dev-payment-ui.ets-cpds-nonprod.c.ets.org Open in urlscan Pro
18.245.46.53  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response dev-payment-ui.ets-cpds-nonprod.c.ets.org/	539 B 1 KB	561ms 473ms	Document text/html	18.245.46.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.245.46.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-46-53.fra56.r.cloudfront.net Software CloudFront / Resource Hash 8719a444be90e3642c7056782cca62e62c1af0ceb1eb630eabafb66aa17ea309 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Accept-Ranges bytes Connection keep-alive Content-Length 539 Content-Type text/html Date Thu, 25 Apr 2024 03:53:25 GMT Last-Modified Wed, 24 Apr 2024 19:36:10 GMT Referrer-Policy strict-origin-when-cross-origin Server CloudFront Strict-Transport-Security max-age=31536000 Vary Origin Via 1.1 77e414816706879c16a3707f261f0b5a.cloudfront.net (CloudFront) X-Amz-Cf-Id zMEJT0NopTNqlqDNr3aN1Q3n1kpKo9tb2ZwutX24iaKVay1yWsnX5w== X-Amz-Cf-Pop FRA56-P9 X-Cache Miss from cloudfront X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block x-amz-version-id mI_tDVxxPjIZvVz_xKKzm10eRjykEVuL
GET H/1.1	200 OK	style.css dev-payment-ui.ets-cpds-nonprod.c.ets.org/	732 B 1 KB	558ms 558ms	Stylesheet text/css	18.245.46.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/style.css Requested by Host: dev-payment-ui.ets-cpds-nonprod.c.ets.org URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.245.46.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-46-53.fra56.r.cloudfront.net Software CloudFront / Resource Hash 726b0c1597b107b2ebc2473c6b6347f5af281c894d9f5096a79d00271aa672ad Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Thu, 25 Apr 2024 03:53:25 GMT x-amz-version-id oR3lz2Rz1HXDfOa5CjIRuBgfkzUqt0Fd Via 1.1 77e414816706879c16a3707f261f0b5a.cloudfront.net (CloudFront) X-Content-Type-Options nosniff Strict-Transport-Security max-age=31536000 X-Amz-Cf-Pop FRA56-P9 X-Cache Miss from cloudfront Connection keep-alive Content-Length 732 X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Wed, 24 Apr 2024 19:36:09 GMT Server CloudFront X-Frame-Options SAMEORIGIN Vary Origin Content-Type text/css Accept-Ranges bytes X-Amz-Cf-Id z8oUfSjf5fvNT9xplA1G2sVWfIRNgD9KWc9yrX_bkNbuajG2GjmtMg==
GET H2	200	/ Show response js.stripe.com/v3/	605 KB 167 KB	137ms 37ms	Script text/javascript	151.101.192.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/ Requested by Host: dev-payment-ui.ets-cpds-nonprod.c.ets.org URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.192.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash c678eb6075444e6900a93bbabbe43842cea3042ff153d4c194b54e9cea2f9347 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Thu, 25 Apr 2024 03:53:24 GMT via 1.1 varnish age 52 x-cache HIT content-length 170813 x-request-id 65cebe8c-fc8a-4f22-9045-f73bd26d80a4 x-served-by cache-fra-etou8220101-FRA last-modified Wed, 24 Apr 2024 22:49:38 GMT server Fastly etag "889cd333c072def16ccd664ba98308f8" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 8
GET H/1.1	200 OK	checkout.js Show response dev-payment-ui.ets-cpds-nonprod.c.ets.org/	1 KB 1 KB	574ms 496ms	Script application/javascript	18.245.46.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/checkout.js Requested by Host: dev-payment-ui.ets-cpds-nonprod.c.ets.org URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.245.46.