cheatsheetseries.owasp.org Open in urlscan Pro
2606:4700:10::ac43:a27  Public Scan

20 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request Clickjacking_Defense_Cheat_Sheet.html Show response cheatsheetseries.owasp.org/cheatsheets/	74 KB 14 KB	267ms 172ms	Document text/html	2606:4700:10::ac43:a27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1c3b5f6c740f79691679fc2c8de51cacceddb737e78f4ecbf66fb0eb405da59b Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-origin * age 0 cache-control max-age=600 cf-cache-status DYNAMIC cf-ray 7d6bc0610dec1e6c-FRA content-encoding br content-type text/html; charset=utf-8 date Tue, 13 Jun 2023 16:36:16 GMT expires Tue, 13 Jun 2023 12:41:22 GMT last-modified Tue, 13 Jun 2023 12:20:09 GMT server cloudflare vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 1 x-fastly-request-id 5d6b0233133bf2189152c898836287c36fb362e6 x-github-request-id 5D88:108B1:2A7CD9A:2BC52B9:6488619A x-proxy-cache MISS x-served-by cache-fra-eddf8230036-FRA x-timer S1686674176.172851,VS0,VE103
GET H2	200	main.26e3688c.min.css cheatsheetseries.owasp.org/assets/stylesheets/	111 KB 20 KB	65ms 64ms	Stylesheet text/css	2606:4700:10::ac43:a27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cheatsheetseries.owasp.org/assets/stylesheets/main.26e3688c.min.css Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 26e3688c34645fc19d7d0aca8739d1339a94e28528abbf2d61f0b39ec1408236 Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-fastly-request-id cdeceff77f58a4ac5a5d66a9e827f3da1e3dfc03 date Tue, 13 Jun 2023 16:36:16 GMT via 1.1 varnish content-encoding br expires Tue, 13 Jun 2023 12:34:13 GMT cf-cache-status REVALIDATED x-proxy-cache MISS x-cache HIT x-served-by cache-fra-eddf8230089-FRA last-modified Tue, 13 Jun 2023 12:20:09 GMT server cloudflare x-github-request-id 73F0:7E10:3D16A81:3F01C0B:64885FED x-timer S1686659350.788470,VS0,VE105 etag W/"64885ef9-1bb61" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control max-age=14400 x-origin-cache HIT cf-ray 7d6bc062c8651e6c-FRA x-cache-hits 1
GET H2	200	palette.ecc896b0.min.css cheatsheetseries.owasp.org/assets/stylesheets/	12 KB 2 KB	63ms 62ms	Stylesheet text/css	2606:4700:10::ac43:a27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cheatsheetseries.owasp.org/assets/stylesheets/palette.ecc896b0.min.css Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ecc896b06a48b75f532ddbae807af5390bf54c9f6b12c9dd9e473657c0fd5633 Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-fastly-request-id 64812962d986a5003dba9f715519cd9540856d68 date Tue, 13 Jun 2023 16:36:16 GMT via 1.1 varnish content-encoding br expires Tue, 13 Jun 2023 12:33:32 GMT cf-cache-status REVALIDATED x-proxy-cache HIT x-cache HIT x-served-by cache-fra-eddf8230134-FRA last-modified Tue, 13 Jun 2023 12:20:09 GMT server cloudflare x-github-request-id D0F4:23D2:4EA3F2:50F432:64885FFA x-timer S1686659350.784461,VS0,VE97 etag W/"64885ef9-2fd5" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control max-age=14400 x-origin-cache HIT cf-ray 7d6bc062c8661e6c-FRA x-cache-hits 1
GET H2	200	css fonts.googleapis.com/	23 KB 2 KB	138ms 50ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 0dc560a51a4414c2f14eb6d5c9b3f681b1debe37232bfb9cd75073acf77ffcda Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 13 Jun 2023 16:36:16 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 13 Jun 2023 16:32:36 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 13 Jun 2023 16:36:16 GMT
GET H2	200	OWASP_Logo_Transp.png cheatsheetseries.owasp.org/assets/	12 KB 12 KB	61ms 61ms	Image image/png	2606:4700:10::ac43:a27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cheatsheetseries.owasp.org/assets/OWASP_Logo_Transp.png Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 740a4cfa9ea983f861cdeb7c2aabd1fe56cbcd19a1a9e3ff690e51b1401a896e Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-fastly-request-id 2a88281482c5773369d462c75c2838ec0158a3a8 date Tue, 13 Jun 2023 16:36:16 GMT via 1.1 varnish expires Tue, 13 Jun 2023 12:34:27 GMT cf-cache-status REVALIDATED x-proxy-cache MISS x-cache HIT content-length 12233 x-served-by cache-fra-eddf8230031-FRA last-modified Tue, 13 Jun 2023 12:20:09 GMT server cloudflare x-github-request-id 8A62:7E10:3D1725C:3F02414:64885FFA x-timer S1686659350.033338,VS0,VE92 etag "64885ef9-2fc9" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=14400 accept-ranges bytes cf-ray 7d6bc063a9b81e6c-FRA x-cache-hits 1
