urlscan.io logo urlscan.io
SecurityTrails logo

coi.thimble.com Open in urlscan Pro
13.32.121.7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://l.thimble.com/ls/click?upn=b0LP2Ei5lzvlSj3sc-2BCqyjM2is2ZGoGC9vhfOAjanvfSfdXKm9LSTOd8Lq7bYw9Q-2BBLAo-2BeT9TdMm...
Effective URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&u...
Submission: On April 26 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 23 IPs in 4 countries across 17 domains to perform 69 HTTP transactions. The main IP is 13.32.121.7, located in United States and belongs to AMAZON-02, US. The main domain is coi.thimble.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 23rd 2023. Valid for: 7 months.
This is the only time coi.thimble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

IBL-P35GWRD6H_verifly_25fe62b9-802d-4972-8095-cadcfb94273c.pdf 992 KB application/pdf
MIME: PDF document, version 1.4
Size: 992 KB (1015978 bytes, 100% done)
Downloaded from: https://pdf.thimble.com/user_pdf/policy/627b059297658100666a58ce/IBL-P35GWRD6H_verifly_25fe62b9-802d-4972-8095-cadcfb94273c.pdf?v=18

Domain & IP information

IP Address AS Autonomous System
1 1 52.222.214.37 16509 (AMAZON-02)
15 13.32.121.7 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
8 99.86.8.175 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 13.32.118.85 16509 (AMAZON-02)
1 34.120.195.249 396982 (GOOGLE-CL...)
4 2a00:1450:400... 15169 (GOOGLE)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 18.66.147.96 16509 (AMAZON-02)
7 104.18.72.113 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.18.70.113 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.222.206.214 16509 (AMAZON-02)
3 35.201.112.186 396982 (GOOGLE-CL...)
3 54.69.86.105 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 54.68.26.177 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
3 35.186.194.58 15169 (GOOGLE)
2 104.16.51.111 13335 (CLOUDFLAR...)
69 23
1    52.222.214.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-37.fra56.r.cloudfront.net
l.thimble.com
15    13.32.121.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-7.fra60.r.cloudfront.net
coi.thimble.com
1    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net
cdn.segment.com
4    2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    13.32.118.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-118-85.fra60.r.cloudfront.net
d2yyd1h5u9mauk.cloudfront.net
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o202001.ingest.sentry.io
4    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2a02:26f0:6c00:1a1::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.optimizely.com
1    18.66.147.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-96.fra60.r.cloudfront.net
pdf.thimble.com
7    104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)
static.zdassets.com
1    2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)
ekr.zdassets.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    52.222.206.214 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-214.fra56.r.cloudfront.net
cdn.amplitude.com
3    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
3    54.69.86.105 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-86-105.us-west-2.compute.amazonaws.com
api.segment.io
2    2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    54.68.26.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-68-26-177.us-west-2.compute.amazonaws.com
api.amplitude.com
2    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
3    35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com
2    104.16.51.111 (None, )

ASN13335 (CLOUDFLARENET, US)
thimble.zendesk.com
Apex Domain
Subdomains		 Transfer
17 thimble.com
l.thimble.com
coi.thimble.com
pdf.thimble.com
4 MB
8 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2815
ekr.zdassets.com — Cisco Umbrella Rank: 3252
437 KB
8 segment.com
cdn.segment.com — Cisco Umbrella Rank: 2324
64 KB
6 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 3131
rs.fullstory.com — Cisco Umbrella Rank: 3007
138 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 91
region1.google-analytics.com — Cisco Umbrella Rank: 1718
22 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
321 KB
3 segment.io
api.segment.io — Cisco Umbrella Rank: 1344
517 B
3 amplitude.com
cdn.amplitude.com — Cisco Umbrella Rank: 4665
api.amplitude.com — Cisco Umbrella Rank: 2061
18 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 519
13 KB
2 zendesk.com
thimble.zendesk.com
2 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 16
562 B
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 67
stats.g.doubleclick.net — Cisco Umbrella Rank: 166
2 KB
1 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 751
3 KB
1 sentry.io
o202001.ingest.sentry.io
301 B
1 cloudfront.net
d2yyd1h5u9mauk.cloudfront.net
31 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 119
1 KB
0 google.de Failed
www.google.de Failed
69 17
Domain Requested by
15 coi.thimble.com coi.thimble.com
8 cdn.segment.com coi.thimble.com
cdn.segment.com
7 static.zdassets.com coi.thimble.com
static.zdassets.com
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
coi.thimble.com
4 www.googletagmanager.com coi.thimble.com
www.googletagmanager.com
cdn.segment.com
3 rs.fullstory.com coi.thimble.com
edge.fullstory.com
3 api.segment.io coi.thimble.com
3 edge.fullstory.com cdn.segment.com
coi.thimble.com
edge.fullstory.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
coi.thimble.com
2 thimble.zendesk.com static.zdassets.com
2 region1.google-analytics.com www.googletagmanager.com
2 api.amplitude.com coi.thimble.com
2 www.google.com coi.thimble.com
1 cdn.amplitude.com cdn.segment.com
1 stats.g.doubleclick.net coi.thimble.com
1 ekr.zdassets.com coi.thimble.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 pdf.thimble.com coi.thimble.com
1 cdn.optimizely.com coi.thimble.com
1 o202001.ingest.sentry.io coi.thimble.com
1 d2yyd1h5u9mauk.cloudfront.net coi.thimble.com
1 fonts.googleapis.com coi.thimble.com
1 l.thimble.com 1 redirects
0 www.google.de Failed coi.thimble.com
69 24

This site contains links to these domains. Also see Links.

Domain
pdf.thimble.com
Subject Issuer Validity Valid
*.thimble.com
Amazon RSA 2048 M02		 2023-02-23 -
2023-09-09		 7 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.segment.com
Amazon RSA 2048 M01		 2023-02-24 -
2024-01-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
ingest.sentry.io
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-28 -
2023-08-28		 a year crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2023-02-16 -
2023-08-16		 6 months crt.sh
cdn.optimizely.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-30 -
2023-10-30		 a year crt.sh
zdassets.com
Cloudflare Inc ECC CA-3		 2022-11-10 -
2023-11-09		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
cdn.amplitude.com
Amazon RSA 2048 M01		 2023-01-12 -
2024-02-11		 a year crt.sh
edge.fullstory.com
GTS CA 1D4		 2023-03-31 -
2023-06-30		 3 months crt.sh
*.segment.io
Amazon RSA 2048 M01		 2023-02-10 -
2024-02-10		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2023-01-23 -
2024-02-14		 a year crt.sh
rs.fullstory.com
GTS CA 1D4		 2023-03-23 -
2023-06-21		 3 months crt.sh
thimble.zendesk.com
Cloudflare Inc ECC CA-3		 2023-03-12 -
2024-03-11		 a year crt.sh

This page contains 4 frames:

Primary Page: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Frame ID: 78873B3448B3C5BDEEF7CAAB00AA6750
Requests: 59 HTTP requests in this frame

Frame: https://pdf.thimble.com/user_pdf/policy/627b059297658100666a58ce/IBL-P35GWRD6H_verifly_25fe62b9-802d-4972-8095-cadcfb94273c.pdf?v=18
Frame ID: 310D57CA31BBCB21CA9B3FEBE3D63754
Requests: 1 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/latest/web-widget-framework-c0c9b7521aeb969bfe7a.js
Frame ID: 535860BABE43DDB7994D2099909B1FBD
Requests: 8 HTTP requests in this frame

Frame: https://edge.fullstory.com/s/fs.js
Frame ID: E190AAD88C8467D8FAD482B0797CEF2A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Certificate Manager | Thimble

Page URL History Show full URLs

  1. http://l.thimble.com/ls/click?upn=b0LP2Ei5lzvlSj3sc-2BCqyjM2is2ZGoGC9vhfOAjanvfSfdXKm9LSTOd8Lq7bY... HTTP 302
    https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c8... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.amplitude\.com
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

69
Requests

97 %
HTTPS

39 %
IPv6

17
Domains

24
Subdomains

23
IPs

4
Countries

5090 kB
Transfer

7559 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://l.thimble.com/ls/click?upn=b0LP2Ei5lzvlSj3sc-2BCqyjM2is2ZGoGC9vhfOAjanvfSfdXKm9LSTOd8Lq7bYw9Q-2BBLAo-2BeT9TdMmFKDU6FGv7m-2Br8iE6bZmY-2F5zGmHaIVvS4IhhNTfYcfgeLdhhyGs1AE-2BXC2PtFsgsc8hzGY8-2FSBPn5vWtPewRGlV1uUUQ0uqfo923dtO5Ar6h4ME6KbWLoQx1Pl-2F31A4g83wGZAHYSsKAq5-2BcPo9QNYLWOy4eDJQ-3Dbv_d_nWIYOXakwpqx5aMbZWfN8-2FbKlm-2Bi1OlsuuX4VGvToMkJdnt-2BYcBSAXac-2F02xZdf2POylRfVKXv-2BJLLyjX-2BMR-2FtEzVuceHUutU0BQqMgvSRGvvnxaQ9XMGxJrqyQFw3cgqEnWXmKfGO4ioMXm0xDXM5HKKzbjMEEQfOpLse75nMaMxGXL708ZCXwvxvnoR1IiaEv-2BAlQbTTQWZml8NPVCDvqG6pc8W8Z54skAeUHRFpSKCGHki8ZflY11QtG4XUAKQ1jG3xpl1rbmd8uGeub50fnMJQFdhgEdmyIFGuYz5lYHbMdVvPMKJPlROQxLgIoaS01SFYJJxhnnbVIRmLj1ZhZZEICd9V-2B16ak0BkenO36-2FTiPaR7km99ZeCUKa0epy HTTP 302
    https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

