urlscan.io logo urlscan.io
SecurityTrails logo

web.step.app Open in urlscan Pro
2606:4700:20::681a:107  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.step.app/
Effective URL: https://web.step.app/
Submission: On December 10 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 9 domains to perform 27 HTTP transactions. The main IP is 2606:4700:20::681a:107, located in United States and belongs to CLOUDFLARENET, US. The main domain is web.step.app.
TLS certificate: Issued by GTS CA 1P5 on October 19th 2023. Valid for: 3 months.
This is the only time web.step.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

11    2606:4700:20::681a:107 (United States)

ASN13335 (CLOUDFLARENET, US)
app.step.app
web.step.app
3    2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebase.googleapis.com
1    2606:4700:20::ac43:45c4 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-preupdate.step.app
3    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
region1.analytics.google.com
2    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    13.32.27.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-21.fra56.r.cloudfront.net
widget.intercom.io
2    18.66.147.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-5.fra60.r.cloudfront.net
js.intercomcdn.com
1    34.206.254.231 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-254-231.compute-1.amazonaws.com
api-iam.intercom.io
1    3.33.152.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: a69d63ecdf0f33068.awsglobalaccelerator.com
downloads.intercomcdn.com
Apex Domain
Subdomains		 Transfer
12 step.app
app.step.app
web.step.app
cdn-preupdate.step.app
1 MB
4 googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 3835
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 525
1 KB
3 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 2136
downloads.intercomcdn.com — Cisco Umbrella Rank: 12111
282 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
247 KB
2 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1721
api-iam.intercom.io — Cisco Umbrella Rank: 2121
6 KB
2 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2189
306 B
1 google.de
www.google.de — Cisco Umbrella Rank: 6765
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 75
252 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2693
45 B
27 9
Domain Requested by
10 web.step.app 1 redirects web.step.app
3 www.googletagmanager.com web.step.app
www.googletagmanager.com
2 js.intercomcdn.com widget.intercom.io
2 firebaseinstallations.googleapis.com web.step.app
2 region1.google-analytics.com www.googletagmanager.com
2 firebase.googleapis.com web.step.app
1 downloads.intercomcdn.com
1 api-iam.intercom.io js.intercomcdn.com
1 widget.intercom.io web.step.app
1 www.google.de web.step.app
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 cdn-preupdate.step.app web.step.app
1 app.step.app 1 redirects
27 14

This site contains links to these domains. Also see Links.

Domain
step.app
Subject Issuer Validity Valid
step.app
GTS CA 1P5		 2023-10-19 -
2024-01-17		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.intercom.com
Amazon RSA 2048 M02		 2023-02-14 -
2024-03-14		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02		 2023-12-01 -
2024-12-29		 a year crt.sh
intercom-attachments-10.com
Amazon RSA 2048 M01		 2023-07-09 -
2024-08-06		 a year crt.sh

This page contains 3 frames:

Primary Page: https://web.step.app/
Frame ID: 0925F9F1162EA724BFEB7045143E396A
Requests: 20 HTTP requests in this frame

Frame: https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Frame ID: 44A3DC35D14BCD54DE24A55EA29E05AA
Requests: 2 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.a78ca244.js
Frame ID: 30E29937A4D0248828AC199759A018B5
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Step App | Web

Page URL History Show full URLs

  1. http://app.step.app/ HTTP 307
    https://app.step.app/ HTTP 301
    https://web.step.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

27
Requests

96 %
HTTPS

67 %
IPv6

9
Domains

14
Subdomains

12
IPs

3
Countries

1993 kB
Transfer

25880 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.step.app/ HTTP 307
    https://app.step.app/ HTTP 301
    https://web.step.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
web.step.app/
Redirect Chain
  • http://app.step.app/
  • https://app.step.app/
  • https://web.step.app/
4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f88e78455df94e941af8b5563ee28cdf227590f8c970f722c7900be00e7f00e3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET HEAD OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
cache-control
max-age=60, stale-while-revalidate=3600
cdn-cache
REVALIDATED
cdn-cachedat
11/10/2023 19:35:54
cdn-edgestorageid
1082
cdn-proxyver
1.04
cdn-pullzone
972527
cdn-requestcountrycode
DE
cdn-requestid
6a6f1401c0b9d07d055e35ff35f04dc2
cdn-requestpullcode
200
cdn-requestpullsuccess
True
cdn-status
200
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cf-cache-status
DYNAMIC
cf-ray
8334664998c35d5b-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Sun, 10 Dec 2023 09:18:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FoCH4s%2FzedYUY%2FxrRgFxK%2FeVakqZVjx1jKfovg8SOyrMiPPaDlNbY%2BiTWtSYCNW1leKF9Q92YyFV3P64j%2FUi6mRLRK22TK8xGfHCKCxvuSCtCb3wtzvdagk53O%2B0eNerDHawZ01TQszdmA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-cache-status
MISS
x-content-type-options
nosniff
x-ipfs-path
/ipfs/bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq/
x-ipfs-roots
bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq
x-request-id
31ff002119d49716c9e62ef015ac793a
x-xss-protection
0