GET H2	200	Clickjacking_Defense_Cheat_Sheet_NestedFrames.png cheatsheetseries.owasp.org/assets/	6 KB 6 KB	185ms 185ms	Image image/png	2606:4700:10::ac43:a27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cheatsheetseries.owasp.org/assets/Clickjacking_Defense_Cheat_Sheet_NestedFrames.png Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3982573571927b0c8b2314c26b2baa708952e9c123efc46d547aa390e5eeb155 Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-fastly-request-id 17e20a495b2b962b49d2f293248854432c2c4918 date Tue, 13 Jun 2023 16:36:16 GMT via 1.1 varnish expires Tue, 13 Jun 2023 13:18:26 GMT cf-cache-status REVALIDATED x-proxy-cache MISS x-cache HIT content-length 5975 x-served-by cache-fra-eddf8230085-FRA last-modified Tue, 13 Jun 2023 12:20:08 GMT server cloudflare x-github-request-id 5E56:1464:649C8B:677E64:64886A4A x-timer S1686671492.136033,VS0,VE93 etag "64885ef8-1757" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=14400 accept-ranges bytes x-origin-cache HIT cf-ray 7d6bc063c9d91e6c-FRA x-cache-hits 1
GET H2	200	bundle.b4d07000.min.js Show response cheatsheetseries.owasp.org/assets/javascripts/	111 KB 36 KB	102ms 102ms	Script application/javascript	2606:4700:10::ac43:a27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cheatsheetseries.owasp.org/assets/javascripts/bundle.b4d07000.min.js Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1479b960003de14b67b57cc1188f22faea4d24c830af60cefa43e77559c2788e Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-fastly-request-id 3004c6d31fe0a2555d0e7fdd41042b78e30ff142 date Tue, 13 Jun 2023 16:36:16 GMT via 1.1 varnish content-encoding br expires Tue, 13 Jun 2023 12:34:27 GMT cf-cache-status REVALIDATED x-proxy-cache MISS x-cache HIT x-served-by cache-fra-eddf8230134-FRA last-modified Tue, 13 Jun 2023 12:20:09 GMT server cloudflare x-github-request-id 1666:1464:5D0FB7:5FCB34:64885FFA x-timer S1686659350.960989,VS0,VE5 etag W/"64885ef9-1bb51" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=14400 x-origin-cache HIT cf-ray 7d6bc06339121e6c-FRA x-cache-hits 1
GET DATA	200 OK	truncated /	132 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 238c4778302e87207b071682424cef35401d19f202d0f0056db581230c1b795a Request headers Referer Origin https://cheatsheetseries.owasp.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	130ms 40ms	Font font/woff2	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://cheatsheetseries.owasp.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Sat, 10 Jun 2023 03:30:27 GMT x-content-type-options nosniff age 306349 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15744 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:48 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 09 Jun 2024 03:30:27 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	140ms 50ms	Font font/woff2	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://cheatsheetseries.owasp.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Sat, 10 Jun 2023 17:04:15 GMT x-content-type-options nosniff age 257521 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15860 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 09 Jun 2024 17:04:15 GMT
GET H2	200	KFOlCnqEu92Fr1MmSU5fBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 15 KB	174ms 84ms	Font font/woff2	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://cheatsheetseries.owasp.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Sat, 10 Jun 2023 15:24:53 GMT x-content-type-options nosniff age 263483 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15740 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 09 Jun 2024 15:24:53 GMT
GET H2	200	L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0mQ.woff2 fonts.gstatic.com/s/robotomono/v22/	22 KB 22 KB	206ms 116ms	Font font/woff2	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/robotomono/v22/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0mQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f39f934bc7f7b1b4dfa532f4b38dac960a3a7ad6bb9789a412f03bdcb4abd9f5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://cheatsheetseries.owasp.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Sat, 10 Jun 2023 19:40:58 GMT x-content-type-options nosniff age 248118 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 22168 x-xss-protection 0 last-modified Mon, 11 Jul 2022 18:56:28 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 09 Jun 2024 19:40:58 GMT