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-46-53.fra56.r.cloudfront.net Software CloudFront / Resource Hash 5903ef36db58a3d2857e53d8dc1071b5a2e0a8ede9eeaa5d055f942393b28453 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Thu, 25 Apr 2024 03:53:26 GMT x-amz-version-id .JWrlPjXL3t2Awi8fpG4hqnlGGNz3Z8P Content-Encoding gzip X-Content-Type-Options nosniff Via 1.1 5335ce80c0b9264bc591cce2c73bef5e.cloudfront.net (CloudFront) Strict-Transport-Security max-age=31536000 X-Amz-Cf-Pop FRA56-P9 Transfer-Encoding chunked X-Cache Miss from cloudfront Connection keep-alive X-XSS-Protection 1; mode=block Referrer-Policy strict-origin-when-cross-origin Last-Modified Wed, 24 Apr 2024 20:02:29 GMT Server CloudFront Vary Accept-Encoding, Origin X-Frame-Options SAMEORIGIN Content-Type application/javascript X-Amz-Cf-Id bj206ZgGmsBr-p5k-Xuvr2SLffzmRSM5Hc4KceuxcoWpmd_Pw2g0Gw==
GET H2	200	controller-with-preconnect-9ef2e8639cda85ae9ecd2351c0bc3bc2.html js.stripe.com/v3/ Frame D48F	0 0	116ms 38ms	Document text/html	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/controller-with-preconnect-9ef2e8639cda85ae9ecd2351c0bc3bc2.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes access-control-allow-origin * age 49 cache-control max-age=60, stale-while-revalidate=900 content-encoding br content-length 228 content-security-policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Thu, 25 Apr 2024 03:53:25 GMT etag "9ef2e8639cda85ae9ecd2351c0bc3bc2" last-modified Wed, 24 Apr 2024 22:13:11 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 2 x-content-type-options nosniff x-request-id bc0c2866-c746-4e37-a16d-2281aa0fa3bf x-served-by cache-fra-etou8220040-FRA
GET H2	200	embedded-checkout-outer-11ef5b041841c3a8b715bf28ef1078e2.js Show response js.stripe.com/v3/fingerprinted/js/	18 KB 6 KB	37ms 37ms	Script text/javascript	151.101.192.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/embedded-checkout-outer-11ef5b041841c3a8b715bf28ef1078e2.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.192.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 4a96a5cb93e9ee71f8c3c0a8c1fc2d690c781fae081dabaf35252fb72d7a7821 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Thu, 25 Apr 2024 03:53:25 GMT via 1.1 varnish age 18133 x-cache HIT content-length 5976 x-request-id fc46a300-7c0f-41ac-ab52-016b6fd04655 x-served-by cache-fra-etou8220101-FRA last-modified Wed, 24 Apr 2024 22:13:22 GMT server Fastly etag "ab0daf2154cf021a7a0199eea70c44fc" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * x-cache-hits 0
GET H2	200	m-outer-3437aaddcdf6922d623e172c2d6f9278.html js.stripe.com/v3/ Frame 02CB	0 0	115ms 39ms	Document text/html	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes access-control-allow-origin * age 1899680 cache-control max-age=31536000 content-encoding br content-length 154 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Thu, 25 Apr 2024 03:53:25 GMT etag "3437aaddcdf6922d623e172c2d6f9278" last-modified Fri, 11 Nov 2022 20:25:37 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 482726 x-content-type-options nosniff x-request-id 18aa63b0-a614-40d0-865d-afcee0c3110f x-served-by cache-fra-etou8220040-FRA
GET H2	200	products Show response dev-payment-api.ets-cpds-nonprod.c.ets.org/	108 B 359 B	702ms 441ms	Fetch application/json	54.243.114.112 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://dev-payment-api.ets-cpds-nonprod.c.ets.org/products Requested by Host: dev-payment-ui.ets-cpds-nonprod.c.ets.org URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/checkout.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.243.114.112 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-243-114-112.compute-1.amazonaws.com Software / Resource Hash 272e2de23cb5430b7a32d52e52cabe36adf9fb6c814a9a80f9c048c3ce0f2d5e Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 25 Apr 2024 03:53:25 GMT x-amzn-requestid ec3fc011-03a9-432d-b722-8b17871ca900 x-amzn-trace-id Root=1-6629d3b5-109ad0b7505a6c62180ac003 access-control-allow-methods * content-type application/json access-control-allow-origin * x-amz-apigw-id Ww4EaFeyIAMETEA= content-length 108 access-control-allow-headers *
GET H2	200	embedded-checkout-inner-3dcee8736b91c038c2ac24f66f94ed653f61a5ab.html js.stripe.com/v3/ Frame 9A8E	0 0	77ms 42ms	Document text/html	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/embedded-checkout-inner-3dcee8736b91c038c2ac24f66f94ed653f61a5ab.html?publishableKey=pk_test_51P963YRsfzSI0rpfR1IfGwx5hessjKQGkRIWnEo38FkOqDiw6p3am367r2LSNa0vMe5F7dYIUhNCzhNIbif57G4200mxsZ46uQ&onComplete=false&mids[guid]=NA&mids[muid]=NA&mids[sid]=NA Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/embedded-checkout-outer-11ef5b041841c3a8b715bf28ef1078e2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://js.stripe.com https://r.stripe.com https://checkout-cookies.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://merchant-ui-api.stripe.com; default-src 'self'; font-src 'self' https://js.stripe.com; form-action 'none'; frame-src 'self' https://js.stripe.com https://payments.stripe.com https://checkout.link.com; img-src 'self' https://q.stripe.com https://js.stripe.com https://stripe-camo.global.ssl.fastly.net https://d1wqzb5bdbcre6.cloudfront.net https://qr.stripe.com https://b.stripecdn.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self' https://js.stripe.com 'sha256-Rs7zoycEGz8Aoh9NxrpDQaZ9oV27ZjlGKVOcL1V1ntA=' 'sha256-5I0d7VAiFxTvn5q7Kircm5lkb05CJ6P2j9V+dFI+0BE='; style-src 'self' https://js.stripe.com 'sha256-FLfzCmfmG72/B/W2L2O3OsoVkhq9pQvCH0CM5OItwxU='; worker-src 'none'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes access-control-allow-origin * age 18132 cache-control max-age=604800, stale-while-revalidate=900 content-encoding br content-length 86009 content-security-policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://js.stripe.com https://r.stripe.com https://checkout-cookies.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://merchant-ui-api.stripe.com; default-src 'self'; font-src 'self' https://js.stripe.com; form-action 'none'; frame-src 'self' https://js.stripe.com https://payments.stripe.com https://checkout.link.com; img-src 'self' https://q.stripe.com https://js.stripe.com https://stripe-camo.global.ssl.fastly.net https://d1wqzb5bdbcre6.cloudfront.net https://qr.stripe.com https://b.stripecdn.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self' https://js.stripe.com 'sha256-Rs7zoycEGz8Aoh9NxrpDQaZ9oV27ZjlGKVOcL1V1ntA=' 'sha256-5I0d7VAiFxTvn5q7Kircm5lkb05CJ6P2j9V+dFI+0BE='; style-src 'self' https://js.stripe.com 'sha256-FLfzCmfmG72/B/W2L2O3OsoVkhq9pQvCH0CM5OItwxU='; worker-src 'none'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Thu, 25 Apr 2024 03:53:25 GMT etag "fdf06f536db4ed4f8e93ec3c94ca0d6d" last-modified Wed, 24 Apr 2024 22:13:11 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 1 x-content-type-options nosniff x-request-id 210d1858-94ea-40c5-bb78-c25d6f7512fe x-served-by cache-fra-etou8220040-FRA
GET H2	200	embedded-checkout-modal-3dcee8736b91c038c2ac24f66f94ed653f61a5ab.html js.stripe.com/v3/ Frame 72A0	0 0	69ms 41ms	Document text/html	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/embedded-checkout-modal-3dcee8736b91c038c2ac24f66f94ed653f61a5ab.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/embedded-checkout-outer-11ef5b041841c3a8b715bf28ef1078e2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://js.stripe.com https://r.stripe.com https://checkout-cookies.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://merchant-ui-api.stripe.com; default-src 'self'; font-src 'self' https://js.stripe.com; form-action 'none'; frame-src 'self' https://js.stripe.com https://payments.stripe.com https://checkout.link.com; img-src 'self' https://q.stripe.com https://js.stripe.com https://stripe-camo.global.ssl.fastly.net https://d1wqzb5bdbcre6.cloudfront.net https://qr.stripe.com https://b.stripecdn.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self' https://js.stripe.com; style-src 'self' https://js.stripe.com; worker-src 'none'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes access-control-allow-origin * age 18132 cache-control max-age=604800, stale-while-revalidate=900 content-encoding br content-length 274 content-security-policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://js.stripe.com https://r.stripe.com https://checkout-cookies.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://merchant-ui-api.stripe.com; default-src 'self'; font-src 'self' https://js.stripe.com; form-action 'none'; frame-src 'self' https://js.stripe.com https://payments.stripe.com https://checkout.link.com; img-src 'self' https://q.stripe.com https://js.stripe.com https://stripe-camo.global.ssl.fastly.net https://d1wqzb5bdbcre6.cloudfront.net https://qr.stripe.com https://b.stripecdn.com https://files.stripe.com; media-src 'none'; object-src 'none'; script-src 'self' https://js.stripe.com; style-src 'self' https://js.stripe.com; worker-src 'none'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Thu, 25 Apr 2024 03:53:25 GMT etag "5e16b8a7efdce7f811ae2533cf4796e6" last-modified Wed, 24 Apr 2024 22:13:11 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 1 x-content-type-options nosniff x-request-id 2b077837-0371-4252-9c89-f9875cd0123a x-served-by cache-fra-etou8220040-FRA
GET H/1.1	403 Forbidden	favicon.ico dev-payment-ui.ets-cpds-nonprod.c.ets.org/	243 B 822 B	832ms 831ms	Other application/xml	18.245.46.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.245.46.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-245-46-53.fra56.r.cloudfront.net Software CloudFront / Resource Hash af78bdeb2e994df03306d3a0807de29919b1299c39a79ede51fa6db9a37f5255 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Thu, 25 Apr 2024 03:53:25 GMT Via 1.1 5335ce80c0b9264bc591cce2c73bef5e.cloudfront.net (CloudFront) Referrer-Policy strict-origin-when-cross-origin X-Content-Type-Options nosniff Server CloudFront Strict-Transport-Security max-age=31536000 X-Amz-Cf-Pop FRA56-P9 Transfer-Encoding chunked X-Cache Error from cloudfront Content-Type application/xml X-Frame-Options SAMEORIGIN Vary Origin Connection keep-alive X-Amz-Cf-Id mspNaKvXHTrnP55Vljz-aif-OpZgDFzNdHcYN7Gs2NU8nCw5Kna2TQ== X-XSS-Protection 1; mode=block
POST H2	201	create-checkout-session Show response dev-payment-api.ets-cpds-nonprod.c.ets.org/	201 B 458 B	502ms 502ms	Fetch application/json	54.243.114.112 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://dev-payment-api.ets-cpds-nonprod.c.ets.org/create-checkout-session Requested by Host: dev-payment-ui.ets-cpds-nonprod.c.ets.org URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/checkout.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.243.114.112 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-243-114-112.compute-1.amazonaws.com Software / Resource Hash 283fbc6e2722b1f307902df55eb031ab74fd93f59b7cc3a1f06448e8258e0eb4 Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-platform "Win32" Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Thu, 25 Apr 2024 03:53:26 GMT x-amzn-requestid 5da64461-371c-43a2-825e-a69073ce9d29 x-amzn-trace-id Root=1-6629d3b6-6a0d09887624b4c7587e5be9 access-control-allow-methods * content-type application/json access-control-allow-origin * x-amz-apigw-id Ww4EfEGvoAMEQYQ= content-length 201 access-control-allow-headers *
