec90a1008f368cb07d8ced8bd9fda704b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8c1db2abeb36a8381d7ad18d07a09d38235bda54004d5a05841c221dbdb925c
eb5036bad8662eb3aeca1984456f9d3bbc3ad934ef96c6e46f64a86fbae1d5af
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947
fc528f5b51eb3092157bb5a1059dfd3346ed4de0d0ae457243fd3f0819c3b04f
fedbdb0e2b84201df42bc0dbe144a77af8d48d6efe02507ef4f1b8f50589329c

app.navan.com Open in urlscan Pro 2606:4700:4400::ac40:94ce Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

71 Requests

96 %HTTPS

69 %IPv6

12 Domains

17 Subdomains

16 IPs

3 Countries

6752 kBTransfer

25470 kBSize

8 Cookies

1 Outgoing links

Page URL History

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

app.navan.com Open in urlscan Pro
2606:4700:4400::ac40:94ce Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

96 %
HTTPS

69 %
IPv6

12
Domains

17
Subdomains

16
IPs

3
Countries

6752 kB
Transfer

25470 kB
Size

8
Cookies

71 HTTP transactions
0 data transactions