GET H2	200	KFOkCnqEu92Fr1Mu51xIIzI.woff2 fonts.gstatic.com/s/roboto/v30/	17 KB 17 KB	188ms 99ms	Font font/woff2	2a00:1450:4001:82f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://cheatsheetseries.owasp.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Sat, 10 Jun 2023 23:47:40 GMT x-content-type-options nosniff age 233316 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 17368 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 09 Jun 2024 23:47:40 GMT
GET H2	200	search_index.json Show response cheatsheetseries.owasp.org/search/	2 MB 520 KB	57ms 56ms	Fetch application/json	2606:4700:10::ac43:a27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cheatsheetseries.owasp.org/search/search_index.json Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/assets/javascripts/bundle.b4d07000.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1341515aac332621f9a4ec3a150911d36cc11c2c51882d86eb7dd024cf478fc7 Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-fastly-request-id f56184be123a0e1f573920a15e67e031804e02e9 date Tue, 13 Jun 2023 16:36:16 GMT via 1.1 varnish content-encoding br expires Tue, 13 Jun 2023 12:34:07 GMT cf-cache-status DYNAMIC age 470 x-cache HIT x-proxy-cache MISS x-served-by cache-fra-eddf8230036-FRA last-modified Tue, 13 Jun 2023 12:20:09 GMT server cloudflare x-github-request-id 8A04:FDBD:26AA4D9:27E6BA0:64885FE7 x-timer S1686674177.686014,VS0,VE2 etag W/"64885ef9-1d2522" vary Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin * cache-control max-age=600 x-origin-cache HIT cf-ray 7d6bc0643a711e6c-FRA x-cache-hits 1
GET H2	404	latest Show response api.github.com/repos/OWASP/CheatSheetSeries/releases/	123 B 1 KB	524ms 174ms	Fetch application/json	192.30.255.117 GITHUB
General Check archive.org Show headers Download Go to Full URL https://api.github.com/repos/OWASP/CheatSheetSeries/releases/latest Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/assets/javascripts/bundle.b4d07000.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.30.255.117 , United States, ASN36459 (GITHUB, US), Reverse DNS lb-192-30-255-117-sea.github.com Software GitHub.com / Resource Hash a012114c6aebdd581697278d50145dfd4899380d0b9d585dd29d9b0a43f1d63e Security Headers Name Value Content-Security-Policy default-src 'none' Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Tue, 13 Jun 2023 16:36:12 GMT strict-transport-security max-age=31536000; includeSubdomains; preload x-content-type-options nosniff content-security-policy default-src 'none' content-encoding gzip x-ratelimit-used 1 x-github-media-type github.v3; format=json x-github-api-version-selected 2022-11-28 content-length 124 x-xss-protection 0 referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin server GitHub.com x-github-request-id 94BE:7C68:966110F:9BAD934:64889B00 x-frame-options deny vary Accept-Encoding, Accept, X-Requested-With content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset x-ratelimit-remaining 59 x-ratelimit-resource core x-ratelimit-reset 1686677777 x-ratelimit-limit 60
GET H2	200	CheatSheetSeries Show response api.github.com/repos/OWASP/	7 KB 3 KB	668ms 319ms	Fetch application/json	192.30.255.117 GITHUB
General Check archive.org Show headers Download Go to Full URL https://api.github.com/repos/OWASP/CheatSheetSeries Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/assets/javascripts/bundle.b4d07000.