GET H2	200	payment-request-inner-google-pay-56a7a0094c610eeb9078997e0e257c18.html js.stripe.com/v3/ Frame 91B0	0 0	43ms 40ms	Document text/html	151.101.0.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/payment-request-inner-google-pay-56a7a0094c610eeb9078997e0e257c18.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.0.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes access-control-allow-origin * age 20179 cache-control max-age=31536000 content-encoding br content-length 221 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com https://google.com/pay https://www.google.com/pay https://pay.google.com; default-src 'none'; form-action 'none'; frame-src https://pay.google.com; img-src https://q.stripe.com https://www.gstatic.com; script-src 'self' https://pay.google.com; style-src 'self'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Thu, 25 Apr 2024 03:53:27 GMT etag "56a7a0094c610eeb9078997e0e257c18" last-modified Wed, 24 Apr 2024 22:13:25 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 61 x-content-type-options nosniff x-request-id cc623526-f0f7-4c7a-972e-441bc8028956 x-served-by cache-fra-etou8220040-FRA

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| webpackChunkStripeJSouter function| noop function| Stripe function| fetchProducts function| fetchClientSecret function| initialize

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.dev-payment-ui.ets-cpds-nonprod.c.ets.org/	1970-01-21 04:52:33	Name: __stripe_mid Value: b67beffa-c887-4e08-8ba7-7a4292a10af745f297
			.dev-payment-ui.ets-cpds-nonprod.c.ets.org/	1970-01-20 20:06:59	Name: __stripe_sid Value: 2da8269d-31a9-434f-abda-6ce81cb45c58d62d1e
			m.stripe.com/	1970-01-21 05:42:57	Name: m Value: 0705fee2-6573-44c6-a902-c63d706505524373e1
			api2.hcaptcha.com/	1970-01-20 20:06:59	Name: __cflb Value: 0H28vk2VKwPbLoawFj9mU2fhedYxxWRCuzS6qs5C73B
			api.hcaptcha.com/	1970-01-20 20:50:09	Name: hmt_id Value: b04c8c76-04a7-4427-9bc1-34352536f684

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/favicon.ico Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Each dictionary in the list "icons" should contain a non-empty UTF8 string field "sizes".
other	warning	URL: https://dev-payment-ui.ets-cpds-nonprod.c.ets.org/ Message: Each dictionary in the list "icons" should contain a non-empty UTF8 string field "type".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dev-payment-api.ets-cpds-nonprod.c.ets.org
dev-payment-ui.ets-cpds-nonprod.c.ets.org
js.stripe.com
151.101.0.176
151.101.192.176
18.245.46.53
54.243.114.112
272e2de23cb5430b7a32d52e52cabe36adf9fb6c814a9a80f9c048c3ce0f2d5e
283fbc6e2722b1f307902df55eb031ab74fd93f59b7cc3a1f06448e8258e0eb4
4a96a5cb93e9ee71f8c3c0a8c1fc2d690c781fae081dabaf35252fb72d7a7821
5903ef36db58a3d2857e53d8dc1071b5a2e0a8ede9eeaa5d055f942393b28453
726b0c1597b107b2ebc2473c6b6347f5af281c894d9f5096a79d00271aa672ad
8719a444be90e3642c7056782cca62e62c1af0ceb1eb630eabafb66aa17ea309
af78bdeb2e994df03306d3a0807de29919b1299c39a79ede51fa6db9a37f5255
c678eb6075444e6900a93bbabbe43842cea3042ff153d4c194b54e9cea2f9347