secure.tandem.app Open in urlscan Pro
72.249.146.76  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request Respond Show response secure.tandem.app/VendorRequests/	27 KB 10 KB	523ms 217ms	Document text/html	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Full URL https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 9c8bc25321230bcee0a8ffe05b2a8721900319f3b90cdbf2652f2e74dad02ec3 Security Headers Name Value Content-Security-Policy default-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data:; script-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: 'unsafe-eval' google-analytics.com *.google-analytics.com graph.facebook.com cdnjs.cloudflare.com www.gstatic.com maps.googleapis.com *.msecnd.net localhost:*; style-src * 'unsafe-inline' blob: data:; img-src * blob: data:; connect-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: ws: wss: maps.googleapis.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net ampcid.google.com graph.facebook.com *.visualstudio.com localhost:*; font-src * blob: data:; media-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: tandem.s3.amazonaws.com s3.amazonaws.com api.twilio.com; frame-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: youtube.com youtu.be www.youtube.com www.youtube-nocookie.com youtube-nocookie.com Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Frame-Options SAMEORIGIN SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache, no-store content-encoding gzip content-security-policy default-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data:; script-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: 'unsafe-eval' google-analytics.com *.google-analytics.com graph.facebook.com cdnjs.cloudflare.com www.gstatic.com maps.googleapis.com *.msecnd.net localhost:*; style-src * 'unsafe-inline' blob: data:; img-src * blob: data:; connect-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: ws: wss: maps.googleapis.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net ampcid.google.com graph.facebook.com *.visualstudio.com localhost:*; font-src * blob: data:; media-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: tandem.s3.amazonaws.com s3.amazonaws.com api.twilio.com; frame-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: youtube.com youtu.be www.youtube.com www.youtube-nocookie.com youtube-nocookie.com content-type text/html; charset=utf-8 date Mon, 26 Jun 2023 17:28:43 GMT pragma no-cache server Microsoft-IIS/10.0 strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding x-frame-options SAMEORIGIN SAMEORIGIN x-powered-by ASP.NET
GET H2	200	bootstrap.css secure.tandem.app/Content/dist/	477 KB 159 KB	134ms 133ms	Stylesheet text/css	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Full URL https://secure.tandem.app/Content/dist/bootstrap.css?v=XyLcj-2jXnGnedbwaExsBsiIfnBNblPROlnlcIjbM78 Requested by Host: secure.tandem.app URL: https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 5f22dc8feda35e71a779d6f0684c6c06c8887e704d6e53d13a59e57088db33bf Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 17:28:43 GMT content-encoding gzip last-modified Fri, 23 Jun 2023 19:05:34 GMT server Microsoft-IIS/10.0 etag "1d9a605afe6a106" x-powered-by ASP.NET vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css cache-control no-cache accept-ranges bytes
GET H2	200	tandem.css secure.tandem.app/Content/dist/	2 MB 538 KB	135ms 134ms	Stylesheet text/css	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Full URL https://secure.tandem.app/Content/dist/tandem.css?v=r-JnjMMY1JhEhEYU2wgX3pvU39oIEuLkATFW1OTludI Requested by Host: secure.tandem.app URL: https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash afe2678cc318d49844844614db0817de9bd4dfda0812e2e4013156d4e4e5b9d2 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 17:28:43 GMT content-encoding gzip last-modified Fri, 23 Jun 2023 19:05:38 GMT server Microsoft-IIS/10.0 etag "1d9a605b2658d91" x-powered-by ASP.NET vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css cache-control no-cache accept-ranges bytes
GET H2	200	vendor.bundle.js Show response secure.tandem.app/Scripts/dist/	2 MB 779 KB	135ms 134ms	Script application/javascript	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Full URL https://secure.tandem.app/Scripts/dist/vendor.bundle.js?v=GmVXNYTxgXH-VLbVZ9tEy8bqyqJkyCvXhJxQf33S_yw Requested by Host: secure.tandem.app URL: https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 1a65573584f18171fe54b6d567db44cbc6eacaa264c82bd7849c507f7dd2ff2c Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 17:28:43 GMT content-encoding gzip last-modified Fri, 23 Jun 2023 19:06:06 GMT server Microsoft-IIS/10.0 etag "1d9a605c2ebec6c" x-powered-by ASP.NET vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript cache-control no-cache accept-ranges bytes
