staging.clientsspace.com Open in urlscan Pro
100.24.199.40  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response staging.clientsspace.com/	4 KB 2 KB	325ms 96ms	Document text/html	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash e18b54fee91108f322a50e21b44024e3f537530647369ffa54ec5ce8aded4d78 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx/1.18.0 (Ubuntu) date Mon, 10 Jan 2022 07:51:11 GMT content-type text/html last-modified Wed, 29 Dec 2021 10:24:57 GMT vary Accept-Encoding etag W/"61cc3779-e71" strict-transport-security max-age=15768000 x-frame-options SAMEORIGIN x-xss-protection 1; mode=block content-security-policy default-src https: data: 'unsafe-inline' x-content-type-options nosniff referrer-policy same-origin permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-encoding gzip
GET H2	200	css2 fonts.googleapis.com/	28 KB 2 KB	36ms 15ms	Stylesheet text/css	2a00:1450:4001:812::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700;1,900&display=swap Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 603aeb60258f85a7773cdc03ad9656eb2e4ea6f1ddbd9fd54a80d97a67d3d338 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Mon, 10 Jan 2022 05:53:20 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Mon, 10 Jan 2022 07:51:11 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 10 Jan 2022 07:51:11 GMT
GET H2	200	flex-microform.min.js Show response flex.cybersource.com/cybersource/assets/microform/0.11/	24 KB 8 KB	66ms 36ms	Script application/javascript	104.18.250.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://flex.cybersource.com/cybersource/assets/microform/0.11/flex-microform.min.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 104.18.250.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 907ed1d0b0456a3d841b4e2b8139edcc98f2d0208f2291e8e088a01bbd32f136 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:11 GMT content-encoding br v-c-correlation-id f818fc70-0ec5-44a9-a62c-5719e5699d94 cf-cache-status HIT last-modified Mon, 10 Jan 2022 07:35:09 GMT server cloudflare age 962 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=63072000 content-type application/javascript;charset=utf-8 cache-control public, max-age=14400 cf-ray 6cb451967e414a67-FRA vary Accept-Encoding x-application-context application:8443 expires Mon, 10 Jan 2022 11:51:11 GMT
GET H2	200	main.a36639d7.chunk.css staging.clientsspace.com/static/css/	698 KB 119 KB	337ms 336ms	Stylesheet text/css	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/css/main.a36639d7.chunk.css Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash a27ac5a09da5d888fcf3b3e1a9905606602393a0a936724bf15e9e7a5a497bff Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:11 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-ae6a7" strict-transport-security max-age=15768000 content-type text/css cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:11 GMT
GET H2	200	14.cf886117.chunk.js Show response staging.clientsspace.com/static/js/	285 KB 89 KB	593ms 592ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/14.cf886117.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 301950170b5a9399ace07bcc5db4f581d542026754a1676dd9d41b5c155bf6aa Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:11 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-4742f" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:11 GMT
GET H2	200	main.b43058a2.chunk.js Show response staging.clientsspace.com/static/js/	100 KB 18 KB	593ms 593ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/main.b43058a2.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 78466d0bed1e634ef4ba4dd16e9fcb7044659a606f45372d48973d6c8f9df7da Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:11 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-19064" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:11 GMT
GET H2	200	0.c8b57e6c.chunk.js Show response staging.clientsspace.com/static/js/	8 KB 3 KB	167ms 166ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/0.c8b57e6c.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 50302eb48724d3908c85f7e0228957d14ef1e27b9002160980e8d46559e92115 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:11 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-2053" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:11 GMT
GET H2	200	4.618e0b5b.chunk.js Show response staging.clientsspace.com/static/js/	68 KB 22 KB	249ms 249ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/4.618e0b5b.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash a752e5297af231ed1f6809a89476ae4198d4a1f0c3aa0201f28942725a3a8fd5 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:11 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-10fba" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:11 GMT