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.30.255.117 , United States, ASN36459 (GITHUB, US), Reverse DNS lb-192-30-255-117-sea.github.com Software GitHub.com / Resource Hash a379af791891aa988b1d3a6a2b299a60fcfd933116faa8e02dee8b6f40593a25 Security Headers Name Value Content-Security-Policy default-src 'none' Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Tue, 13 Jun 2023 16:36:17 GMT strict-transport-security max-age=31536000; includeSubdomains; preload x-content-type-options nosniff content-security-policy default-src 'none' content-encoding gzip x-ratelimit-used 2 x-github-media-type github.v3; format=json x-github-api-version-selected 2022-11-28 content-length 1598 x-xss-protection 0 referrer-policy origin-when-cross-origin, strict-origin-when-cross-origin last-modified Tue, 13 Jun 2023 16:15:44 GMT server GitHub.com x-github-request-id 94BE:7C68:966110F:9BAD935:64889B01 etag W/"5d67a05190d740dc61eff3e4f50b0904d0db22252feb96d9b9d126061e27bd7c" vary Accept, Accept-Encoding, Accept, X-Requested-With x-frame-options deny content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset cache-control public, max-age=60, s-maxage=60 x-ratelimit-resource core x-ratelimit-reset 1686677777 x-ratelimit-limit 60 accept-ranges bytes x-ratelimit-remaining 58
GET H2	200	search.208ed371.min.js cheatsheetseries.owasp.org/assets/javascripts/workers/	38 KB 13 KB	83ms 82ms	Other application/javascript	2606:4700:10::ac43:a27 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cheatsheetseries.owasp.org/assets/javascripts/workers/search.208ed371.min.js Requested by Host: cheatsheetseries.owasp.org URL: https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6089d5f2420d4a7c32cb640e9c273ee14e34daa37d82b395762f74b7685fb7de Request headers accept-language de-DE,de;q=0.9 Referer https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-fastly-request-id 9a4593f87388fc48ec44c319aa50f04f16c8b7d9 date Tue, 13 Jun 2023 16:36:16 GMT via 1.1 varnish content-encoding br expires Tue, 13 Jun 2023 12:39:07 GMT cf-cache-status REVALIDATED x-proxy-cache MISS x-cache HIT x-served-by cache-fra-eddf8230124-FRA last-modified Tue, 13 Jun 2023 12:20:09 GMT server cloudflare x-github-request-id E34E:7E10:3D23CFA:3F0F2D4:64886113 x-timer S1686659350.371259,VS0,VE1 etag W/"64885ef9-9804" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=14400 x-origin-cache HIT cf-ray 7d6bc0646ab21e6c-FRA x-cache-hits 1
GET DATA	200 OK	truncated /	548 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 472961eb52640bc49059deac8d64214489f3bdc19177d645661427e5a3912ca1 Request headers Referer Origin https://cheatsheetseries.owasp.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET DATA	200 OK	truncated /	432 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ba42348c56564f99673afa7bb2187f203d69759153a807bc2530efa90c8fbff8 Request headers Referer Origin https://cheatsheetseries.owasp.org accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| __md_scope function| __md_hash function| __md_get function| __md_set object| palette undefined| key function| applyFocusVisiblePolyfill function| IFrameWorker object| document$ object| location$ object| target$ object| keyboard$ object| viewport$ object| tablet$ object| screen$ object| print$ object| alert$ object| component$

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.github.com/repos/OWASP/CheatSheetSeries/releases/latest Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.github.com
cheatsheetseries.owasp.org
fonts.googleapis.com
fonts.gstatic.com
192.30.255.117
2606:4700:10::ac43:a27
2a00:1450:4001:811::200a
2a00:1450:4001:82f::2003
0dc560a51a4414c2f14eb6d5c9b3f681b1debe37232bfb9cd75073acf77ffcda
1341515aac332621f9a4ec3a150911d36cc11c2c51882d86eb7dd024cf478fc7
1479b960003de14b67b57cc1188f22faea4d24c830af60cefa43e77559c2788e
1c3b5f6c740f79691679fc2c8de51cacceddb737e78f4ecbf66fb0eb405da59b
238c4778302e87207b071682424cef35401d19f202d0f0056db581230c1b795a
26e3688c34645fc19d7d0aca8739d1339a94e28528abbf2d61f0b39ec1408236
3982573571927b0c8b2314c26b2baa708952e9c123efc46d547aa390e5eeb155
472961eb52640bc49059deac8d64214489f3bdc19177d645661427e5a3912ca1
6089d5f2420d4a7c32cb640e9c273ee14e34daa37d82b395762f74b7685fb7de
740a4cfa9ea983f861cdeb7c2aabd1fe56cbcd19a1a9e3ff690e51b1401a896e
a012114c6aebdd581697278d50145dfd4899380d0b9d585dd29d9b0a43f1d63e
a379af791891aa988b1d3a6a2b299a60fcfd933116faa8e02dee8b6f40593a25
ba42348c56564f99673afa7bb2187f203d69759153a807bc2530efa90c8fbff8
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
ecc896b06a48b75f532ddbae807af5390bf54c9f6b12c9dd9e473657c0fd5633
f39f934bc7f7b1b4dfa532f4b38dac960a3a7ad6bb9789a412f03bdcb4abd9f5
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef