devxtestpac15602.thron.com Open in urlscan Pro
23.48.23.12 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://devxtestpac15602.thron.com/
Effective URL:
https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699a...
Submission: On June 17 via api (June 17th 2024, 7:18:07 am UTC) from US — Scanned from DE

Summary HTTP 30 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 4 domains to perform 30 HTTP transactions. The main IP is 23.48.23.12, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is devxtestpac15602.thron.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on February 11th 2024. Valid for: a year.

This is the only time devxtestpac15602.thron.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 15	23.48.23.12 23.48.23.12	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2400:52e0:1e0... 2400:52e0:1e00::1081:1	60068 (CDN77 _) (CDN77 _)
2	2400:52e0:1a0... 2400:52e0:1a00::1067:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
6	2.16.33.140 2.16.33.140	16625 (AKAMAI-AS) (AKAMAI-AS)
30	7

15 23.48.23.12 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-23-12.deploy.static.akamaitechnologies.com

devxtestpac15602.thron.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1081:1 (Germany)

ASN60068 (CDN77 _, GB)

survey.survicate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1a00::1067:1 (Chicago, United States)

ASN200325 (BUNNYCDN, SI)

surveys-static.survicate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.16.33.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-33-140.deploy.static.akamaitechnologies.com

devxtestpac15602-view.thron.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	thron.com 2 redirects devxtestpac15602.thron.com devxtestpac15602-view.thron.com devxtestpac15602-cdn.thron.com Failed	915 KB
3	survicate.com survey.survicate.com — Cisco Umbrella Rank: 6740 surveys-static.survicate.com — Cisco Umbrella Rank: 10628	180 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	250 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2347	261 B
30	4

	Domain	Requested by
15	devxtestpac15602.thron.com	2 redirects devxtestpac15602.thron.com
6	devxtestpac15602-view.thron.com	devxtestpac15602.thron.com
3	www.googletagmanager.com	devxtestpac15602.thron.com www.googletagmanager.com
2	surveys-static.survicate.com	survey.survicate.com
1	region1.google-analytics.com	www.googletagmanager.com
1	survey.survicate.com	devxtestpac15602.thron.com
0	devxtestpac15602-cdn.thron.com Failed	devxtestpac15602.thron.com
30	7

This site contains links to these domains. Also see Links.

Domain
devxtestpac15602-cdn.thron.com

Subject Issuer	Validity	Valid
*.thron.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-11` - `2025-02-11`	a year	crt.sh
*.google-analytics.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.survicate.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-18` - `2024-08-31`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid
Frame ID: 237AEE97856D2F74FFBE735A5F543100
Requests: 28 HTTP requests in this frame

Frame: https://devxtestpac15602.thron.com/ui/signin?prompt=none&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid&state=21a9d829a9474440aac4328c0b51ab39&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=IqtNpYo0lS8LlYqSLjs9Ypy75NwR9BC3ff_LIT0UFLA&code_challenge_method=S256
Frame ID: 17D3816313E022260427E460CC3BF21F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

THRON

Page URL History Show full URLs

https://devxtestpac15602.thron.com/ Page URL
https://devxtestpac15602.thron.com/api/v1/authentication/oauth2/auth?client_id=afcf7555d454e2ffb9a24222420f0fe2... HTTP 302
https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb... Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

30
Requests

87 %
HTTPS

67 %
IPv6

4
Domains

7
Subdomains

7
IPs

2
Countries

1390 kB
Transfer

3357 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://devxtestpac15602-cdn.thron.com/shared/assets/privacy/en/extendedprivacy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://devxtestpac15602.thron.com/ Page URL
https://devxtestpac15602.thron.com/api/v1/authentication/oauth2/auth?client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid&state=e210710ff3f94e43b604401d7d34f430&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256 HTTP 302
https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://devxtestpac15602.thron.com/api/v1/authentication/oauth2/auth?client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid&state=21a9d829a9474440aac4328c0b51ab39&code_challenge=IqtNpYo0lS8LlYqSLjs9Ypy75NwR9BC3ff_LIT0UFLA&code_challenge_method=S256&prompt=none HTTP 302
https://devxtestpac15602.thron.com/ui/signin?prompt=none&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid&state=21a9d829a9474440aac4328c0b51ab39&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=IqtNpYo0lS8LlYqSLjs9Ypy75NwR9BC3ff_LIT0UFLA&code_challenge_method=S256

30 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
devxtestpac15602.thron.com/ 4 KB
3 KB 416ms
204ms Document
text/html 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

97c7931d82fa4b6fd17d4e3c7673bd1ce3f4715adbd39b8c3ad068391fbbc478

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 1444
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
content-type: text/html
date: Mon, 17 Jun 2024 07:17:58 GMT
etag: W/"9d65f0ef0ae241a328bbb94a60d00c30"
expires: Mon, 17 Jun 2024 07:17:58 GMT
last-modified: Thu, 13 Jun 2024 12:56:31 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: THRON
strict-transport-security: max-age=600 ; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: noindex
x-xss-protection: 1; mode=block

GET
H2 200 app.a3b68574e5dfc01df59e.js Show response
devxtestpac15602.thron.com/js/ 4 KB
3 KB 248ms
247ms Script
application/javascript 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/js/app.a3b68574e5dfc01df59e.js

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

126dc71b6ec427859d1e5743f48fcfe771c06e8d21abd054502b71c1c7c778c3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:17:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
content-length: 2159
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 13 Jun 2024 12:56:26 GMT
server: THRON
etag: W/"315a1be7b5f4c04fa4b7ebdd2429608b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=300
x-robots-tag: noindex
expires: Mon, 17 Jun 2024 07:22:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 247 KB
88 KB 161ms
59ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S02QQK4RHS

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b3b8dc255ae61aa3c79690fe02ed66e9c5707fe1a4a79864fb49128e8077b6e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:17:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89908
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 17 Jun 2024 07:17:58 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 211 KB
74 KB 155ms
53ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PXWZD9LK

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3e2d49f1ff49a190b44ff6e4517a8fdc2d4714dc0da48c880bb9923ded032f82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:17:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75318
x-xss-protection: 0
last-modified: Mon, 17 Jun 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 Jun 2024 07:17:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 247 KB
88 KB 53ms
52ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S02QQK4RHS&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PXWZD9LK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0471c1d12cf98aa40673c36127d59bbcd778e942ae8133a1683cffaa1d8ad1bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:17:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89918
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 17 Jun 2024 07:17:59 GMT

GET
H2 200 web_surveys.js Show response
survey.survicate.com/workspaces/1caf1f7df86dfb8f20b7fbb47943d590/ 3 KB
3 KB 149ms
53ms Script
application/javascript 2400:52e0:1e00::1081:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://survey.survicate.com/workspaces/1caf1f7df86dfb8f20b7fbb47943d590/web_surveys.js

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1081 /

Resource Hash

998ecd4c045780606c45fe67ccd67a9b2a9b635e3bfca67ee71fa2cc5be36417

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; connect-src https://respondent.survicate.com 'self'; img-src https://*; font-src https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://use.typekit.net https://fonts.gstatic.com; report-to csp-endpoint-survey;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:17:59 GMT
x-amz-version-id: A9PN6iwRmJGQup3JBNbFIqyqRWFKtS6E
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cdn-edgestorageid: 1082
content-security-policy: default-src 'self' 'unsafe-inline' https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; connect-src https://respondent.survicate.com 'self'; img-src https://*; font-src https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://use.typekit.net https://fonts.gstatic.com; report-to csp-endpoint-survey;
x-amz-request-id: 2RP6HWWCGZVF0VC9
cdn-cachedat: 06/14/2024 14:20:44
cdn-pullzone: 1158558
x-amz-id-2: vv1RW42l5USkbxr6Y1rn/43Eq2qTXdZrObDfGHxUs9g8vZFgDiU0I2wVkH3HBVS6/SZdcj4ZfWc=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 14 Jun 2024 13:48:53 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"b2f01b80141c70ef8d83a55e353b7068"
vary: Accept-Encoding, Accept-Encoding
report-to: { "group": "csp-endpoint-survey", "max_age": 10886400, "endpoints": [{ "url": "https://panel-api.survicate.com/_/report_csp/survey" }] }
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: REVALIDATED
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=10
cdn-requestid: 3159c5abf2b045a1e3084fe525d7c5fd
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 274.7d4552bb206e8aec3da0.css
devxtestpac15602.thron.com/css/ 22 KB
5 KB 257ms
256ms Stylesheet
text/css 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/css/274.7d4552bb206e8aec3da0.css

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/js/app.a3b68574e5dfc01df59e.js

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

61c21a9f78363afc33a054b609f76dc8de2c792f139e2e662aa94742a4dffa7c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

quic-version: 0x00000001
date: Mon, 17 Jun 2024 07:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 4745
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 13 Jun 2024 12:56:25 GMT
server: THRON
etag: W/"8d08dc27e2a2615501c2a6baa4f04989"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=300
x-robots-tag: noindex
expires: Mon, 17 Jun 2024 07:22:59 GMT

GET
H3 200 274.a0b865bee8de0da2c16a.js Show response
devxtestpac15602.thron.com/js/ 1 MB
636 KB 346ms
345ms Script
application/javascript 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/js/274.a0b865bee8de0da2c16a.js