GET H2	200	9.08f50317.chunk.js Show response staging.clientsspace.com/static/js/	39 KB 14 KB	251ms 251ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/9.08f50317.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 02ff26140c714d045e93691c2b112160dff2818e28a826e3384c034ab7b2f5d5 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:11 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-9b14" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:11 GMT
GET H2	200	10.3c65be56.chunk.js Show response staging.clientsspace.com/static/js/	10 KB 5 KB	252ms 252ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/10.3c65be56.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 55212de060e7d96e4920fb1ae8515cdc5e9eea4d1e7ec1859d1728e74bd57732 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:11 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-29c3" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:11 GMT
GET H2	200	5.a5958da6.chunk.js Show response staging.clientsspace.com/static/js/	10 KB 6 KB	252ms 251ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/5.a5958da6.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 9b28d6fb9c963f7973ad25fac9d91d6877089a35ce625ff5082833dba33e46e1 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-28a9" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:12 GMT
GET H2	200	7.9e972d1e.chunk.js Show response staging.clientsspace.com/static/js/	871 B 902 B	355ms 354ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/7.9e972d1e.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash bb97a533b4baf88aea8c3e861b8a6c0826f144cedc382fd88643ea107a7ff349 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-367" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:12 GMT
GET H2	200	1.ab57b26c.chunk.js Show response staging.clientsspace.com/static/js/	7 KB 3 KB	351ms 350ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/1.ab57b26c.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash e297b57022629a96ab3723eead887c0bac88a931689cec275aa97bc213e7c484 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-1d46" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:12 GMT
GET H2	200	2.e2be52d2.chunk.js Show response staging.clientsspace.com/static/js/	36 KB 12 KB	352ms 351ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/2.e2be52d2.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 941ae6acce18a719119c4d5a073bec6236ee9be5990702f905cb447f1927d7f4 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-8f75" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:12 GMT
GET H2	200	3.ec1a6742.chunk.js Show response staging.clientsspace.com/static/js/	77 KB 22 KB	431ms 431ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/3.ec1a6742.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash c489a28d1d08698697df36a9cca33a289b35cfaf43915ee9d52ce8002619ed6e Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-13272" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:12 GMT
GET H2	200	26.7376de1c.chunk.js Show response staging.clientsspace.com/static/js/	11 KB 4 KB	579ms 578ms	Script application/javascript	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/js/26.7376de1c.chunk.js Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash a5702b5aeb15ae29e76c118879a959686bd323f922f8951e77c714ed150bf375 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT content-encoding gzip x-content-type-options nosniff vary Accept-Encoding x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag W/"61cc3779-2be3" strict-transport-security max-age=15768000 content-type application/javascript cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' expires Wed, 09 Feb 2022 07:51:12 GMT
GET H2	200	v3 Show response js.stripe.com/	270 KB 65 KB	97ms 8ms	Script application/javascript	151.101.192.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3 Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/static/js/14.cf886117.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.192.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash d859f7e02c2cc2d708a00728582934623d9af3c79b06e6441e1360244134eedb Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff age 91 x-cache HIT content-length 66315 etag "5882a81360213d849f9a631bfb8b30ff" x-request-id ec36c454-b79a-45aa-9703-e02d5e3893c5 x-served-by cache-hhn4078-HHN access-control-allow-origin * last-modified Fri, 07 Jan 2022 17:34:58 GMT server Fastly date Mon, 10 Jan 2022 07:51:12 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 via 1.1 varnish cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 30
GET H2	200	m-outer-fd3c67f2efa9f22f2ecd16b13f2a7fb3.html Show response js.stripe.com/v3/ Frame 266D	240 B 514 B	31ms 30ms	Document text/html	151.101.192.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-fd3c67f2efa9f22f2ecd16b13f2a7fb3.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.192.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash f5b3f1b9deff0b138c2506741a71c40f93ac85a02d45f017eac6fb92b3ff5b50 Security Headers Name Value Content-Security-Policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers last-modified Thu, 23 Dec 2021 18:50:06 GMT etag "fd3c67f2efa9f22f2ecd16b13f2a7fb3" content-type text/html; charset=utf-8 content-security-policy default-src 'self'; connect-src 'self' https://r.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none'; report-uri https://q.stripe.com/csp-report strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff access-control-allow-origin * server Fastly content-encoding br accept-ranges bytes date Mon, 10 Jan 2022 07:51:12 GMT via 1.1 varnish age 70 x-request-id 1548cf6d-ac29-47e7-82b3-348d05c69377 x-served-by cache-hhn4078-HHN x-cache HIT x-cache-hits 123 vary Accept-Encoding timing-allow-origin * cache-control max-age=60 content-length 140
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v18/	13 KB 13 KB	96ms 34ms	Font font/woff2	2a00:1450:4001:80e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v18/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700;1,900&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://staging.clientsspace.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 05 Jan 2022 11:22:37 GMT x-content-type-options nosniff age 419315 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13080 x-xss-protection 0 last-modified Wed, 10 Nov 2021 18:10:26 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 05 Jan 2023 11:22:37 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v18/	13 KB 13 KB	99ms 38ms	Font font/woff2	2a00:1450:4001:80e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700;1,900&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 72dbd696f7961daf9049faacc868865d959f3d126f40d5271f48d5d9a0ccc652 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://staging.clientsspace.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 04 Jan 2022 20:17:49 GMT x-content-type-options nosniff age 473603 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13072 x-xss-protection 0 last-modified Wed, 10 Nov 2021 18:17:36 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 04 Jan 2023 20:17:49 GMT
GET H2	404	account Show response api-staging.dueplex.com/v1/	46 B 288 B	354ms 107ms	XHR application/json	23.22.231.50 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api-staging.dueplex.com/v1/account?host=staging Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/static/js/14.cf886117.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.22.231.50 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-22-231-50.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Express Resource Hash c587355f6d2e6d7fbd3ba00ae2c3d81343d10709ef272f58a6d953febb1d9036 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers Accept application/json, text/plain, */* Referer Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT content-encoding gzip etag W/"2e-v0XGmZrbrOY4SB2VqLaFjjopy/4" server nginx/1.18.0 (Ubuntu) x-powered-by Express vary Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin * strict-transport-security max-age=15768000
GET H2	200	bg-pattern-light.76f84bb3.svg staging.clientsspace.com/static/media/	372 B 821 B	108ms 108ms	Image image/svg+xml	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://staging.clientsspace.com/static/media/bg-pattern-light.76f84bb3.svg Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/static/css/main.a36639d7.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 85bea54fc2708bd68bbf400426542b28ac04cfb25e994a39b84b94d96141f932 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/static/css/main.a36639d7.chunk.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT x-content-type-options nosniff content-length 372 x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag "61cc3779-174" strict-transport-security max-age=15768000 content-type image/svg+xml cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' accept-ranges bytes expires Wed, 09 Feb 2022 07:51:12 GMT
POST H2	200	csp-report q.stripe.com/ Frame 266D	0 347 B	492ms 164ms	Other text/plain	54.187.119.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-119-242.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://js.stripe.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Mon, 10 Jan 2022 07:51:12 GMT server nginx access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type x-envoy-upstream-service-time 1 access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token content-length 0
GET H2	200	m-outer-35486fb0f96ff904df60da905ccd0cda.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 266D	1 KB 774 B	19ms 18ms	Script application/javascript	151.101.192.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-35486fb0f96ff904df60da905ccd0cda.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-fd3c67f2efa9f22f2ecd16b13f2a7fb3.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.192.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/m-outer-fd3c67f2efa9f22f2ecd16b13f2a7fb3.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff age 63 x-cache HIT content-length 645 etag "5213886b88cd72e6d0aebc89868e5d13" x-request-id 59e4b650-72ce-4533-bb1e-129a0cbff00f x-served-by cache-hhn4078-HHN access-control-allow-origin * last-modified Thu, 23 Dec 2021 18:49:59 GMT server Fastly date Mon, 10 Jan 2022 07:51:12 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 via 1.1 varnish cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 114
GET H2	200	inner.html Show response m.stripe.network/ Frame 35C6	932 B 2 KB	82ms 11ms	Document text/html	2600:9000:224a:a600:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-35486fb0f96ff904df60da905ccd0cda.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:224a:a600:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd Security Headers Name Value Content-Security-Policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://js.stripe.com/ Response headers content-type text/html; charset=utf-8 content-length 932 last-modified Thu, 04 Nov 2021 19:04:57 GMT accept-ranges bytes server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * x-content-type-options nosniff content-security-policy-report-only base-uri 'none'; connect-src 'self' https://m.stripe.com; default-src 'none'; font-src 'self'; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='; style-src 'self'; report-uri https://q.stripe.com/csp-report content-security-policy connect-src 'self' https://m.stripe.com; default-src 'self'; font-src data: https:; frame-src 'self' https://js.stripe.com; img-src 'self' https://m.stripe.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report date Mon, 10 Jan 2022 07:48:19 GMT cache-control max-age=300, public etag "f6254e6dd0cb06228801a1c8baf0939f" vary Accept-Encoding x-cache Hit from cloudfront via 1.1 2c4f54cad5da50a372b086710d5ffc62.cloudfront.net (CloudFront) x-amz-cf-pop DUS51-P1 x-amz-cf-id MZQzM_YGeKDHUIxv9fqwVNtwmOY8wMczdSz1Ju0gVH1J1zR7OXOtRA== age 173
POST H2	200	csp-report q.stripe.com/ Frame 35C6	0 120 B	381ms 165ms	Other text/plain	54.187.119.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-119-242.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer https://m.stripe.network/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Mon, 10 Jan 2022 07:51:12 GMT x-envoy-upstream-service-time 2 server nginx content-length 0 strict-transport-security max-age=31556926; includeSubDomains; preload
POST H2	200	csp-report q.stripe.com/ Frame 35C6	0 120 B	381ms 165ms	Other text/plain	54.187.119.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-119-242.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer https://m.stripe.network/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/csp-report Response headers date Mon, 10 Jan 2022 07:51:12 GMT x-envoy-upstream-service-time 1 server nginx content-length 0 strict-transport-security max-age=31556926; includeSubDomains; preload
GET H2	200	out-4.5.41.js Show response m.stripe.network/ Frame 35C6	85 KB 16 KB	15ms 15ms	Script text/javascript	2600:9000:224a:a600:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.41.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:224a:a600:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 279 x-cache Hit from cloudfront date Mon, 10 Jan 2022 07:46:34 GMT last-modified Thu, 04 Nov 2021 19:04:57 GMT server Cloudfront etag W/"2db385faf28cf5f9393cf01a0a1edfa2" vary Accept-Encoding content-type text/javascript; charset=utf-8 via 1.1 2c4f54cad5da50a372b086710d5ffc62.cloudfront.net (CloudFront) cache-control max-age=300, public x-amz-cf-pop DUS51-P1 timing-allow-origin * x-amz-cf-id wA_nVtYjhyx_50IvPhBn9w4ZIpi0uJ_dHVJ0j_GJ4KBKE9lSuQvmjQ==
POST H2	200	6 Show response m.stripe.com/ Frame 35C6	156 B 523 B	485ms 161ms	XHR application/json	34.211.243.235 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.41.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.211.243.235 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-211-243-235.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 9e812ea6322e2fe95326c54e0f19b63c7a36bfd4c2a1c8e455e7c0f9be98e263 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Mon, 10 Jan 2022 07:51:13 GMT x-content-type-options nosniff server nginx strict-transport-security max-age=31556926; includeSubDomains; preload content-type application/json;charset=utf-8 access-control-allow-origin https://m.stripe.network access-control-allow-credentials true access-control-allow-headers Content-Type content-length 156
GET H2	200	file-searching.c1222942.svg staging.clientsspace.com/static/media/	11 KB 11 KB	98ms 98ms	Image image/svg+xml	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://staging.clientsspace.com/static/media/file-searching.c1222942.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 74d04929fcb657f5fa2c8d6b5d0ee6e44c564a12a05637ffe6b9a40662284e23 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://staging.clientsspace.com/error-404-alt User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT x-content-type-options nosniff content-length 11133 x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag "61cc3779-2b7d" strict-transport-security max-age=15768000 content-type image/svg+xml cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' accept-ranges bytes expires Wed, 09 Feb 2022 07:51:12 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v18/	13 KB 13 KB	9ms 8ms	Font font/woff2	2a00:1450:4001:80e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700;1,900&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7209c26bc245ae1b293f4b9622201b1dc97282229a2e8fcae555f36caa8650e8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://staging.clientsspace.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Wed, 05 Jan 2022 05:43:33 GMT x-content-type-options nosniff age 439659 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13008 x-xss-protection 0 last-modified Wed, 10 Nov 2021 18:10:28 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 05 Jan 2023 05:43:33 GMT
GET H2	200	materialdesignicons-webfont.6147fc37.woff2 staging.clientsspace.com/static/media/	312 KB 313 KB	98ms 98ms	Font application/octet-stream	100.24.199.40 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://staging.clientsspace.com/static/media/materialdesignicons-webfont.6147fc37.woff2 Requested by Host: staging.clientsspace.com URL: https://staging.clientsspace.com/static/css/main.a36639d7.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 100.24.199.40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-100-24-199-40.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 34845bb6344cdad5b3e15a37bcfee67bde497cdf5805d31c952c35a92b630e67 Security Headers Name Value Content-Security-Policy default-src https: data: 'unsafe-inline' Strict-Transport-Security max-age=15768000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://staging.clientsspace.com/static/css/main.a36639d7.chunk.css Origin https://staging.clientsspace.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 10 Jan 2022 07:51:12 GMT x-content-type-options nosniff content-length 319984 x-xss-protection 1; mode=block referrer-policy same-origin last-modified Wed, 29 Dec 2021 10:24:57 GMT server nginx/1.18.0 (Ubuntu) x-frame-options SAMEORIGIN etag "61cc3779-4e1f0" strict-transport-security max-age=15768000 content-type application/octet-stream cache-control max-age=2592000 permissions-policy geolocation=(), notifications=(), push=(), sync-xhr=(), fullscreen=(self), payment=() content-security-policy default-src https: data: 'unsafe-inline' accept-ranges bytes expires Wed, 09 Feb 2022 07:51:12 GMT
GET H3	200	6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCds18Q.woff2 fonts.gstatic.com/s/sourcesanspro/v18/	12 KB 12 KB	7ms 7ms	Font font/woff2	2a00:1450:4001:80e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v18/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCds18Q.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital,wght@0,200;0,300;0,400;0,600;0,700;0,900;1,200;1,300;1,400;1,600;1,700;1,900&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1edb56927d0115965512b20403af7b8d29261351d71389198e6700f106e56686 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://staging.clientsspace.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 04 Jan 2022 10:55:18 GMT x-content-type-options nosniff age 507354 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 12548 x-xss-protection 0 last-modified Wed, 10 Nov 2021 18:10:53 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 04 Jan 2023 10:55:18 GMT
POST		6 m.stripe.com/ Frame 35C6	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

m.stripe.com

URL

https://m.stripe.com/6

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onsecuritypolicyviolation object| onslotchange object| webpackJsonphyper-react object| regeneratorRuntime function| Flex object| __webpackStripeJSv3Jsonp function| Stripe

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.flex.cybersource.com/	1970-01-20 00:03:22	Name: __cf_bm Value: pkGDbeAvLjYr56._mFkzwyy_Zq.JNieiEz.x3U2l6QA-1641801071-0-AZHSWje/rpgDeR7uF5X4pwszLTpwd+7tJIJjfFKwEABDNHK5zB8KofI+i2cGorHMXSDdPb/U+5/zaDxf5+rV/wE=
			.flex.cybersource.com/	1969-12-31 23:59:59	Name: __cfruid Value: 9de7b6045b89b71120f16843500a2364c85ae503-1641801071
			m.stripe.com/	1970-01-20 17:34:33	Name: m Value: 98d4cc41-8e98-4838-ba64-87143fb41d3c21a955
			.staging.clientsspace.com/	1970-01-20 08:48:57	Name: __stripe_mid Value: feb898b2-9bb9-444f-9127-e8b07975ab396e1109
			.staging.clientsspace.com/	1970-01-20 00:03:22	Name: __stripe_sid Value: b23896cf-a460-4c01-ba47-15f35f6c2b25730050

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'notifications'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'push'.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-Qj6AdMOUjZkBBUTjGW/OORBoqx2Pohcq8Bg/ZvZzgYw='".
network	error	URL: https://api-staging.dueplex.com/v1/account?host=staging Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline'
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-staging.dueplex.com
flex.cybersource.com
fonts.googleapis.com
fonts.gstatic.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
staging.clientsspace.com
m.stripe.com
100.24.199.40
104.18.250.34
151.101.192.176
23.22.231.50
2600:9000:224a:a600:19:7d10:bd80:93a1
2a00:1450:4001:80e::2003
2a00:1450:4001:812::200a
34.211.243.235
54.187.119.242
02ff26140c714d045e93691c2b112160dff2818e28a826e3384c034ab7b2f5d5
1edb56927d0115965512b20403af7b8d29261351d71389198e6700f106e56686
301950170b5a9399ace07bcc5db4f581d542026754a1676dd9d41b5c155bf6aa
34845bb6344cdad5b3e15a37bcfee67bde497cdf5805d31c952c35a92b630e67
428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19
50302eb48724d3908c85f7e0228957d14ef1e27b9002160980e8d46559e92115
55212de060e7d96e4920fb1ae8515cdc5e9eea4d1e7ec1859d1728e74bd57732
603aeb60258f85a7773cdc03ad9656eb2e4ea6f1ddbd9fd54a80d97a67d3d338
6b5402ff8932ed835d39a31b75c6bc737a80f6ddcd6269a1fa53556485ca3ad8
7209c26bc245ae1b293f4b9622201b1dc97282229a2e8fcae555f36caa8650e8
72dbd696f7961daf9049faacc868865d959f3d126f40d5271f48d5d9a0ccc652
74d04929fcb657f5fa2c8d6b5d0ee6e44c564a12a05637ffe6b9a40662284e23
78466d0bed1e634ef4ba4dd16e9fcb7044659a606f45372d48973d6c8f9df7da
85bea54fc2708bd68bbf400426542b28ac04cfb25e994a39b84b94d96141f932
907ed1d0b0456a3d841b4e2b8139edcc98f2d0208f2291e8e088a01bbd32f136
941ae6acce18a719119c4d5a073bec6236ee9be5990702f905cb447f1927d7f4
9b28d6fb9c963f7973ad25fac9d91d6877089a35ce625ff5082833dba33e46e1
9e812ea6322e2fe95326c54e0f19b63c7a36bfd4c2a1c8e455e7c0f9be98e263
a27ac5a09da5d888fcf3b3e1a9905606602393a0a936724bf15e9e7a5a497bff
a2f6b81396ab1150effea054efbf1623212ea0419976389ce8f10e909d39e4c7
a5702b5aeb15ae29e76c118879a959686bd323f922f8951e77c714ed150bf375
a752e5297af231ed1f6809a89476ae4198d4a1f0c3aa0201f28942725a3a8fd5
bb97a533b4baf88aea8c3e861b8a6c0826f144cedc382fd88643ea107a7ff349
c489a28d1d08698697df36a9cca33a289b35cfaf43915ee9d52ce8002619ed6e
c587355f6d2e6d7fbd3ba00ae2c3d81343d10709ef272f58a6d953febb1d9036
d859f7e02c2cc2d708a00728582934623d9af3c79b06e6441e1360244134eedb
e18b54fee91108f322a50e21b44024e3f537530647369ffa54ec5ce8aded4d78
e297b57022629a96ab3723eead887c0bac88a931689cec275aa97bc213e7c484
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed34a59f182c66e2b25c602f3c9b0f21435a8f475d5dbc9e6830ff4c7929f5cd
f5b3f1b9deff0b138c2506741a71c40f93ac85a02d45f017eac6fb92b3ff5b50