69 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request onboard
coi.thimble.com/
Redirect Chain
  • http://l.thimble.com/ls/click?upn=b0LP2Ei5lzvlSj3sc-2BCqyjM2is2ZGoGC9vhfOAjanvfSfdXKm9LSTOd8Lq7bYw9Q-2BBLAo-2BeT9TdMmFKDU6FGv7m-2Br8iE6bZmY-2F5zGmHaIVvS4IhhNTfYcfgeLdhhyGs1AE-2BXC2PtFsgsc8hzGY8-2FS...
  • https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
48 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
Thimble Server /
Resource Hash
9535930ddab4213a71a9d541eb23b42613d47327ee45cfffdb5534bb5c5aa2e7
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
content-type
text/html; charset=utf-8
date
Wed, 26 Apr 2023 19:34:43 GMT
referrer-policy
strict-origin-when-cross-origin
server
Thimble Server
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
x-amz-cf-id
c2xlZLUeCAH1nRQpP8DfNMLJGEedZme_ryk-4a0w5dkvyJKFlSpVyQ==
x-amz-cf-pop
FRA60-P1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-protected-by
thimble-st-processor
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
204
Content-Type
text/html; charset=utf-8
Date
Wed, 26 Apr 2023 19:34:43 GMT
Location
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Server
nginx
Via
1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront)
X-Amz-Cf-Id
xDgIs46Cto2mlFN81EPd9SD3dx3ArTfSYBfViHzb1_c87K5HiJqZnw==
X-Amz-Cf-Pop
FRA56-P3
X-Cache
Miss from cloudfront
X-Robots-Tag
noindex, nofollow
css
fonts.googleapis.com/ 		13 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3ab87ad8deb2739e4134ecbae60b6de8a5ac013482b756056f6f26d985d7e85a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 26 Apr 2023 19:34:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 26 Apr 2023 18:53:30 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 26 Apr 2023 19:34:44 GMT
font.css
coi.thimble.com/assets/components/fonts/ 		9 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/components/fonts/font.css
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5828bc7c48c1085c6114b06008fb8048f4f2432c97b2de3b7551c0910115fd63
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:38:58 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
82547
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
8780
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:46 GMT
server
AmazonS3
etag
"cb33c82864671fb2b3d09cef1aca7cb6"
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
sRd5_IloJB2Ayd9pk-NaWNK6_CkNMGRjNLtLW_kQEnAmLCvuR0y5_w==
bundle.19bdb7c7.css
coi.thimble.com/assets/static/css/ 		150 KB
151 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/static/css/bundle.19bdb7c7.css
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0a3fe5448939956441ba55d03714431a225707bcead7f9f511c4c9621fc859eb
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 15:58:12 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
12993
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
153219
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:46 GMT
server
AmazonS3
etag
"96741607c86ba9be24d2d5f953b2d99a"
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
PgaPdXZGnGb_2w0hRxpyztDINaS2w3ae6wuUmEmt_o_UDET-7-d9zA==
bundle.74adf062.js
coi.thimble.com/assets/static/js/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ebfd82f42fce1b9b5044aec6ca26daab4484342588dd336982dc5aad6c1315b5
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:38:59 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
82546
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
1134786
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:47 GMT
server
AmazonS3
etag
"d1abbf836f29aa994b2c3af037ba618d"
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
12A2R6uJ9-UkZrEbipcxca79yHHe1r04ANXN0XgUnfZsZ8HTD8Kptw==
analytics.min.js
cdn.segment.com/analytics.js/v1/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/ 		103 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/analytics.min.js
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
95aad288a3a5dc1de8bcbd75925ac1ac37e8adb9d5d68295ad50a2a76e7275e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
zxD1usrcCs3gRkYLeO90.eHcTDKMJz5E
content-encoding
br
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
date
Wed, 26 Apr 2023 19:33:57 GMT
x-amz-cf-pop
FRA6-C1
age
48
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 21 Apr 2023 06:05:51 GMT
server
AmazonS3
etag
W/"c8e9c1c86819f0291aa09d7d2090b348"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
ZM8Jh38EcvpV0pQn6WkzyZpxdffU3RjxEWAirdv-K9RCu_UqgUxSRQ==
gtm.js
www.googletagmanager.com/ 		257 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KX757H
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6668bdfd998e577320c9ae2c472020beedf7d69388493767382d221b26baf301
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:44 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88000
x-xss-protection
0
last-modified
Wed, 26 Apr 2023 19:05:22 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 26 Apr 2023 19:34:44 GMT
delightedNps4.js
d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/kuBy6HeZRaqe33CT/ 		91 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/kuBy6HeZRaqe33CT/delightedNps4.js
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.118.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-118-85.fra60.r.cloudfront.net
Software
/
Resource Hash
54d568d9ce46eac023fc79dcb89315c84c37ae891862374bf73fc89dc7c96845
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com http://*.auryc.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://*.quora.com https://*.auryc.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 26 Apr 2023 19:33:56 GMT
Content-Security-Policy
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com http://*.auryc.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://*.quora.com https://*.auryc.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
none
Via
1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P1
Age
48
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Status
200 OK
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Request-Id
93a2543fdb921ef8a0fb2274d5a04692
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.037895
Referrer-Policy
strict-origin-when-cross-origin
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=120, public
X-Amz-Cf-Id
Wgb2jPw_4PZVRTAob8031Nmndm9Vb_V30kKQtER6Pi-LpYGtfS_taQ==
/
o202001.ingest.sentry.io/api/1552478/envelope/ 		2 B
301 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o202001.ingest.sentry.io/api/1552478/envelope/?sentry_key=9a7a9704e96743189466b64051bff40b&sentry_version=7
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://coi.thimble.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 26 Apr 2023 19:34:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
1.c23f1e99.chunk.css
coi.thimble.com/assets/static/css/ 		7 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/static/css/1.c23f1e99.chunk.css
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7be54d87054f1d218b7020d39ec47c67255d851a9e1ec5a1964d30dbae151147
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:39:15 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
82529
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
7654
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:46 GMT
server
AmazonS3
etag
"45f5363295fba980ec19a3d4dc845c87"
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
K14brbDCTlGu_kVM-Vm6G34zr1NEZubif_qJ6BmF71E9HbxCLZeNGw==
1.33d5bd9f.chunk.js
coi.thimble.com/assets/static/js/ 		2 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/static/js/1.33d5bd9f.chunk.js
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
74673bc487b3b73fae6bab8a8383aa398b60cb1632be27998e74357ee6226a68
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:39:15 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
82530
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
2019410
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:47 GMT
server
AmazonS3
etag
"b168caad7bfc26c22a138b52a5054ca8"
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
JNiLUNA6V3rTbsRyYVJ0EmA3KPsPbd3lpjaEoq2F_Z-pSmfV-vTyOA==
2.0dc5d502.chunk.css
coi.thimble.com/assets/static/css/ 		119 KB
120 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/static/css/2.0dc5d502.chunk.css
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf7dcb55833db7b6945431f847d76fa998a514747af214a28bf4960e6e654df2
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:39:15 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
82530
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
121700
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:46 GMT
server
AmazonS3
etag
"505ae7d1600ed42108ab272743df4d56"
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
rXw6e2oWhR218SmJAy0yrHHWeLV3ofRUyi2UsRRl7ZYpUezrySDJMg==
2.a30a75f0.chunk.js
coi.thimble.com/assets/static/js/ 		379 KB
380 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/static/js/2.a30a75f0.chunk.js
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ff07aa8bb04de0d0d8ccefc2593e418be3aa657b765bac2f8a546903264d043b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 20:39:15 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
82530
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
387735
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:47 GMT
server
AmazonS3
etag
"ec2db67f295e67c6d801068bf584f902"
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
-yd-xkBKWPbj46S0fhZjDwineXvoWUAEaOgKkIzwangMJ49--oWsqQ==
settings
cdn.segment.com/v1/projects/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/settings
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
68114cc4f923060ffe05e78f3a55f1bc762d071a0ed7bfb01a1d0a7f3f39000c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
Ynt2NbLKZQCj2K7qW7ez8Ws.EQem2UDZ
content-encoding
br
via
1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
date
Wed, 26 Apr 2023 19:33:58 GMT
x-amz-cf-pop
FRA6-C1
age
47
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 12 Jul 2022 01:49:41 GMT
server
AmazonS3
etag
W/"97a01f9c8823aaadc416ed350d9c2cd6"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
CQ0qdpCMcjTrNmFEs7BkJDdcFql3eYkFyhGTX-3TVgAhqw8k7XCEcw==
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KX757H
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 26 Apr 2023 18:27:45 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
4019
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Wed, 26 Apr 2023 20:27:45 GMT
bat.js
bat.bing.com/ 		40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KX757H
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
eec5c0b7f3736c064a5c93fb61f419fe7d3f7c1815c81004312fd349fd43be2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 26 Apr 2023 19:34:44 GMT
last-modified
Thu, 20 Apr 2023 19:01:49 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5E7028CCE4CA42988D694A744FB9A6CB Ref B: FRAEDGE1120 Ref C: 2023-04-26T19:34:44Z
etag
"808c558fba73d91:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
12036
js
www.googletagmanager.com/gtag/ 		184 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-876410777