Redirect headers

cache-control
max-age=3600
cf-ray
8334664958485d5b-FRA
date
Sun, 10 Dec 2023 09:18:16 GMT
expires
Sun, 10 Dec 2023 10:18:16 GMT
location
https://web.step.app
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QlH5NIqeEVzHYnyxmz07ZJEH%2BQ9xfjNbVIelb4BwQNrLQbpndSudY6OYi0LsdgNp3IewzXbdVKCT%2FahEnU%2Bbr2seTuKsRY7JRf9b7Ywp1tlLRdvKvis1KqhOvjAF%2FM6iB%2F3rzKVpaPvi1A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
index-c9afe529.js
web.step.app/assets/ 		1 MB
438 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-c9afe529.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0814e002ad0ee277700afa57a301fc5d07f2c4c770fe09a814610d9221d8e739
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://web.step.app/
Origin
https://web.step.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq,QmdBBkEwXiimSZWn4p9vjkMaLcmQPMFMdUuJqJb6QUtdnM,QmaFfxsksHVKWX9W146kXsNNLtNfJy8X5e4YzNKqAFn6pH
etag
W/"QmaFfxsksHVKWX9W146kXsNNLtNfJy8X5e4YzNKqAFn6pH"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq/assets/index-c9afe529.js
cdn-requestcountrycode
DE
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Sun, 10 Dec 2023 09:18:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
717
x-cache-status
MISS
cdn-cachedat
11/10/2023 19:28:32
x-xss-protection
0
x-request-id
b807918a642d39d543ce47b531b46ab1
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B1XIuPsZLOQzcEbXcBngZgcUes9dkM8QKINoE2y8sT7Lqwxtm10r53uE%2BIYUTmZzax55uIW59CaegKaPiYv9JcDjqZ964MK92U0ehGjzu4tJqIJ9uJpZuu6tul3f3bHTaoaowBVbHyerPA%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
7a4a8ffc5a55a6a7f281ae4119ab3971
cf-ray
83346649e9115d5b-FRA
cdn-status
200
cdn-requestpullsuccess
True
index-ae585b0b.js
web.step.app/assets/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-ae585b0b.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://web.step.app/
Origin
https://web.step.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq,QmdBBkEwXiimSZWn4p9vjkMaLcmQPMFMdUuJqJb6QUtdnM,QmWgomjk9TL6qcADTs9iqUYa7KK4x8ZhFPCKVPUvRNYvhX
etag
W/"QmWgomjk9TL6qcADTs9iqUYa7KK4x8ZhFPCKVPUvRNYvhX"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq/assets/index-ae585b0b.js
cdn-requestcountrycode
DE
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Sun, 10 Dec 2023 09:18:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
717
x-cache-status
MISS
cdn-cachedat
11/10/2023 19:28:32
x-xss-protection
0
x-request-id
b32711ae97f69fa73e003946b364dc75
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZXT5ZflfyO2x9fdhn1VWmucMZPAXCjepb8hWbOH5xaIJApgkwcAhOmfJiZR5wHR2%2BGkT%2BVVSkJlsqhJJDjMednX43i5LYo%2Fc7iVE%2FVCoP35IWbrTLITkjSaz5gQ59RjlSZgJsabKd5PiEA%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
02a471ccc3171017f761c17e494cb0bd
cf-ray
83346649e9135d5b-FRA
cdn-status
200
cdn-requestpullsuccess
True
index-9b097a67.css
web.step.app/assets/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/index-9b097a67.css
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq,QmdBBkEwXiimSZWn4p9vjkMaLcmQPMFMdUuJqJb6QUtdnM,QmVSieWYVnZ1KfBYTLLyW5KRqC37mDarmpeqAZ5fh3KAkr
etag
W/"QmVSieWYVnZ1KfBYTLLyW5KRqC37mDarmpeqAZ5fh3KAkr"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq/assets/index-9b097a67.css
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date
Sun, 10 Dec 2023 09:18:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
717
x-cache-status
MISS
cdn-cachedat
11/10/2023 19:28:32
x-xss-protection
0
x-request-id
04f04c1b2c5e01b536db591f293f19e1
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fym2gaGdKssuTjyLQhOnLb1RlXmI53rl2UVJZ9BKWS8v3ULuuIRp4ocQ8d9R7TuK3ggeNcTCuCQM68FeJw08SEE0ll4Qk4fDG3FTW8vNvgR8l2aPAwWYGgfHhE8jJIdz73KGQv11xfJ8NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
ad8168c09e3b1498ed7cec3f7bcf55bd
cf-ray
83346649e9105d5b-FRA
cdn-status
200
cdn-requestpullsuccess
True
js
www.googletagmanager.com/gtag/ 		274 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1a08695bb64493e755edf138c5d8052888ca6da13b8b0502e330c52e050725e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sun, 10 Dec 2023 09:18:16 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
93124
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 10 Dec 2023 09:18:16 GMT
main.js
web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/ Frame 44A3
Redirect Chain
  • https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c540b32f6f71bf9134db3981b0a88d99df59887add1228b898dd66f12b629df
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sun, 10 Dec 2023 09:18:17 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTHMwMPmcOLnw2%2FggudWOcFw8M%2F2zHeUQgobaiQrlMg4kFTjyuZAshgld6oIO%2F6bz9ogsuw8XyI%2FqEs8xcFXTZpLDcrM6A79gZjEu8sv8B69A2b5RANHefu9nKg6H8CnvCD3ypqzIwqTrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
8334664c3c445d5b-FRA