GET H2	200	vue.bundle.js Show response secure.tandem.app/Scripts/dist/	522 KB 181 KB	135ms 134ms	Script application/javascript	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Full URL https://secure.tandem.app/Scripts/dist/vue.bundle.js?v=LT3wf8bl5Eb6MI1w2TMLceI3mREs5SIOFCchJhw3sUA Requested by Host: secure.tandem.app URL: https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 2d3df07fc6e5e446fa308d70d9330b71e23799112ce5220e142721261c37b140 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 17:28:43 GMT content-encoding gzip last-modified Fri, 23 Jun 2023 19:06:06 GMT server Microsoft-IIS/10.0 etag "1d9a605c2fc842d" x-powered-by ASP.NET vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript cache-control no-cache accept-ranges bytes
GET H2	200	app.js Show response secure.tandem.app/Scripts/dist/	171 KB 67 KB	259ms 259ms	Script application/javascript	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Full URL https://secure.tandem.app/Scripts/dist/app.js?v=_EIE0XFioKbP8gRgLEHqQOzzji7CuG1eVNEmfjO_AyM Requested by Host: secure.tandem.app URL: https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash fc4204d17162a0a6cff204602c41ea40ecf38e2ec2b86d5e54d1267e33bf0323 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 17:28:43 GMT content-encoding gzip last-modified Fri, 23 Jun 2023 19:06:06 GMT server Microsoft-IIS/10.0 etag "1d9a605c2f60885" x-powered-by ASP.NET vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript cache-control no-cache accept-ranges bytes
GET H2	200	tandem-vue.js Show response secure.tandem.app/Scripts/dist/	481 KB 134 KB	260ms 259ms	Script application/javascript	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Full URL https://secure.tandem.app/Scripts/dist/tandem-vue.js?v=ooEjh5ph2aYxBlEl9THt76qZqJRKkXy5F4kSU4qCP8I Requested by Host: secure.tandem.app URL: https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash a28123879a61d9a631065125f531edefaa99a8944a917cb9178912538a823fc2 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 17:28:43 GMT content-encoding gzip last-modified Fri, 23 Jun 2023 19:06:06 GMT server Microsoft-IIS/10.0 etag "1d9a605c2f32658" x-powered-by ASP.NET vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/javascript cache-control no-cache accept-ranges bytes
GET H2	200	Logo secure.tandem.app/Customers/	21 KB 22 KB	301ms 301ms	Image image/png	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Show image Full URL https://secure.tandem.app/Customers/Logo?id=07713ad1-3c60-445d-a367-8924ae49ecbd Requested by Host: secure.tandem.app URL: https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e4919013c4129b027bf290679f50d2e86585103f788332a67f355ad7a786df67 Security Headers Name Value Content-Security-Policy default-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data:; script-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: 'unsafe-eval' google-analytics.com *.google-analytics.com graph.facebook.com cdnjs.cloudflare.com www.gstatic.com maps.googleapis.com *.msecnd.net localhost:*; style-src * 'unsafe-inline' blob: data:; img-src * blob: data:; connect-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: ws: wss: maps.googleapis.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net ampcid.google.com graph.facebook.com *.visualstudio.com localhost:*; font-src * blob: data:; media-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: tandem.s3.amazonaws.com s3.amazonaws.com api.twilio.com; frame-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: youtube.com youtu.be www.youtube.com www.youtube-nocookie.com youtube-nocookie.com X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers content-security-policy default-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data:; script-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: 'unsafe-eval' google-analytics.com *.google-analytics.com graph.facebook.com cdnjs.cloudflare.com www.gstatic.com maps.googleapis.com *.msecnd.net localhost:*; style-src * 'unsafe-inline' blob: data:; img-src * blob: data:; connect-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: ws: wss: maps.googleapis.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net ampcid.google.com graph.facebook.com *.visualstudio.com localhost:*; font-src * blob: data:; media-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: tandem.s3.amazonaws.com s3.amazonaws.com api.twilio.com; frame-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: youtube.com youtu.be www.youtube.com www.youtube-nocookie.com youtube-nocookie.com date Mon, 26 Jun 2023 17:28:44 GMT last-modified Fri, 23 Sep 2016 06:21:16 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET x-frame-options SAMEORIGIN content-type image/png cache-control private