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KX757H
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
13f02a49ae90b79d43602873337b49a5147dd9aa17d4ac5189be017ba779a8cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:44 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67571
x-xss-protection
0
last-modified
Wed, 26 Apr 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 26 Apr 2023 19:34:44 GMT
ajs-destination.bundle.ccff523783839dc95aac.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ccff523783839dc95aac.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e28a44f05465881891ed02e04f286084a8fdb361d81e1877ea4f612f05dcddaf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 04:55:35 GMT
x-amz-version-id
a142wvWCk5xJExZUb9LpN_387MWS7AEL
content-encoding
br
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
1348750
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 16 Mar 2023 12:05:28 GMT
server
AmazonS3
etag
W/"9bd6c4523feaa1477df0588cd1d6738c"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
iWhyAy77nQLAWM4TP8rzfaRsWNwpU0DfCuVXO91L2z_9QL9NUUgCxg==
schemaFilter.bundle.d0fc84c62e956d168cce.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.d0fc84c62e956d168cce.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ac404a65bffee85a15718f669a44f5a034c94116661e6e0e48b1609f4a8617a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 18 Apr 2023 02:20:23 GMT
x-amz-version-id
H2MYLbMWwUggJb6wT0Gt4D5qB0SBiDaa
content-encoding
br
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
753261
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 16 Mar 2023 12:05:28 GMT
server
AmazonS3
etag
W/"d6985af1d6ad9e8c2f97f24f7b27306e"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
b78re3dl5uFv5pJUfv8WB2L1W397VoAXPUZL1lRCd7lFuvXKgAZzyw==
95QUkt8Q4rmKrYDecjoXFZ.json
cdn.optimizely.com/datafiles/ 		13 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/datafiles/95QUkt8Q4rmKrYDecjoXFZ.json
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:1a1::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f56c7ccfbc7389eafe2d184f59fa7e19b72274c6477d89c433fabc67a402c0f1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
YCZwwKWcZcj8_6bbh.K5OAMSIC6L.Zir
content-encoding
gzip
date
Wed, 26 Apr 2023 19:34:44 GMT
strict-transport-security
max-age=15768000
x-amz-request-id
HQSADD0PKQWQ084Z
x-amz-server-side-encryption
AES256
x-amz-meta-revision
827
x-amz-replication-status
COMPLETED
server-timing
cdn-cache; desc=REVALIDATE, edge; dur=7, origin; dur=107, cdn;desc="AkamaiION";dur=0,rtt;desc="11";dur=0,cdnip;desc="2a02:26f0:6c00:1a1::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0, ak_p; desc="467371_34650885_306830449_11358_2345_11_0";dur=1
content-length
2508
x-amz-id-2
gdnEeGPfmtD1gRUaYVbkBKrO1CyLwk2dMbp4GSB80Wly5MpLDY+79FFwp/KDWIOeodnvaumAhJs=
last-modified
Wed, 29 Mar 2023 08:00:36 GMT
server
AmazonS3
etag
"dda9d9792203bbd5b315d2393ae69e8e"
vary
Accept-Encoding
access-control-max-age
604800
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD, OPTIONS
cache-control
max-age=118
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
5.50c9d903.chunk.js
coi.thimble.com/assets/static/js/ 		677 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/static/js/5.50c9d903.chunk.js
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7f54c81c05134c5f65b761350cce67a7501719eac5375c1edd9a1d30952a79a8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:33:58 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
47
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
677
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:47 GMT
server
AmazonS3
etag
"5910b6ccb4815dcb2785c89e33625931"
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
SGbaUh_uFCX71oWmZGi-o9RqMc0ceaa9xa58Qlus_1GbMmLT4LcqcA==
IBL-P35GWRD6H_verifly_25fe62b9-802d-4972-8095-cadcfb94273c.pdf
pdf.thimble.com/user_pdf/policy/627b059297658100666a58ce/ Frame 310D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pdf.thimble.com/user_pdf/policy/627b059297658100666a58ce/IBL-P35GWRD6H_verifly_25fe62b9-802d-4972-8095-cadcfb94273c.pdf?v=18
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.147.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-96.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://coi.thimble.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
47
content-encoding
gzip
content-type
application/pdf
date
Wed, 26 Apr 2023 19:33:58 GMT
etag
W/"9560a2a2621e90e640c478aa0f292451"
last-modified
Wed, 26 Apr 2023 19:20:17 GMT
server
AmazonS3
vary
Accept-Encoding Origin
via
1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-id
H13QS5GH_HyxI6OmDebtsVF0TcOKsqVuwa8wA2Zk87YW19gPubfyBg==
x-amz-cf-pop
FRA60-P4
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
snippet.js
static.zdassets.com/ekr/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/snippet.js?key=f9156600-5c27-4e8c-9df1-30814d868c65
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/2.a30a75f0.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
21d2ea81f22f44525f201ad9f4702029e0b2bfe65d5a2b534104dbe4b2346bbe
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:44 GMT
x-amz-version-id
PBHdtxERTX7HUmm2o8dmki0ZTZF0krHp
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
S9KDDH58C9SJA45J
age
55
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
z35eu7f5YPj4bNtNISb2HySNIp4y0Mkn0gue5Sex5y9SQbStwVtyAccJhl2TifMvuXLPub0CHss=
last-modified
Fri, 17 Mar 2023 01:24:00 GMT
server
cloudflare
etag
W/"35755063f184195a50a9c07a2c71693a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4B0WCj%2Fj9iaGA7toCCY4nTQi4FhpUtcPLUfXB%2Bwsbmf6h62zw4FJlVRQfTM650DqIbz3Y8T7ql9%2F2yWNFhAfL%2FKWbuvWtaEObgBT8%2FuUqt19J%2B969www6uGSahL9J23%2FBah03BA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
cf-ray
7be143cfea9a8fec-FRA
thimble.png
coi.thimble.com/assets/images/ 		36 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://coi.thimble.com/assets/images/thimble.png
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4a4fc7eb51661d6ff041158be439b7f4101f2da32f500940158bfe22897a876f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:33:58 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
47
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
37338
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:46 GMT
server
AmazonS3
etag
"eab8353599a0623d27bd37adf0e896ba"
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
-b_4Yzdoy46jDTpZwsgAYI-OjY5k9FIVt4LXR-Blqa3HXiutxebgPg==
CentraThimble-Medium.woff
coi.thimble.com/assets/components/fonts/ 		40 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/components/fonts/CentraThimble-Medium.woff
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/components/fonts/font.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
aaa3ce565fe9aca6508107a631bcd5af7919f4f73c46e0606c61ee5712cebca6
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://coi.thimble.com/assets/components/fonts/font.css
Origin
https://coi.thimble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:33:58 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
47
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
40756
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:45 GMT
server
AmazonS3
etag
"57101a88fafb56e877eda89122dc3f93"
vary
Origin
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
https://coi.thimble.com
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
gwjDUZr6Qfr8iQX-1d-aHkVNTjF9od6B3h0CGOv0pxkXTicKBG3c7w==
CentraThimble-Book.woff
coi.thimble.com/assets/components/fonts/ 		56 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/components/fonts/CentraThimble-Book.woff
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/components/fonts/font.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
139d646375cbdb36a7c9290d6aa7e0d09d54ad31e12e73c56b0dd10bcb2feca0
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://coi.thimble.com/assets/components/fonts/font.css
Origin
https://coi.thimble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:33:58 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
47
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
57824
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:45 GMT
server
AmazonS3
etag
"40162d1cca0dbe70e632891b222e3337"
vary
Origin
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
https://coi.thimble.com
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
e8xxuxw-rXGxHl64qKV7RduvNQK9RdvU3CPf4ndydhgMvRopWbi2KA==
icomoon.47061809.ttf
coi.thimble.com/assets/static/media/ 		34 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/static/media/icomoon.47061809.ttf
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/css/2.0dc5d502.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5aca7f27b7a0dc4d476a1d75d9361b9a1d319f850efc7335c3ab661dc1f23220
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://coi.thimble.com/assets/static/css/2.0dc5d502.chunk.css
Origin
https://coi.thimble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:33:58 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
47
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
35144
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:47 GMT
server
AmazonS3
etag
"470618092e81fa3c9ef2054c617ccb0d"
vary
Origin
access-control-allow-methods
GET
content-type
font/ttf
access-control-allow-origin
https://coi.thimble.com
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
dFeYDwdIqj_9bNeWhvwHq_Z0twfpyxtK3u6OTqwH1e1-HkxnOA4Bxg==
CentraThimble-Bold.woff
coi.thimble.com/assets/components/fonts/ 		40 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/components/fonts/CentraThimble-Bold.woff
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/components/fonts/font.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
32c47876313b64c4f17401f0a4cba23ca4e5bd85b1330cb67a9a2761d31b5ea2
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://coi.thimble.com/assets/components/fonts/font.css
Origin
https://coi.thimble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:33:58 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
47
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
40748
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:44 GMT
server
AmazonS3
etag
"b01368b43b62932cc370bf27078589dd"
vary
Origin
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
https://coi.thimble.com
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
Z6vcf2pOpBUgCM2bzr1X1soS2jZekn4Y6M9-3O9PbheRPRSchjGc5A==
CentraThimble-Light.woff
coi.thimble.com/assets/components/fonts/ 		57 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://coi.thimble.com/assets/components/fonts/CentraThimble-Light.woff
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/components/fonts/font.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-7.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2be8552cf803ef27724f5f2f96db42b0d007831eec3757c45d66277844dbe44a
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Xss-Protection 1; mode=block

Request headers

Referer
https://coi.thimble.com/assets/components/fonts/font.css
Origin
https://coi.thimble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:33:58 GMT
via
1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P1
age
47
x-cache
Hit from cloudfront
x-protected-by
thimble-st-processor
content-length
58376
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 17 Oct 2022 07:03:45 GMT
server
AmazonS3
etag
"2884d5b7d229b1c855683a6a3a8291e0"
vary
Origin
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
https://coi.thimble.com
access-control-allow-credentials
true
accept-ranges
bytes
x-amz-cf-id
RSGVhQ_dE_TjVB3_xjHJBgXxiPbox7RavSfT29IyqthSX2TVTd5_lw==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/876410777/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/876410777/?random=1682537684510&cv=11&fst=1682537684510&bg=ffffff&guid=ON&async=1&gtm=45be34j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcoi.thimble.com%2Fonboard%3Fpolicy_id%3D627b05f77b4a19002e0eede3%26policy_ai_id%3D6449795bd1d6180065c82ec1%26utm_source%3Dsg%26utm_medium%3Demail%26utm_campaign%3Dai_policy_new_ai&hn=www.googleadservices.com&frm=0&tiba=Certificate%20Manager%20%7C%20Thimble&auid=353764902.1682537684&uamb=0&uaw=0&data=event%3Dgtag.config%3B%20allow_enhanced_conversions%3Dtrue&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-876410777
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
aa1666dba967489a7d09cf24e08532d2254aad7618f8ff5982f8a72292b113ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 26 Apr 2023 19:34:44 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1336
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
amplitude.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/amplitude/3.3.3/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/amplitude/3.3.3/amplitude.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06d95e7c78ae4bd7fc58fe29a222697fa4063a83a676d6169b875e8462a253d9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 25 Mar 2023 01:32:36 GMT
content-encoding
gzip
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-version-id
jsUAnFVq4l4p0RjVXXw54GBJiAS.qrm0
x-amz-cf-pop
FRA6-C1
age
2829729
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
3181
last-modified
Thu, 23 Mar 2023 13:55:25 GMT
server
AmazonS3
etag
"949376aa55c1e7a26572d64a97dbe296"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
k2dYWd77cYdVTWX6KrMT_PgTASpS-WQRS0ISxwqDjyg8yfqtPg6cKg==
fullstory.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/fullstory.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
de8f2ac57087767409b0bb4025e88c1ebb0fd18e0e73144e4ac15997f3350821

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 14 Mar 2023 12:58:49 GMT
content-encoding
gzip
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-version-id
sB6mXjBYIM352AzqutOyLB9B8Ya4D9ag
x-amz-cf-pop
FRA6-C1
age
3738956
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2166
last-modified
Wed, 08 Feb 2023 17:50:06 GMT
server
AmazonS3
etag
"e99e99fffc341f6a85e129a73956e837"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
7u5QwHWHn4t3zViM3fqmDkOys9c4wJMNC69DR-4j_niGJo4iFcCaMQ==
google-tag-manager.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e91a86b8d8da28eaf681b924b135c3a8ffacb6d51d2affad9d684e708d60a3db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 01 Apr 2023 12:26:27 GMT
content-encoding
gzip
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-version-id
dHF36.vLMjw4djQogLlGeyFi4lweQ.Er
x-amz-cf-pop
FRA6-C1
age
2185698
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1342
last-modified
Thu, 23 Mar 2023 13:55:25 GMT
server
AmazonS3
etag
"a1bed0458702cf863f2d24fb1b9d39ae"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
fMKB-3h3JzRVratTMyJrd0SyY1MwazOaSlLCLb_4yhtjoOz30ZqZLQ==
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:25:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
565
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 26 Apr 2023 20:25:19 GMT
26050193.js
bat.bing.com/p/action/ 		0
135 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/26050193.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ARR/3.0
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Wed, 26 Apr 2023 19:34:44 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: D7B9FF29502E44908A2421A347AFEF45 Ref B: FRAEDGE1120 Ref C: 2023-04-26T19:34:44Z
x-powered-by
ARR/3.0
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
285 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=26050193&tm=gtm002&Ver=2&mid=2d88682d-6a76-43e7-85d5-7bcc9516a5cb&sid=65995720e46911ed97b7f9914e22f0ee&vid=659961d0e46911ed861be76c4924857d&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Certificate%20Manager%20%7C%20Thimble&p=https%3A%2F%2Fcoi.thimble.com%2Fonboard%3Fpolicy_id%3D627b05f77b4a19002e0eede3%26policy_ai_id%3D6449795bd1d6180065c82ec1%26utm_source%3Dsg%26utm_medium%3Demail%26utm_campaign%3Dai_policy_new_ai&r=&lt=902&evt=pageLoad&sv=1&rn=29381
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 26 Apr 2023 19:34:44 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 81553F5F99194D9DB8FB54C2B4104118 Ref B: FRAEDGE1120 Ref C: 2023-04-26T19:34:44Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
f9156600-5c27-4e8c-9df1-30814d868c65
ekr.zdassets.com/compose/ 		431 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/f9156600-5c27-4e8c-9df1-30814d868c65
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
888b1efc2977d40c305b9b52d1bad329e5dcd86252a28a2a8a6af65b046313ea
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:44 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
status
200 OK
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
7be143d0bcf490e8-SEA, 7be143d0bcf490e8-SEA
x-runtime
0.005120
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"888b1efc2977d40c305b9b52d1bad329"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0TemjpOW0SjulEfiHAzCn8hFWkYAIP8XmWFatBVHm0CNq203uG0HlXTxWnvVsuK3VNJv6bOHVXuTwJocjTFYU60cYIt7st5B7VSnbtno1edqhme984OiqaNlpE6WtgHJbw%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=600, public, stale-while-revalidate=600, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
7be143d0bcf490e8-FRA
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/uKQHSbzL8mJmjrNnGL0qdjnZXgFTpz0C/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 25 Apr 2023 23:55:03 GMT
content-encoding
gzip
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-version-id
_CDAHRpSMnFhUQgRIVvCIby4N2cITv0X
x-amz-cf-pop
FRA6-C1
age
70782
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22177
last-modified
Mon, 17 Apr 2023 06:44:02 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
IHTQtL4401E5wC-1jeeSHaaCiGBMBv-E6OtICd-19oEv2dhCty9o-Q==
collect
stats.g.doubleclick.net/j/ 		4 B
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-76257984-1&cid=1056855504.1682537685&jid=1853460098&gjid=1197947221&_gid=130013833.1682537685&_u=aGBAiEAjBAAAAEAAI~&z=707521798
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://coi.thimble.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 26 Apr 2023 19:34:44 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://coi.thimble.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=1419566811&t=pageview&_s=1&dl=https%3A%2F%2Fcoi.thimble.com%2Fonboard%3Fpolicy_id%3D627b05f77b4a19002e0eede3%26policy_ai_id%3D6449795bd1d6180065c82ec1%26utm_source%3Dsg%26utm_medium%3Demail%26utm_campaign%3Dai_policy_new_ai&ul=en-us&de=UTF-8&dt=Certificate%20Manager%20%7C%20Thimble&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiEAjBAAAAAAAI~&jid=1853460098&gjid=1197947221&cid=1056855504.1682537685&tid=UA-76257984-1&_gid=130013833.1682537685&gtm=45He34j0n71KX757H&z=1579678285
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 26 Apr 2023 02:05:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
62954
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
amplitude-5.2.2-min.gz.js
cdn.amplitude.com/libs/ 		54 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.206.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-206-214.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2173f130ca59dc5554498343432f02f92ecce45c4f9381ea12b203a2978f33d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 08 Jan 2023 09:26:25 GMT
content-encoding
gzip
via
1.1 d9523e44e96d2539081596bb1d268d44.cloudfront.net (CloudFront)
x-amz-version-id
aZB1RIRJqET7nosqRtOBVideRuh0jIV6
x-amz-cf-pop
FRA56-P3
age
9367700
x-cache
Hit from cloudfront
content-length
17889
last-modified
Mon, 21 Oct 2019 15:45:34 GMT
server
AmazonS3
etag
"b568e7b3c9d94da6a1d4845b18400f7a"
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-amz-cf-id
Xo7CRMW2yDhaEATocPFEMquRuuTpSvNliAHdc3SLczUmASOEa3byxQ==
fs.js
edge.fullstory.com/s/ 		246 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
aeb52bf0d3893e1dd6d844d1658c24e3912b4154d7537d5f5f2d11a9e7c221ed

Request headers

Referer
https://coi.thimble.com/
Origin
https://coi.thimble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:04:16 GMT
content-encoding
br
age
1828
x-guploader-uploadid
ADPycdvqJTw0af4jDQePyRkbisbeIYQH_X4--7f5flc-LFizWctq2UyRKvHp0DRhBfROTFxs-msRHhg7U79mLkLoU_VymqLfjUqG
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67590
last-modified
Mon, 24 Apr 2023 14:36:03 GMT
server
UploadServer
etag
"d53f15877b3b43f771842579aeaebd7d"
vary
Accept-Encoding
x-goog-generation
1682346963410736
x-goog-hash
crc32c=8Ord5A==, md5=1T8Vh3s7Q/dxhCV5rq69fQ==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
67590
accept-ranges
bytes
content-type
application/javascript
expires
Wed, 26 Apr 2023 20:04:16 GMT
gtm.js
www.googletagmanager.com/ 		257 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KX757H&l=dataLayer
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6668bdfd998e577320c9ae2c472020beedf7d69388493767382d221b26baf301
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:44 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88000
x-xss-protection
0
last-modified
Wed, 26 Apr 2023 19:05:22 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 26 Apr 2023 19:34:44 GMT
p
api.segment.io/v1/ 		21 B
173 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.86.105 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-86-105.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://coi.thimble.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://coi.thimble.com
date
Wed, 26 Apr 2023 19:34:45 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
p
api.segment.io/v1/ 		21 B
172 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.86.105 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-86-105.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://coi.thimble.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://coi.thimble.com
date
Wed, 26 Apr 2023 19:34:45 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
t
api.segment.io/v1/ 		21 B
172 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/t
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.86.105 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-86-105.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://coi.thimble.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://coi.thimble.com
date
Wed, 26 Apr 2023 19:34:45 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
js
www.googletagmanager.com/gtag/ 		250 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-RQYSNHGMM1&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KX757H
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dc1f6fd8651b655336e00a8c9f777977c2d077ca47b84cc6fcd2979dd713631e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:44 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
84310
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 26 Apr 2023 19:34:44 GMT
/
www.google.com/pagead/1p-user-list/876410777/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/876410777/?random=1682537684510&cv=11&fst=1682535600000&bg=ffffff&guid=ON&async=1&gtm=45be34j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcoi.thimble.com%2Fonboard%3Fpolicy_id%3D627b05f77b4a19002e0eede3%26policy_ai_id%3D6449795bd1d6180065c82ec1%26utm_source%3Dsg%26utm_medium%3Demail%26utm_campaign%3Dai_policy_new_ai&frm=0&tiba=Certificate%20Manager%20%7C%20Thimble&data=event%3Dgtag.config%3B%20allow_enhanced_conversions%3Dtrue&fmt=3&is_vtc=1&random=3866873380&rmt_tld=0&ipr=y
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 26 Apr 2023 19:34:44 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/876410777/ 		0
0
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-76257984-1&cid=1056855504.1682537685&jid=1853460098&_u=aGBAiEAjBAAAAEAAI~&z=1704405521
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 26 Apr 2023 19:34:44 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		0
0
/
api.amplitude.com/ 		7 B
206 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.amplitude.com/
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.68.26.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-68-26-177.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://coi.thimble.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 26 Apr 2023 19:34:45 GMT
strict-transport-security
max-age=15768000
trace-id
Root=1-64497cd5-48efaf635a8aef8e5a45523c
content-length
7
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
collect
region1.google-analytics.com/g/ 		0
244 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RQYSNHGMM1&gtm=45je34j0&_p=1419566811&cid=1056855504.1682537685&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682537684&sct=1&seg=0&dl=https%3A%2F%2Fcoi.thimble.com%2Fonboard%3Fpolicy_id%3D627b05f77b4a19002e0eede3%26policy_ai_id%3D6449795bd1d6180065c82ec1%26utm_source%3Dsg%26utm_medium%3Demail%26utm_campaign%3Dai_policy_new_ai&dt=Certificate%20Manager%20%7C%20Thimble&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RQYSNHGMM1&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 26 Apr 2023 19:34:44 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://coi.thimble.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
web
edge.fullstory.com/s/settings/HK4QC/v1/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/settings/HK4QC/v1/web
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
a36651871015e449d9c81b6dd70e5db4906b7a5a447f69eebdff2c28c4ec66cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:33:57 GMT
content-encoding
gzip
age
47
x-guploader-uploadid
ADPycdu8sA0d9xiBE40R1805a9sHZX4yzj_mIjlv7hvTzctrIWsbGAl8QaWl_DJYn9Udx2l2_NHbESRXyhfTUONdnzigDFJCy8qo
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1221
last-modified
Wed, 26 Apr 2023 19:31:36 GMT
server
UploadServer
etag
"cf3d6c226551151d75283c359dcff857"
x-goog-generation
1682348496673163
x-goog-hash
crc32c=PRyAsQ==, md5=zz1sImVRFR11KDw1nc/4Vw==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=900,no-transform
x-goog-stored-content-length
1221
accept-ranges
bytes
content-type
application/json
expires
Wed, 26 Apr 2023 19:48:57 GMT
page
rs.fullstory.com/rec/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
7438552400a5fae2abe38b5ca660a8234cad3d99c459a23648449451e8efd0ee

Request headers

Referer
https://coi.thimble.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 26 Apr 2023 19:34:45 GMT
content-encoding
gzip
via
1.1 google
content-type
application/json; charset=utf-8
access-control-allow-origin
https://coi.thimble.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1509
web-widget-framework-c0c9b7521aeb969bfe7a.js
static.zdassets.com/web_widget/latest/ Frame 5358 		163 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-framework-c0c9b7521aeb969bfe7a.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=f9156600-5c27-4e8c-9df1-30814d868c65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
558ab8aa7080f2b2aa2087c887a56a0b70a5c72b53652b5834db974a2da251a3
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:44 GMT
x-amz-version-id
Ha_jeBLFDxKqCRZFj4ioZtS8.P8OrmHL
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
N1WGMCR8MNGBN63H
age
55608
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
yJyucI3OAiKL89/D4BP7DiphAVqb4zdylpYOwb0Li+Jg/HH6gtJ/TNaR8phEr1kv9ipysY3Gkbj9LefmEicc5g==
last-modified
Fri, 21 Apr 2023 11:12:24 GMT
server
cloudflare
etag
W/"79caa19bb3d48aa779ab7af954c6b913"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQ4clQbgVCtGkKgCEDOnV9QtKHmF8fRuWUidnCtmockxmHhfKi3EMmFzV3uAAXmWUnkWY5XlhAAcSqSweTqrrybxhJzKCF52NbuqhcxdqojrdzXu%2BW%2FnSiZB9NevZbIBdzeRD9o%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7be143d2eeb58fec-FRA
expires
Sat, 20 Apr 2024 11:12:23 GMT
config
thimble.zendesk.com/embeddable/ Frame 5358 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://thimble.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-c0c9b7521aeb969bfe7a.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d382ebeba7ff741fda6569f254f46c9fe8f986adc1647406dcd0aa04ce46973