Redirect headers

date
Sun, 10 Dec 2023 09:18:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cCDgaoTC3PMSgFiHZIMVZImtIb%2F9V1eWoWOW8NcvYk2kekyRV0mCDpRwemouUIiw08c60S0Jwv2dCfKRLWmVi3waNoKU%2BXzkcb58lADznASap6ObabNmOEARr%2BjTm62ajOaNXPDuzfPEJg%3D%3D"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
8334664c0c095d5b-FRA
SignIn-6820b114.js
web.step.app/assets/ 		744 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SignIn-6820b114.js
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-c9afe529.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2dbd2763b4a4737449edde1b2101a203519474ca89bde86bd64712f29fc6b197
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://web.step.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq,QmdBBkEwXiimSZWn4p9vjkMaLcmQPMFMdUuJqJb6QUtdnM,QmekTJNfotERkkHq5SorMNaFQWDAb5ViwNzaAjgqtjKBkw
etag
W/"QmekTJNfotERkkHq5SorMNaFQWDAb5ViwNzaAjgqtjKBkw"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeieevl3bvviuteliio2xc2soubqbwjpobifietvgvmt65kjha5mfhq/assets/SignIn-6820b114.js
cdn-requestcountrycode
DE
access-control-allow-headers
Content-Type, Range, User-Agent, X-Requested-With
date
Sun, 10 Dec 2023 09:18:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
717
x-cache-status
MISS
cdn-cachedat
11/10/2023 19:28:33
x-xss-protection
0
x-request-id
27fc8bed687cc2a6e2d62776f61c378c
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jd28ljHXFzMGniDhVcdf5mzo2v43PAK6piSrLWm7p%2FAv%2FDXqqG3%2FClYuu15wN2ykvfOj0Qhz6dv7nQ5x9eAK0GG1NTcd2D3QtCo4H06CBWEbN9fwU9Ed%2FdMZaRWK5%2BPrMKqkCept97%2F%2Brg%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
80724606a3f6d4e0e49b5a84d25e521d
cf-ray
8334664c3c425d5b-FRA
cdn-status
200
cdn-requestpullsuccess
True
SignIn-8f0ff971.css
web.step.app/assets/ 		255 B
993 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SignIn-8f0ff971.css
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-c9afe529.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeidbofomnhnbjqskgaqjnfgz6nscpqtsdtzotwuborvx4kqkbnw3gy,QmVALp2J2iSPbdPePHL1gPptZdyAFkwvMnsvmeu2kWqQk8,QmZKu1StPwUJ15tQWV822NXxcvGUBLgBkjx3RcLsURJyM6
etag
W/"QmZKu1StPwUJ15tQWV822NXxcvGUBLgBkjx3RcLsURJyM6"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeidbofomnhnbjqskgaqjnfgz6nscpqtsdtzotwuborvx4kqkbnw3gy/assets/SignIn-8f0ff971.css
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date
Sun, 10 Dec 2023 09:18:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
717
x-cache-status
HIT
cdn-cachedat
10/27/2023 19:25:14
x-xss-protection
0
x-request-id
1b006698b1670eb69b2d234be8065095
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WsJVb%2BCd2cHhU8LpCeBC2MJbuxo%2FzELwOVSyngT%2F9hGAgw3J7M%2FTlHK8poTRPU7xb24ySWRjVp9ynfUBMgAGaOPJvoCZir9qWoIvfA1WAgKN3ahvI9NtfvZncYUA%2BrAF0elW7aDojOTUqg%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
114f65e8fb6f20e07eea9a8dfcce5edd
cf-ray
8334664c3c405d5b-FRA
cdn-status
200
cdn-requestpullsuccess
True
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ 		355 B
428 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/webConfig
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-c9afe529.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://web.step.app/
x-goog-api-key
AIzaSyD8XRCLUrS4ypRFN6Oubg0nfxNrECVmbWQ
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sun, 10 Dec 2023 09:18:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://web.step.app
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
238
x-xss-protection
0
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:547422727598:web:689a7f93cec4f6a305ec3f/webConfig
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-api-key
Access-Control-Request-Method
GET
Origin
https://web.step.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers
x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://web.step.app
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Sun, 10 Dec 2023 09:18:17 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
statics.json
cdn-preupdate.step.app/statics/latest/ 		22 MB
950 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn-preupdate.step.app/statics/latest/statics.json
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-c9afe529.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:45c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
application/json, text/plain, */*
Referer
https://web.step.app/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-id