GET H2	200	print.css secure.tandem.app/Content/dist/	873 B 813 B	131ms 131ms	Stylesheet text/css	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Full URL https://secure.tandem.app/Content/dist/print.css?v=Qp7RVpSmSpEF1jxk1se9yKQgp-5N8IACUwmGLCiRjhw Requested by Host: secure.tandem.app URL: https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 429ed15694a64a9105d63c64d6c7bdc8a420a7ee4df080025309862c28918e1c Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 17:28:44 GMT content-encoding gzip last-modified Fri, 23 Jun 2023 19:05:36 GMT server Microsoft-IIS/10.0 etag "1d9a605b1130369" x-powered-by ASP.NET vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css cache-control no-cache accept-ranges bytes content-length 709
GET H2	200	css fonts.googleapis.com/	8 KB 1 KB	42ms 18ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:300,400,500,700 Requested by Host: secure.tandem.app URL: https://secure.tandem.app/Content/dist/tandem.css?v=r-JnjMMY1JhEhEYU2wgX3pvU39oIEuLkATFW1OTludI Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Mon, 26 Jun 2023 17:28:44 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Mon, 26 Jun 2023 17:25:05 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 26 Jun 2023 17:28:44 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	35ms 7ms	Script text/javascript	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: secure.tandem.app URL: https://secure.tandem.app/VendorRequests/Respond?id=6b3ba862-4a1b-4cb4-9491-ee16a4bae573 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://secure.tandem.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Mon, 26 Jun 2023 16:35:22 GMT last-modified Mon, 12 Jun 2023 18:23:07 GMT server Golfe2 age 3203 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Mon, 26 Jun 2023 18:35:22 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	33ms 8ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://secure.tandem.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Sat, 24 Jun 2023 03:30:27 GMT x-content-type-options nosniff age 223098 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15744 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:48 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 23 Jun 2024 03:30:27 GMT
GET H2	200	KFOlCnqEu92Fr1MmSU5fBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 15 KB	40ms 16ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://secure.tandem.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Sat, 24 Jun 2023 15:24:53 GMT x-content-type-options nosniff age 180232 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15740 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 23 Jun 2024 15:24:53 GMT
GET H2	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	16 KB 16 KB	35ms 11ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://secure.tandem.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Sat, 24 Jun 2023 01:50:32 GMT x-content-type-options nosniff age 229093 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15920 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:45 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 23 Jun 2024 01:50:32 GMT
GET H2	200	tandem-icons.ttf secure.tandem.app/Content/fonts/	37 KB 37 KB	130ms 130ms	Font application/x-font-ttf	72.249.146.76 AS17378
General Check archive.org Show headers Download Go to Full URL https://secure.tandem.app/Content/fonts/tandem-icons.ttf?ruzsug Requested by Host: secure.tandem.app URL: https://secure.tandem.app/Content/dist/tandem.css?v=r-JnjMMY1JhEhEYU2wgX3pvU39oIEuLkATFW1OTludI Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 72.249.146.76 , United States, ASN17378 (AS17378, US), Reverse DNS www.conetrix.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash edba73ae66f5222c8d0507ce20a8ceedabfa2234626eec847c2d1931dc2acc00 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://secure.tandem.app/Content/dist/tandem.css?v=r-JnjMMY1JhEhEYU2wgX3pvU39oIEuLkATFW1OTludI Origin https://secure.tandem.app accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers date Mon, 26 Jun 2023 17:28:44 GMT last-modified Thu, 08 Dec 2022 20:27:24 GMT server Microsoft-IIS/10.0 etag "1d90b437b170a44" x-powered-by ASP.NET x-frame-options SAMEORIGIN content-type application/x-font-ttf cache-control no-cache accept-ranges bytes content-length 37956
POST H2	200	collect Show response www.google-analytics.com/j/	4 B 210 B	19ms 15ms	XHR text/plain	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1264682600&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.tandem.app%2FVendorRequests%2FRespond%3Fid%3D6b3ba862-4a1b-4cb4-9491-ee16a4bae573&ul=en-us&de=UTF-8&dt=Respond%20to%20Request%20%7C%20Tandem&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAIC~&jid=1494430033&gjid=137106741&cid=1304840756.1687800525&tid=UA-3613515-2&_gid=850088206.1687800525&_r=1&_slc=1&z=2084462616 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://secure.tandem.app/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 26 Jun 2023 17:28:45 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://secure.tandem.app cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 347 B	56ms 17ms	XHR text/plain	2a00:1450:400c:c00::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-3613515-2&cid=1304840756.1687800525&jid=1494430033&gjid=137106741&_gid=850088206.1687800525&_u=IEBAAEAAAAAAACAAIC~&z=1477857554 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://secure.tandem.app/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Mon, 26 Jun 2023 17:28:45 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://secure.tandem.app cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT

222 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend boolean| $Anonymous object| webpackChunkTandem function| $ function| jQuery object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| moment function| Color function| Chart string| CKEDITOR_BASEPATH object| CKEDITOR object| CNXTABLE function| AddDynamicPopupMessage function| displayAjaxFormSuccessResponse function| displayAjaxFormErrorResponse function| HasEditorDataChanged object| GaugeChartHelper function| Dropzone function| Fancybox function| _ object| googleTableCssClassNames function| googleTableRemoveCss function| getQueryParams function| isIE function| resizePageWidth function| setPageWidth function| createCookie function| readCookie function| eraseCookie function| initTooltips function| SetFormButtonsLoading function| ClearFormButtonsLoading object| CnxTabs function| postForm function| InitDatePicker function| isDateString function| TimeoutSuccessMessage function| AddCnxTableRow function| GetOptionValue function| GetOptionText function| SetDropDownOptions function| AllowValidationOfHiddenFields function| ValidatePhoneNumber function| ValidateFileUpload function| SubmitOnValidateSuccessMessage function| IframeInit function| InitPopup function| OpenInlinePopup function| OpenHtmlPopup function| OpenVideoPopup function| OpenAjaxPopup function| OpenIframePopup function| OpenPopup function| ClosePopup function| OpenGallery function| PopupInlineInit function| PopupClose function| PopupCloseFromParent function| ShowHideTableBasedOnRowCount function| getPreviousFancyboxIframe function| getParent function| ShowHideParentTableFromPopupBasedOnRowCount function| ShowHideTableByClassBasedOnRowCount function| htmlEncode function| htmlDecode function| ShowHideBasedOnCheckbox function| SetRisk object| InfoSecRiskValues function| GetInfoSecRisk function| GetInfoSecRiskLevelName function| ChangeTimeUnitOptionsPlurality object| monthNames function| RemoveMarginFromLastParagraphs function| SortTable object| TwoLevelSliderValues object| TwoLevelRealValues object| TwoLevelBgPositions object| RiskLevelSliderValues object| RiskLevelRealValues object| RiskLevelBgPositions object| InherentRiskWeights function| IntervalSlideEventHandler function| GetNearestSliderValue function| GetSliderValueIndex function| ConvertRealValueToSliderValue function| FormatPhoneNumbers function| RandomString function| AjaxSortBy function| UpdateParentTableFromPopup function| ReplacePhishingPlaceholdersForPreview function| GetPhishingAttachmentFileExtension function| SetPhishingToolbarButtonTooltips function| SetVendorRequestToolbarButtonTooltips function| EmailPreviewPopup function| EmailPopup function| InitDateRange function| humanFileSize function| ExpandAndCollapse function| ExpandAndCollapseSetup function| CreateExpandableHtml function| CreateExpandableContainer function| PreventMultipleClicks function| ShowSelect function| HideSelect function| ToggleSelect number| mediumPopupWidth number| largePopupWidth number| extraLargePopupWidth number| controlEvidencePopupWidth number| controlVerificationPopupWidth number| requestListItemPopupWidth number| findingsPopupWidth number| findingVerificationPopupWidth number| taskPopupWidth number| regulationPopupWidth number| reviewItemPopupWidth number| revisionLogEntryPopupWidth number| threatRecommendationDetailsPopupWidth number| vendorProfilePopupWidth number| vendorEditManagedPopupWidth number| vendorDeletePopupWidth number| vendorDeactivatePopupWidth number| vendorServicePopupWidth number| vendorServiceContactInfoWidth number| vendorContactPopupWidth number| vendorRequestPopupWidth number| vendorReferencePopupWidth number| vendorDocumentPopupWidth number| vendorContractPopupWidth number| vendorShowContractPopupWidth number| vendorResponsibilityPopupWidth number| vendorServiceContactInfoPopupWidth number| vendorReviewPopupWidth number| vendorNotesPopupWidth number| fireExtinguisherPopupWidth number| stormEventStatisticsPopupWidth number| crimeEventStatisticsPopupWidth number| addControlPopupWidth number| changePasswordPopupWidth number| createInformationAssetRiskAssessmentWidth number| peerAnalysisPopupWidth number| editCustomRiskLevelPopupWidth number| editCustomAuditRatingPopupWidth number| addWorkProgramCategoryPopupWidth number| importWorkProgramCategoryPopupWidth object| globalColors object| dashboardColors function| hexToRgbaString function| colorLuminance function| setCaretPosition function| SetPageMinHeight function| OpenSecondaryMenuSearchTab function| CloseSecondaryMenuTab function| ShowAlert function| DisplayConfirmationMessagePopup function| InitClickEventForEditReadOnlyText function| InitClickEventForAddTextEditor function| InitEventsForReadOnlyTextButtons function| sortCompare function| updateDynamicPagination function| initPluralHandler function| AjaxFormSuccess function| AjaxFormFailure function| ClearValidation function| escapeRegExp function| SetVendorServicesDropDown function| sortableFixWidthHelper function| dispatchNotificationStatusUpdate object| SocialMediaCommonFunctions boolean| BypassNavigationWarning boolean| AlwaysDisplayNavigationWarning string| NavigationWarningMessageOnUnload string| NavigationWarningMessage function| InitNavigationSaveWarning function| HasFormChanges function| ConfirmNavigationMessage function| CustomInitNavigationSaveWarning function| HasEditorContentChanged function| ResetEditorsDirtyState function| NavigateToCancelUrl function| SaveOriginalState function| SaveOriginalTabState function| SaveOriginalCnxTableState function| CustomIndexBulkEditNavigationSaveWarning function| SaveOriginalBulkEditTableState function| HasBulkEditTableChanged function| SimpleBar function| sqlFormatter object| B64 object| sessionTimer object| downloadManager object| tandem object| errorService function| ajaxForm function| ajaxPagination object| cnxSearch object| storageManager function| titleToCamelCase function| copyToClipboard object| twttr function| Vue object| CnxTableMixin object| GridViewMixin object| RiskSliderMixin function| OnSuccess string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			secure.tandem.app/	1969-12-31 23:59:59	Name: .AspNetCore.Antiforgery.NV-6cH4zrEQ Value: CfDJ8G-jwXij5dhEoZjNlAcVQ1P0FQgg3OX2cBuG2siouXxaogJhmcesvW0pd3-NYCjfXmmu6gnih0f381rIRgv7f_FQEcl1ms_SuGUm-UhN0KgLdb_w1XN7-Is9zYEMWa44N87Q4xS7A3q3RSbSpqO2kog
			secure.tandem.app/	1969-12-31 23:59:59	Name: .AspNetCore.Session Value: CfDJ8G%2BjwXij5dhEoZjNlAcVQ1Pc2bfh47derUy0BSq3iOgdNosn8%2Fr0d5U064xIfYx4nWAjwCadkv9qHYFGKkhXnXdDfyBBQiA1a93WPBMOoVT2N4ZZZZcusT99KCAwgtlGbTGaRqPkmjgY%2F8t%2FoHjMv6IHQNLt323E%2FSe5%2Fjp%2B8jQh
			.tandem.app/	1970-01-20 22:26:00	Name: _ga Value: GA1.2.1304840756.1687800525
			.tandem.app/	1970-01-20 12:51:26	Name: _gid Value: GA1.2.850088206.1687800525
			.tandem.app/	1970-01-20 12:50:00	Name: _gat Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data:; script-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: 'unsafe-eval' google-analytics.com *.google-analytics.com graph.facebook.com cdnjs.cloudflare.com www.gstatic.com maps.googleapis.com *.msecnd.net localhost:*; style-src * 'unsafe-inline' blob: data:; img-src * blob: data:; connect-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: ws: wss: maps.googleapis.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net ampcid.google.com graph.facebook.com *.visualstudio.com localhost:*; font-src * blob: data:; media-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: tandem.s3.amazonaws.com s3.amazonaws.com api.twilio.com; frame-src 'self' *.tandem.app *.conetrix.com 'unsafe-inline' blob: data: youtube.com youtu.be www.youtube.com www.youtube-nocookie.com youtube-nocookie.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
secure.tandem.app
stats.g.doubleclick.net
www.google-analytics.com
2a00:1450:4001:806::2003
2a00:1450:4001:811::200e
2a00:1450:4001:813::200a
2a00:1450:400c:c00::9d
72.249.146.76
1a65573584f18171fe54b6d567db44cbc6eacaa264c82bd7849c507f7dd2ff2c
2d3df07fc6e5e446fa308d70d9330b71e23799112ce5220e142721261c37b140
429ed15694a64a9105d63c64d6c7bdc8a420a7ee4df080025309862c28918e1c
5f22dc8feda35e71a779d6f0684c6c06c8887e704d6e53d13a59e57088db33bf
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
9c8bc25321230bcee0a8ffe05b2a8721900319f3b90cdbf2652f2e74dad02ec3
a28123879a61d9a631065125f531edefaa99a8944a917cb9178912538a823fc2
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afe2678cc318d49844844614db0817de9bd4dfda0812e2e4013156d4e4e5b9d2
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e4919013c4129b027bf290679f50d2e86585103f788332a67f355ad7a786df67
edba73ae66f5222c8d0507ce20a8ceedabfa2234626eec847c2d1931dc2acc00
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fc4204d17162a0a6cff204602c41ea40ecf38e2ec2b86d5e54d1267e33bf0323