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:45 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
48
x-zendesk-origin-server
embeddable-app-server-5775656685-t88nc
x-cached
MISS
x-request-id
7be142abd85f69a3-FRA
x-runtime
0.002966
last-modified
Wed, 26 Apr 2023 19:33:57 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T6pO%2BcFWawf7H%2F78JR%2BBlhd3BFMR3ogi8AdiwK3ctXqgEr4kh6IwjQvtlOuSmnFylGunmtYmschXC%2FsMOHagL3Y%2BREY61ZMvVGzLNnhILTA2iKlejG7esG4HsGjmcjW7KDuFoQs%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
7be143d36e276927-FRA
web-widget-main-3a32751.js
static.zdassets.com/web_widget/classic/latest/ Frame 5358 		1 MB
300 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-3a32751.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-c0c9b7521aeb969bfe7a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86ffd072440f9fa6f904bfa6dc20cc166dbd7dfc15d03c28425cef1a8ad2e6e5
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:45 GMT
x-amz-version-id
9V4Ock9.KBDA21dgEE7tHkByHdjNJNtv
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
N1WJH0SDP9HR3AMK
age
55609
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
iwvjz4kqmb/OKlxVYu18bAgBJr2tzaIOfmk7lF90zFBHAyEfgsJhl3DNpZ/xZwcnn1x4gbevtnM=
last-modified
Fri, 21 Apr 2023 11:15:05 GMT
server
cloudflare
etag
W/"1e776ee80f034fbe12faa2b2d77519e4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uyiOQgRKp3WbKDfzR%2BxRITTh1ILX7l1L31AEeDM77GQkHlV1%2FadAgkHyBgGkI%2FJKtFPEwEVhxh%2BX1VFmtHP3%2BTBB0T8Vk5rkY3CesQG25Mv3H7vrcT%2FMiDYNpoLPeBbJP59g9tw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7be143d3afb58fec-FRA
expires
Sat, 20 Apr 2024 11:15:04 GMT
embeddable_blip
thimble.zendesk.com/ Frame 5358 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://thimble.zendesk.com/embeddable_blip?type=settings&data=eyJzZXR0aW5ncyI6eyJ3ZWJXaWRnZXQiOnsiY29udGFjdE9wdGlvbnMiOnsiZW5hYmxlZCI6dHJ1ZSwiY29udGFjdEJ1dHRvbiI6eyIqIjoiR2V0IGluIHRvdWNoIn0sImNoYXRMYWJlbE9ubGluZSI6eyIqIjoiU3RhcnQgYSBsaXZlIGNoYXQifSwiY2hhdExhYmVsT2ZmbGluZSI6eyIqIjoiQ2hhdCBpcyB1bmF2YWlsYWJsZSJ9LCJjb250YWN0Rm9ybUxhYmVsIjp7IioiOiJTZW5kIHVzIGEgbWVzc2FnZSJ9fSwiY2hhdCI6eyJ0aXRsZSI6eyIqIjoiQ2hhdCB3aXRoIHVzIn19LCJjb250YWN0Rm9ybSI6eyJhdHRhY2htZW50cyI6ZmFsc2UsInRpY2tldEZvcm1zIjpbeyJpZCI6MTUwMDAwMTI5MzUyMiwidGl0bGUiOmZhbHNlfV0sInRpdGxlIjp7IioiOiJTZW5kIHVzIGEgbWVzc2FnZSJ9fSwiaGVscENlbnRlciI6eyJjaGF0QnV0dG9uIjp7IioiOiJHZXQgaW4gdG91Y2gifSwibWVzc2FnZUJ1dHRvbiI6eyIqIjoiR2V0IGluIHRvdWNoIn0sInNlYXJjaFBsYWNlaG9sZGVyIjp7IioiOiJTZWFyY2ggb3VyIEhlbHAgQ2VudGVyIn0sInRpdGxlIjp7IioiOiJXaGF0IGNhbiB3ZSBoZWxwIHlvdSB3aXRoPyJ9fSwibGF1bmNoZXIiOnsiY2hhdExhYmVsIjp7IioiOiJOZWVkIGhlbHAifSwibGFiZWwiOnsiKiI6Ik5lZWQgaGVscCJ9fSwidGFsayI6eyJzdXBwcmVzcyI6dHJ1ZX19fSwiYnVpZCI6IjUxNmIwNDMyMTdhYTQ0MWE4MDcwNWZiZjA5ODNmYzI0Iiwic3VpZCI6IjMxNzU3YzUxNjBiYTQ3Y2RhYzk0YjJhNjQ0YjU2ZWU1IiwidmVyc2lvbiI6IjNhMzI3NTEiLCJ0aW1lc3RhbXAiOiIyMDIzLTA0LTI2VDE5OjM0OjQ1LjI5NloiLCJ1cmwiOiJodHRwczovL2NvaS50aGltYmxlLmNvbS9vbmJvYXJkP3BvbGljeV9pZD02MjdiMDVmNzdiNGExOTAwMmUwZWVkZTMmcG9saWN5X2FpX2lkPTY0NDk3OTViZDFkNjE4MDA2NWM4MmVjMSZ1dG1fc291cmNlPXNnJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPWFpX3BvbGljeV9uZXdfYWkifQ%3D%3D
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-c0c9b7521aeb969bfe7a.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:45 GMT
cf-cache-status
MISS
last-modified
Wed, 26 Apr 2023 19:34:45 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-zendesk-zorg
yes
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e39%2F5qsUQRJrFYsak8HNIDqaD30hS2%2B2HI712KAqz7PgHGvPw322CiHHCC7RueKLswwCKstE%2BRbBdTO5yMiESHy5GIkhRUrDAZFNCErLbDjZy2aUPnnTYxLmn7HrwV2YXZxlkBE%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
accept-ranges
bytes
cf-ray
7be143d528436927-FRA
content-length
0
x-request-id
7be143d528436927-FRA
en-us-json-3a32751.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 5358 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-3a32751.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-3a32751.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b1e453d0d95718e19766d3023ea82dc059f728f3b112b7980773c109ac0bd31
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:45 GMT
x-amz-version-id
F6AHT_xn3trURXhJXeJ4DOoBnCPHMfcW
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
SZY88M16H09VYVKQ
age
55607
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
DAWtr1HZpJE2mCru1xbe37kBmx+ZU8dYWob7WSwxGzwePiGcNeWIqSf6yd10dWYF6wf4Ho+BGHQ=
last-modified
Fri, 21 Apr 2023 11:15:07 GMT
server
cloudflare
etag
W/"89b68f56c96d15075b04b0ea633eabf1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A1ynfDUymOY9yzzTYhXz%2FE6rpEMVcFVRXJaDTGhnfDW6u7RCL74Twb5pxjkC0WvSiG3rkyfHDm2qNaeupkEIcoh3ypDxqpcojh4w6%2B7H78RQnmzKyN92TghkAQn50MCfqZ1v8JI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7be143d529d68fec-FRA
expires
Sat, 20 Apr 2024 11:15:06 GMT
/
api.amplitude.com/ 		7 B
205 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.amplitude.com/
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.68.26.177 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-68-26-177.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://coi.thimble.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 26 Apr 2023 19:34:45 GMT
strict-transport-security
max-age=15768000
trace-id
Root=1-64497cd5-54d275d906b82f9f70f0b758
content-length
7
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
integrations
rs.fullstory.com/rec/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/integrations?OrgId=HK4QC
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
1880c86ff33ab09fd7d945d45791fa63ef02dc7795ed8fb0fb04ebb5e81dccea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:45 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/javascript; charset=utf-8
bundle
rs.fullstory.com/rec/ 		29 B
43 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/bundle?OrgId=HK4QC&UserId=5644645632036864&SessionId=5264426645573632&PageId=8763090683679147104&Seq=1&PageStart=1682537685079&PrevBundleTime=0&LastActivity=3&IsNewSession=true
Requested by
Host: coi.thimble.com
URL: https://coi.thimble.com/assets/static/js/bundle.74adf062.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
de3251525f81492d3edd93fd1db360419925a64a9cb75e947d884a65d8e94932