fr5-hw-edge-gc61
date
Sun, 10 Dec 2023 09:18:17 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cached-since
2023-12-09T12:31:31+00:00
x-id-fe
fr5-hw-edge-gc32
last-modified
Mon, 04 Dec 2023 06:13:59 GMT
server
cloudflare
traceparent
00-ae334dae1486da9618007821c96db7ae-6a1e49b5c83e31e6-01
etag
W/"656d6e27-16115fe"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fy1hXx9%2Bo%2FeJW0JekUrCzD1YTtMa7urGJk7ANPkdLOUp1IB7AdIj6AvVJAf3T72fksfnCvY%2FGmOtRdSFJ2rVc2X%2FdHtQZqAhetkISv%2F1PpVONLfsmFM%2F3WB6uvxbV4ZmkZ5YqzASmmJ47VqTqXsHrNK6eXU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache
HIT
cf-ray
8334664c8d503642-FRA
collect
region1.google-analytics.com/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-3766Q8BJM3&gtm=45je3bt0v9165619434&_p=1702199896831&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=672929011.1702199897&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1702199897&sct=1&seg=0&dl=https%3A%2F%2Fweb.step.app%2F&dt=Step%20App%20%7C%20Web&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=558
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 10 Dec 2023 09:18:17 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SFMono-Bold-87372509.woff2
web.step.app/assets/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web.step.app/assets/SFMono-Bold-87372509.woff2
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-9b097a67.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://web.step.app/assets/index-9b097a67.css
Origin
https://web.step.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
cdn-pullzone
972527
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-ipfs-roots
bafybeidbofomnhnbjqskgaqjnfgz6nscpqtsdtzotwuborvx4kqkbnw3gy,QmVALp2J2iSPbdPePHL1gPptZdyAFkwvMnsvmeu2kWqQk8,QmRUJyHLiehuBNz86sjjhMESnYRHmPwfCLGUTVr1oLXYHe
etag
"QmRUJyHLiehuBNz86sjjhMESnYRHmPwfCLGUTVr1oLXYHe"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
REVALIDATED
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=14400, stale-while-revalidate=3600
x-ipfs-path
/ipfs/bafybeidbofomnhnbjqskgaqjnfgz6nscpqtsdtzotwuborvx4kqkbnw3gy/assets/SFMono-Bold-87372509.woff2
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date
Sun, 10 Dec 2023 09:18:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
717
x-cache-status
MISS
cdn-cachedat
10/23/2023 09:34:34
content-length
44888
x-xss-protection
0
x-request-id
eb7f678fe3cb7ed1bf8966748c86a771
server
cloudflare
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vah75y9NXdXkkQ3JeqR%2F5ALsYebRdP3mmaXPuVOc6C0uFyMIwirIneCvf0YNhDkVITH0QsMHxKaD%2F9F2MWUAwV64Jf8MrzXdZ7fYOkOn6vRvLUFvik8Il3dizlW6HW6V21x4%2F6%2FRFVpG4A%3D%3D"}],"group":"cf-nel","max_age":604800}
cdn-uid
070ccd6e-b4b0-4c90-b45a-e26d7534205d
cdn-requestid
eb2bd41395e20f573c94561ef85aa768
accept-ranges
bytes
cf-ray
8334664c8ca65d5b-FRA
cdn-status
200
cdn-requestpullsuccess
True
8334664998c35d5b
web.step.app/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 44A3 		0
456 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.step.app/cdn-cgi/challenge-platform/h/b/jsd/r/8334664998c35d5b
Requested by
Host: web.step.app
URL: https://web.step.app/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 10 Dec 2023 09:18:17 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
8334664cfd165d5b-FRA
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tC01z1xcjjb3xBiFr6M%2FDUZK77wgsb0VwNB8GDj4HeJzibzFY1Lan0K8fRFeEZl8cGo%2Fo3aL%2FVTHRZcsS7RGas9Mp%2F28mYql%2FAHEYq4KGlUheSdPR2HD0RVIWY%2FKItPMwrX6IGGD0j48ag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ 		625 B
680 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/installations
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-c9afe529.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
91c926de6dd6ad06f68223f0d214482ac0d17ff9354f4d575c6ce324c9d42e8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://web.step.app/
x-goog-api-key
AIzaSyD8XRCLUrS4ypRFN6Oubg0nfxNrECVmbWQ
accept-language
de-DE,de;q=0.9
x-firebase-client
eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjkuMCBmaXJlLWNvcmUtZXNtMjAxNy8wLjkuMCBmaXJlLWpzLyBmaXJlLWlpZC8wLjYuMCBmaXJlLWlpZC1lc20yMDE3LzAuNi4wIGZpcmUtYW5hbHl0aWNzLzAuOS4wIGZpcmUtYW5hbHl0aWNzLWVzbTIwMTcvMC45LjAgZmlyZS1qcy1hbGwtYXBwLzkuMTUuMCIsImRhdGVzIjpbIjIwMjMtMTItMTAiXX1dfQ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
content-type
application/json

Response headers

date
Sun, 10 Dec 2023 09:18:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://web.step.app
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
490
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/step-app-2bacf/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://web.step.app
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://web.step.app
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Sun, 10 Dec 2023 09:18:17 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
js
www.googletagmanager.com/gtag/ 		219 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-M830R3N37B
Requested by
Host: web.step.app
URL: https://web.step.app/assets/index-c9afe529.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
aa368d4c3f782b67d1b3499146c4e5ce8024e61bf9b5ca8f7ed8a2248c740c71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sun, 10 Dec 2023 09:18:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
79387
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 10 Dec 2023 09:18:17 GMT
js
www.googletagmanager.com/gtag/ 		219 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-M830R3N37B&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
16c03a37419b2b928ae38f88176fe722da256aa25b2c9067178fc6d21b5c74ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sun, 10 Dec 2023 09:18:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
79362
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 10 Dec 2023 09:18:17 GMT
collect
region1.analytics.google.com/g/ 		0
45 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-M830R3N37B&gtm=45je3bt0v9115484297&_p=1702199896831&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&_fid=dBuDqCsiz_mQOCqsYxd_pR&cid=672929011.1702199897&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1702199897&sct=1&seg=0&dl=https%3A%2F%2Fweb.step.app%2F&dt=Step%20App%20%7C%20Web&en=page_view&_fv=1&_ss=2&_ee=1&ep.origin=firebase&tfd=709
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M830R3N37B&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 10 Dec 2023 09:18:17 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-M830R3N37B&cid=672929011.1702199897&gtm=45je3bt0v9115484297&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M830R3N37B&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 10 Dec 2023 09:18:17 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-M830R3N37B&cid=672929011.1702199897&gtm=45je3bt0v9115484297&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=592181214
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 10 Dec 2023 09:18:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abikvo75
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/abikvo75
Requested by
Host: web.step.app
URL: https://web.step.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-21.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8d758f678dce33131a65a4fb260b45d725f51ed2988299904dc7cf35ff86afeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id
MXAtM0hcSYKI1u5JfcZqRwiuMwLdl36J
content-encoding
gzip
via
1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
date
Sun, 10 Dec 2023 09:16:21 GMT
x-amz-cf-pop
FRA56-C2
age
120
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2705
last-modified
Fri, 08 Dec 2023 15:51:55 GMT
server
AmazonS3
etag
"97c627ed9208032d4223332ddabc6f74"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
Zm0lk-Q9M6Mpt_dmtfokevEr3DIr5ckEhkhuxIBpH98SrjnNxDnyIA==
frame-modern.a78ca244.js
js.intercomcdn.com/ Frame 30E2 		515 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.a78ca244.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/abikvo75
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-5.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2e75beea09a99530b8d05d70d0f050284d2b72c3c2a093e17e36ce3d5a9e0f22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id
remZ5Fl6FV93y0M9aCPRE0VUHlGmNhC5
content-encoding
gzip
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
date
Sun, 10 Dec 2023 07:52:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
5179
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
145332
last-modified
Fri, 08 Dec 2023 15:49:05 GMT
server
AmazonS3
etag
"c77adecdbffb6a323f5b590c74688ff7"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
JZSmFdJB2HMAIdKvM_0sboTl_2-cqQrik9g9IGM3Dl1TDhYGgNpqnQ==
vendor-modern.689650c5.js
js.intercomcdn.com/ Frame 30E2 		426 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.689650c5.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/abikvo75
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-5.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a98b0d22fb50853a6fbb1a665e510a9595d2dae5f86a5774f8f0c2f701955532
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id
uL7y6To_lntmIBBuCnYAu5.0.LPkdpQo
content-encoding
gzip
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
date
Sun, 10 Dec 2023 07:24:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P4
age
6836
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
133792
last-modified
Thu, 07 Dec 2023 15:04:21 GMT
server
AmazonS3
etag
"d0a2ac2a870e5d8e688aada7a9b12be6"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
TnwYTHCSTLlcvw3zW7wNZyfUZ3HN2ivuFYQ2JioqddO_Oj4hHTp19w==
ping
api-iam.intercom.io/messenger/web/ Frame 30E2 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.a78ca244.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.206.254.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-206-254-231.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ec3ec72260d336c25645dfa0d30e9d184d5c2e21a65329fa81f3ba4a47fee475
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 10 Dec 2023 09:18:18 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-0fb0b20986efabbf0
status
200 OK
x-xss-protection
1; mode=block
x-request-id
0007a36po9hqpn2jo710
x-runtime
0.259603
server
nginx
etag
W/"ec3ec72260d336c25645dfa0d30e9d18"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://web.step.app
x-intercom-version
c5bbc13a914eb88b0808fa181a2ef22979fe0409
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
1bf1cb0ca87a05407f159a07264fa0b5.png
downloads.intercomcdn.com/i/o/466034/f0c0b45e3422e1a261987507/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://downloads.intercomcdn.com/i/o/466034/f0c0b45e3422e1a261987507/1bf1cb0ca87a05407f159a07264fa0b5.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.33.152.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a69d63ecdf0f33068.awsglobalaccelerator.com
Software
nginx /
Resource Hash
9c0406e9a552bece8e09615337f53d1b67106a0c9a34178cbbe5f1551d38913d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src fonts.intercomcdn.com; img-src downloads.intercomcdn.com/images/logo-gray-16x16-at-2x.png; media-src 'self'; style-src downloads.intercomcdn.com/410.css fonts.intercomcdn.com/proxima-nova/proxima-nova-all.css
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Sun, 10 Dec 2023 09:18:19 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-0fb0b20986efabbf0
content-security-policy
default-src 'none'; font-src fonts.intercomcdn.com; img-src downloads.intercomcdn.com/images/logo-gray-16x16-at-2x.png; media-src 'self'; style-src downloads.intercomcdn.com/410.css fonts.intercomcdn.com/proxima-nova/proxima-nova-all.css
status
200 OK
content-transfer-encoding
binary
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename="1bf1cb0ca87a05407f159a07264fa0b5.png"; filename*=UTF-8''1bf1cb0ca87a05407f159a07264fa0b5.png
x-xss-protection
1; mode=block
x-request-id
000q147v5kqb4i80emlg
x-runtime
0.067663
last-modified
Fri, 01 Dec 2023 14:46:52 GMT
server
nginx
x-request-queueing
0
vary
Accept-Encoding
x-frame-options
deny
content-type
image/png
x-intercom-version
c5bbc13a914eb88b0808fa181a2ef22979fe0409
cache-control
max-age=86400, private
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-3766Q8BJM3&gtm=45je3bt0v9165619434&_p=1702199896831&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=672929011.1702199897&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1702199897&sct=1&seg=0&dl=https%3A%2F%2Fweb.step.app%2F&dt=Step%20App%20%7C%20Web&en=scroll&epn.percent_scrolled=90&_et=3&tfd=5562
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3766Q8BJM3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web.step.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 10 Dec 2023 09:18:22 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://web.step.app
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture function| gtag object| dataLayer object| intercomSettings function| Intercom function| IMask function| Buffer object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal function| __intercomAssignLocation function| __intercomReloadLocation

7 Cookies

Domain/Path Name / Value
.step.app/ Name: _ga
Value: GA1.1.672929011.1702199897
.step.app/ Name: _ga_3766Q8BJM3
Value: GS1.1.1702199897.1.0.1702199897.0.0.0
.step.app/ Name: _ga_M830R3N37B
Value: GS1.1.1702199897.1.0.1702199897.60.0.0
.step.app/ Name: cf_clearance
Value: GdnkEYKoWoNPEciZ1q1.t.rM6dnTWho4R679UwN1uaE-1702199897-0-1-dbddf7a5.829611f0.8cdca845-0.2.1702199897
.step.app/ Name: intercom-id-abikvo75
Value: ad8dd1ff-e222-46a1-b885-d6555f93a0d7
.step.app/ Name: intercom-session-abikvo75
Value:
.step.app/ Name: intercom-device-id-abikvo75
Value: 6877e850-dee3-44a4-9175-9b26b0c8e128

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
app.step.app
cdn-preupdate.step.app
downloads.intercomcdn.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
js.intercomcdn.com
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
web.step.app
widget.intercom.io
www.google.de
www.googletagmanager.com
13.32.27.21
18.66.147.5
2001:4860:4802:32::36
2606:4700:20::681a:107
2606:4700:20::ac43:45c4
2a00:1450:4001:801::200a
2a00:1450:4001:802::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9b
3.33.152.127
34.206.254.231
0814e002ad0ee277700afa57a301fc5d07f2c4c770fe09a814610d9221d8e739
16c03a37419b2b928ae38f88176fe722da256aa25b2c9067178fc6d21b5c74ed
1a08695bb64493e755edf138c5d8052888ca6da13b8b0502e330c52e050725e1
22d93c8e5f1a17e13b09c7ae2760287147d1291ec1adcc6a7814ab5246e1b870
2dbd2763b4a4737449edde1b2101a203519474ca89bde86bd64712f29fc6b197
2e75beea09a99530b8d05d70d0f050284d2b72c3c2a093e17e36ce3d5a9e0f22
873725099b93f7fd673da33d265b55a73dee159f25c1619cb11cf54094f9b4c0
8d758f678dce33131a65a4fb260b45d725f51ed2988299904dc7cf35ff86afeb
8f0ff9718d1973647c89520a8c0ab19e8390bf0722bbb4813b715740b68b7c7c
91c926de6dd6ad06f68223f0d214482ac0d17ff9354f4d575c6ce324c9d42e8c
9b097a67faef1025bf62951c36e586916f2ed519cadb4c1cd0f47c3653e67e57
9c0406e9a552bece8e09615337f53d1b67106a0c9a34178cbbe5f1551d38913d
9c540b32f6f71bf9134db3981b0a88d99df59887add1228b898dd66f12b629df
a37dc41a593d3a8bbc60a873681f169352aede345582f16cbc31bc6b9804f378
a98b0d22fb50853a6fbb1a665e510a9595d2dae5f86a5774f8f0c2f701955532
aa368d4c3f782b67d1b3499146c4e5ce8024e61bf9b5ca8f7ed8a2248c740c71
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec3ec72260d336c25645dfa0d30e9d184d5c2e21a65329fa81f3ba4a47fee475
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f88e78455df94e941af8b5563ee28cdf227590f8c970f722c7900be00e7f00e3