Request headers

Referer
https://coi.thimble.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://coi.thimble.com
date
Wed, 26 Apr 2023 19:34:45 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
content-type
application/json; charset=utf-8
web-widget-chat-sdk-3a32751.js
static.zdassets.com/web_widget/classic/latest/ Frame 5358 		202 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-3a32751.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-3a32751.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0dd9e6f31221b8432522601d43794879960167232e35bfd035187e12fbbdb89
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:45 GMT
x-amz-version-id
9Hm9o1qC8DxCYXWVIyK7A1AL4NkTIcKV
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
7AJZ5SVNTJ7ZYBWE
age
55608
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
bxUmYqaFlqEyVoeumHfj/dXmEBnjyHynJpUhlexUhcXOV+Xtdk8GRIWE6JsGD4Z38CDtg/paW47F9KmKoOQb3g==
last-modified
Fri, 21 Apr 2023 11:15:05 GMT
server
cloudflare
etag
W/"d366c0776c2bacba354d40e564c3d3e6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4PeoPEjalotsK3pPDNd3UaUx5xheuW4RC5dyvJERp8Vm7NvGVVXycW0olbHiDhl7m97sJoT2gLaFFITFMkIL01jN9ouVWr%2FvlDareuFx6zc3ws4luAElATGJenYBBwCrjRrg2Ow%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7be143d59a6f8fec-FRA
expires
Sat, 20 Apr 2024 11:15:04 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=1419566811&t=event&ni=1&_s=2&dl=https%3A%2F%2Fcoi.thimble.com%2Fonboard%3Fpolicy_id%3D627b05f77b4a19002e0eede3%26policy_ai_id%3D6449795bd1d6180065c82ec1%26utm_source%3Dsg%26utm_medium%3Demail%26utm_campaign%3Dai_policy_new_ai&ul=en-us&de=UTF-8&dt=Certificate%20Manager%20%7C%20Thimble&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=FullStory&_u=aHBAiEAjBAAAAEAAI~&jid=&gjid=&cid=1056855504.1682537685&tid=UA-76257984-1&_gid=130013833.1682537685&gtm=45He34j0n71KX757H&cd2=https%3A%2F%2Fapp.fullstory.com%2Fui%2FHK4QC%2Fsession%2F5644645632036864%253A5264426645573632%3Fintegration_src%3Dga_universal&z=1272142161
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 26 Apr 2023 02:05:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
62955
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
web-widget-chat-incoming-message-notification-3a32751.js
static.zdassets.com/web_widget/classic/latest/ Frame 5358 		208 B
668 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-3a32751.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-3a32751.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53be1dac57456d1c758599183b9f5b14c95fe22ea6bc0ee70da5d989ef8a9407
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:34:45 GMT
x-amz-version-id
7HODo2iiVFyU5h3IUMyhjGuAEbjo6Ghs
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
7AJW2340K4MWSV00
age
55608
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
T3k7jZi1dsPTcr59X+TmGmmeB4CnfdUvCCfe0vWiyab5kfb4DNFAHfiZfCkOZdtB8G1vbqSEkpuM/ZzNXbPs4A==
last-modified
Fri, 21 Apr 2023 11:15:05 GMT
server
cloudflare
etag
W/"659635f5ad1b6653645380f46aa42236"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dnbnaBv8NdbF7B%2B8dfSAfoL7zHVmYfs7tPGhS8lcRaMdJ4283FUFGvbreIfGypGSSw0kv%2BWdIIoS3kG%2FZ6XGxZYImBw6bbm7wtvpnV1rE7OXXE%2FMygPohcU5jebrswX0qCPdzIo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7be143d7adab8fec-FRA
expires
Sat, 20 Apr 2024 11:15:04 GMT
fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 5358 		19 KB
20 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 26 Apr 2023 19:34:45 GMT
x-amz-version-id
1LssqX8E3hLucQysYFyWE59Oh5t2m_Co
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
8Z2N0R0G2H6KAMH1
age
1200313
x-amz-server-side-encryption
AES256
Content-Range
bytes 0-19697/19698
x-amz-replication-status
COMPLETED
Content-Length
19698
x-amz-id-2
ZjIBVFaMNB5tvgnxJzRfSFGcq6/qxoaVy8r7XrQ5j2PP+g2rvNpOnb6twcAqTDNiNQjXm7yZYlOYwwGjBZcHqQ==
last-modified
Wed, 12 Apr 2023 05:00:30 GMT
server
cloudflare
etag
"f11ce9e8f40a392830217253fe75d6de"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=94Jc1sX7PSYa%2BDXpDZrOmq7XJIN58Vjr%2Fp1X3nMudQy3D36Cko%2BfnqpSxMhXzMwJtmaTNd1CfV4yZBqRFhHMpFzRU%2BUeBCK5WJNFAe6SG%2Bu2nF%2B1hPYmBk1ayL4foJq9bxXS0Sk%3D"}],"group":"cf-nel","max_age":604800}
content-type
audio/mpeg; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7be143d7fe258fec-FRA
expires
Thu, 11 Apr 2024 05:00:29 GMT
fs.js
edge.fullstory.com/s/ Frame E190 		246 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
aeb52bf0d3893e1dd6d844d1658c24e3912b4154d7537d5f5f2d11a9e7c221ed

Request headers

Referer
Origin
https://coi.thimble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 19:04:28 GMT
content-encoding
br
age
1817
x-guploader-uploadid
ADPycdvWY7wv6wOovKHny3J-e5ug5o9dc7lmKLkrXmUWP4lEOjBsLj81pHu1vFl6nqJAyZgs7b8d_wmUDIh77Z5ESz5b
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67590
last-modified
Mon, 24 Apr 2023 14:36:03 GMT
server
UploadServer
etag
"d53f15877b3b43f771842579aeaebd7d"
vary
Accept-Encoding
x-goog-generation
1682346963410736
x-goog-hash
crc32c=8Ord5A==, md5=1T8Vh3s7Q/dxhCV5rq69fQ==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
67590
accept-ranges
bytes
content-type
application/javascript
expires
Wed, 26 Apr 2023 20:04:28 GMT
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RQYSNHGMM1&gtm=45je34j0&_p=1419566811&cid=1056855504.1682537685&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1682537684&sct=1&seg=0&dl=https%3A%2F%2Fcoi.thimble.com%2Fonboard%3Fpolicy_id%3D627b05f77b4a19002e0eede3%26policy_ai_id%3D6449795bd1d6180065c82ec1%26utm_source%3Dsg%26utm_medium%3Demail%26utm_campaign%3Dai_policy_new_ai&dt=Certificate%20Manager%20%7C%20Thimble&en=scroll&epn.percent_scrolled=90&_et=66
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RQYSNHGMM1&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://coi.thimble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 26 Apr 2023 19:34:49 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://coi.thimble.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.de
URL
https://www.google.de/pagead/1p-user-list/876410777/?random=1682537684510&cv=11&fst=1682535600000&bg=ffffff&guid=ON&async=1&gtm=45be34j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcoi.thimble.com%2Fonboard%3Fpolicy_id%3D627b05f77b4a19002e0eede3%26policy_ai_id%3D6449795bd1d6180065c82ec1%26utm_source%3Dsg%26utm_medium%3Demail%26utm_campaign%3Dai_policy_new_ai&frm=0&tiba=Certificate%20Manager%20%7C%20Thimble&data=event%3Dgtag.config%3B%20allow_enhanced_conversions%3Dtrue&fmt=3&is_vtc=1&random=3866873380&rmt_tld=1&ipr=y
Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-76257984-1&cid=1056855504.1682537685&jid=1853460098&_u=aGBAiEAjBAAAAEAAI~&z=1704405521

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 boolean| credentialless object| analytics object| dataLayer object| delightedNps4 function| isIE object| __PRELOADED_STATE__ undefined| message function| AdditionalQuestionsOptions function| AdditionalQuestionsScale object| _delighted object| webpackJsonp function| clearImmediate function| setImmediate object| regeneratorRuntime object| __SENTRY__ function| _ object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| __sentry_instrumentation_handlers__ object| zESettings function| gtag object| GooglebQhCsO function| UET function| UET_init function| UET_push object| gaplugins object| gaGlobal object| gaData object| ueto_98b69198db object| uetq object| zEWebpackACJsonp function| zE function| zEmbed object| amplitudeDeps function| amplitudeLoader object| fullstoryDeps function| fullstoryLoader object| google-tag-managerDeps function| google-tag-managerLoader object| webpackJsonp_name_Integration function| amplitudeIntegration object| amplitude function| fullstoryIntegration boolean| _fs_is_outer_script boolean| _fs_debug string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS function| google-tag-managerIntegration function| onYouTubeIframeAPIReady string| _fs_loaded function| _fs_shutdown boolean| zEACLoaded function| $zopim

15 Cookies

Domain/Path Name / Value
.thimble.com/ Name: _gcl_au
Value: 1.1.353764902.1682537684
.thimble.com/ Name: _gid
Value: GA1.2.130013833.1682537685
.thimble.com/ Name: _uetsid
Value: 65995720e46911ed97b7f9914e22f0ee
.thimble.com/ Name: _uetvid
Value: 659961d0e46911ed861be76c4924857d
.thimble.com/ Name: _dc_gtm_UA-76257984-1
Value: 1
.thimble.com/ Name: ajs_anonymous_id
Value: 4234682c-8971-4362-8da0-37effde8f3e4
.bing.com/ Name: MUID
Value: 12F22984AB7769AE04593B7BAA1C6887
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.thimble.com/ Name: amplitude_idundefinedthimble.com
Value: eyJvcHRPdXQiOmZhbHNlLCJzZXNzaW9uSWQiOm51bGwsImxhc3RFdmVudFRpbWUiOm51bGwsImV2ZW50SWQiOjAsImlkZW50aWZ5SWQiOjAsInNlcXVlbmNlTnVtYmVyIjowfQ==
.thimble.com/ Name: amplitude_id_d8e78576db7dd25fc7b7d763c59adedbthimble.com
Value: eyJkZXZpY2VJZCI6IjM2MjcwMjNiLWVhN2ItNDk3OS1iYWUwLTM2MzA0OTIxMWU4MlIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTY4MjUzNzY4NDY0NywibGFzdEV2ZW50VGltZSI6MTY4MjUzNzY4NDY2MywiZXZlbnRJZCI6MiwiaWRlbnRpZnlJZCI6MSwic2VxdWVuY2VOdW1iZXIiOjN9
.thimble.com/ Name: _ga
Value: GA1.1.1056855504.1682537685
.thimble.com/ Name: _ga_RQYSNHGMM1
Value: GS1.1.1682537684.1.0.1682537684.0.0.0
.thimble.com/ Name: fs_uid
Value: #HK4QC#5644645632036864:5264426645573632:::#/1714073684
widget-mediator.zopim.com/ Name: AWSALBCORS
Value: /HBiZyHrGJ4XixuOjhxe7P7yChDp6KoGsJJ+EaxqOdRumU+NvsTlGgpsnJbHWgsEjebH8HvKGifY/wtQrpM6BkEpOPbkzbap/AcAXvwkWQgUKHz7wIdjwp9N1zQH
.thimble.com/ Name: __zlcmid
Value: 1FZlmCWI7RPWqu0

2 Console Messages

Source Level URL
Text
security error URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Message:
Refused to load the image 'https://www.google.de/pagead/1p-user-list/876410777/?random=1682537684510&cv=11&fst=1682535600000&bg=ffffff&guid=ON&async=1&gtm=45be34j0&u_w=1600&u_h=1200&url=https%3A%2F%2Fcoi.thimble.com%2Fonboard%3Fpolicy_id%3D627b05f77b4a19002e0eede3%26policy_ai_id%3D6449795bd1d6180065c82ec1%26utm_source%3Dsg%26utm_medium%3Demail%26utm_campaign%3Dai_policy_new_ai&frm=0&tiba=Certificate%20Manager%20%7C%20Thimble&data=event%3Dgtag.config%3B%20allow_enhanced_conversions%3Dtrue&fmt=3&is_vtc=1&random=3866873380&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://coi.thimble.com/onboard?policy_id=627b05f77b4a19002e0eede3&policy_ai_id=6449795bd1d6180065c82ec1&utm_source=sg&utm_medium=email&utm_campaign=ai_policy_new_ai
Message:
Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-76257984-1&cid=1056855504.1682537685&jid=1853460098&_u=aGBAiEAjBAAAAEAAI~&z=1704405521' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.thimble.com https://*.verifly.com *.okta.com *.google-analytics.com *.stripe.com https://*.zdassets.com *.zopim.com wss://*.zopim.com https://*.fullstory.com https://*.segment.io https://*.amplitude.com https://bat.bing.com https://*.googletagmanager.com https://*.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://thimble.sjv.io https://*.impactradius-event.com https://*.appsflyer.com https://*.plaid.com https://*.tokenex.com https://*.zendesk.com polyfill.io https://*.sentry.io https://*.doubleclick.net https://*.google.com https://*.optimizely.com https://sentry.io https://www.youtube.com https://fonts.googleapis.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://*.sentry-cdn.com https://*.amazonaws.com https://embed.typeform.com https://*.delighted.com https://heythimble.typeform.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.amplitude.com
api.segment.io
bat.bing.com
cdn.amplitude.com
cdn.optimizely.com
cdn.segment.com
coi.thimble.com
d2yyd1h5u9mauk.cloudfront.net
edge.fullstory.com
ekr.zdassets.com
fonts.googleapis.com
googleads.g.doubleclick.net
l.thimble.com
o202001.ingest.sentry.io
pdf.thimble.com
region1.google-analytics.com
rs.fullstory.com
static.zdassets.com
stats.g.doubleclick.net
thimble.zendesk.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.google.de
104.16.51.111
104.18.70.113
104.18.72.113
13.32.118.85
13.32.121.7
18.66.147.96
2001:4860:4802:34::36
2620:1ec:c11::200
2a00:1450:4001:802::2002
2a00:1450:4001:810::2008
2a00:1450:4001:827::200a
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2004
2a00:1450:400c:c00::9b
2a02:26f0:6c00:1a1::13b8
34.120.195.249
35.186.194.58
35.201.112.186
52.222.206.214
52.222.214.37
54.68.26.177
54.69.86.105
99.86.8.175
06d95e7c78ae4bd7fc58fe29a222697fa4063a83a676d6169b875e8462a253d9
0a3fe5448939956441ba55d03714431a225707bcead7f9f511c4c9621fc859eb
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
139d646375cbdb36a7c9290d6aa7e0d09d54ad31e12e73c56b0dd10bcb2feca0
13f02a49ae90b79d43602873337b49a5147dd9aa17d4ac5189be017ba779a8cd
1880c86ff33ab09fd7d945d45791fa63ef02dc7795ed8fb0fb04ebb5e81dccea
2173f130ca59dc5554498343432f02f92ecce45c4f9381ea12b203a2978f33d4
21d2ea81f22f44525f201ad9f4702029e0b2bfe65d5a2b534104dbe4b2346bbe
2be8552cf803ef27724f5f2f96db42b0d007831eec3757c45d66277844dbe44a
32c47876313b64c4f17401f0a4cba23ca4e5bd85b1330cb67a9a2761d31b5ea2
3ab87ad8deb2739e4134ecbae60b6de8a5ac013482b756056f6f26d985d7e85a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a4fc7eb51661d6ff041158be439b7f4101f2da32f500940158bfe22897a876f
4b1e453d0d95718e19766d3023ea82dc059f728f3b112b7980773c109ac0bd31
53be1dac57456d1c758599183b9f5b14c95fe22ea6bc0ee70da5d989ef8a9407
54d568d9ce46eac023fc79dcb89315c84c37ae891862374bf73fc89dc7c96845
558ab8aa7080f2b2aa2087c887a56a0b70a5c72b53652b5834db974a2da251a3
5828bc7c48c1085c6114b06008fb8048f4f2432c97b2de3b7551c0910115fd63
5aca7f27b7a0dc4d476a1d75d9361b9a1d319f850efc7335c3ab661dc1f23220
6668bdfd998e577320c9ae2c472020beedf7d69388493767382d221b26baf301
68114cc4f923060ffe05e78f3a55f1bc762d071a0ed7bfb01a1d0a7f3f39000c
6ac404a65bffee85a15718f669a44f5a034c94116661e6e0e48b1609f4a8617a
6d382ebeba7ff741fda6569f254f46c9fe8f986adc1647406dcd0aa04ce46973
7438552400a5fae2abe38b5ca660a8234cad3d99c459a23648449451e8efd0ee
74673bc487b3b73fae6bab8a8383aa398b60cb1632be27998e74357ee6226a68
7be54d87054f1d218b7020d39ec47c67255d851a9e1ec5a1964d30dbae151147
7f54c81c05134c5f65b761350cce67a7501719eac5375c1edd9a1d30952a79a8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86ffd072440f9fa6f904bfa6dc20cc166dbd7dfc15d03c28425cef1a8ad2e6e5
888b1efc2977d40c305b9b52d1bad329e5dcd86252a28a2a8a6af65b046313ea
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9535930ddab4213a71a9d541eb23b42613d47327ee45cfffdb5534bb5c5aa2e7
95aad288a3a5dc1de8bcbd75925ac1ac37e8adb9d5d68295ad50a2a76e7275e9
97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46
a36651871015e449d9c81b6dd70e5db4906b7a5a447f69eebdff2c28c4ec66cf
aa1666dba967489a7d09cf24e08532d2254aad7618f8ff5982f8a72292b113ee
aaa3ce565fe9aca6508107a631bcd5af7919f4f73c46e0606c61ee5712cebca6
aeb52bf0d3893e1dd6d844d1658c24e3912b4154d7537d5f5f2d11a9e7c221ed
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
c0dd9e6f31221b8432522601d43794879960167232e35bfd035187e12fbbdb89
cf7dcb55833db7b6945431f847d76fa998a514747af214a28bf4960e6e654df2
dc1f6fd8651b655336e00a8c9f777977c2d077ca47b84cc6fcd2979dd713631e
de3251525f81492d3edd93fd1db360419925a64a9cb75e947d884a65d8e94932
de8f2ac57087767409b0bb4025e88c1ebb0fd18e0e73144e4ac15997f3350821
e28a44f05465881891ed02e04f286084a8fdb361d81e1877ea4f612f05dcddaf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e91a86b8d8da28eaf681b924b135c3a8ffacb6d51d2affad9d684e708d60a3db
ebfd82f42fce1b9b5044aec6ca26daab4484342588dd336982dc5aad6c1315b5
eec5c0b7f3736c064a5c93fb61f419fe7d3f7c1815c81004312fd349fd43be2c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f56c7ccfbc7389eafe2d184f59fa7e19b72274c6477d89c433fabc67a402c0f1
ff07aa8bb04de0d0d8ccefc2593e418be3aa657b765bac2f8a546903264d043b