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/js/app.a3b68574e5dfc01df59e.js

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

17dc530adfe08e2d882a254f0e7073982689d4db279f46de8335d209ccecbc29

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

quic-version: 0x00000001
date: Mon, 17 Jun 2024 07:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 13 Jun 2024 12:56:26 GMT
server: THRON
etag: W/"9033e9fc8f01eaa73d20a9561069813f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=283
x-robots-tag: noindex
expires: Mon, 17 Jun 2024 07:22:42 GMT

GET
H2 200 fonts.css
surveys-static.survicate.com/fonts/ 8 KB
2 KB 511ms
133ms Stylesheet
text/css 2400:52e0:1a00::1067:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://surveys-static.survicate.com/fonts/fonts.css

Requested by

Host: survey.survicate.com
URL: https://survey.survicate.com/workspaces/1caf1f7df86dfb8f20b7fbb47943d590/web_surveys.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1a00::1067:1 Chicago, United States, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-IL1-1067 /

Resource Hash

789e8685a564e07274fec164118e89fa040ff2779c6efe3d781b94aeea6f06eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:17:59 GMT
x-amz-version-id: 0MpdULBlih82WDf4ohSkRSpw5864DG4c
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cdn-edgestorageid: 1068
content-security-policy: default-src 'self'
x-amz-request-id: S7C68TZ6AM9JFY0E
cdn-cachedat: 05/05/2024 00:52:17
cdn-pullzone: 1133799
x-amz-id-2: Ae4tMxOmU7EpwxkEi4yIN1tnpVEeX6LWkmfQUMW3ZG3v7CExWUoalcExBb1eNCnM9/lF8BPNTRQ=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 12:12:11 GMT
server: BunnyCDN-IL1-1067
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"c010d2df3fedabc7f87b52ab6c64fb45"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=604800
cdn-requestid: 26ef356a8ee709a24bdc8d754550cebf
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 widget_core-24.4.7.js Show response
surveys-static.survicate.com/ 607 KB
176 KB 510ms
132ms Script
application/x-javascript 2400:52e0:1a00::1067:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://surveys-static.survicate.com/widget_core-24.4.7.js

Requested by

Host: survey.survicate.com
URL: https://survey.survicate.com/workspaces/1caf1f7df86dfb8f20b7fbb47943d590/web_surveys.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1a00::1067:1 Chicago, United States, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-IL1-1067 /

Resource Hash

3d02f7ada4babf6c93a51f2d994f5681907fc879aa456e1ecda0f81a8c5e508c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Origin: https://devxtestpac15602.thron.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'
content-encoding: br
x-amz-request-id: FMJ7RRXQAPK3CRJT
cdn-pullzone: 1133799
x-amz-meta-codebuild-content-md5: f08f2622a0bd74e563a521876fba9936
referrer-policy: strict-origin-when-cross-origin
cdn-proxyver: 1.04
etag: W/"d2655235369e115f7d59609b0224e98b"
x-frame-options: DENY
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=604800
x-amz-meta-codebuild-content-sha256: 7928c32c799e545e6bf07fe82998b8708398e0751253814ff77f8013dfe2e6f2
cdn-cache: HIT
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date: Mon, 17 Jun 2024 07:17:59 GMT
x-amz-version-id: iRWIITJWZjPbFyZkgClcpMjSfCjDImHS
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1068
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:121050345386:build/prd-static:fbc81ce9-189f-46fd-a21a-833e4a03bfe4
cdn-cachedat: 06/14/2024 11:14:58
x-amz-id-2: zW4bMpedZmvVGQfyy20EAiWgVN8E4a9h+hQzJYIgNPqGb4gOG3BJKucR2gdCUq/t463p4e30iGg=
x-xss-protection: 1; mode=block
last-modified: Fri, 14 Jun 2024 11:08:03 GMT
server: BunnyCDN-IL1-1067
cdn-requestpullcode: 200
access-control-max-age: 3600
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
cdn-requestid: 29618edf8d4e8bef6d9e8c713127e113
cdn-status: 200
cdn-requestpullsuccess: True

POST
H2 204 collect
region1.google-analytics.com/g/ 0
261 B 162ms
29ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-S02QQK4RHS&gtm=45je46c0v9137718937z89137393646za200zb9137393646&_p=1718608678743&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=402527325.1718608680&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.61%7CGoogle%2520Chrome%3B126.0.6478.61&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dt=&sid=1718608679&sct=1&seg=0&dl=https%3A%2F%2Fdevxtestpac15602.thron.com%2F&en=navigation&_fv=1&_nsi=1&_ss=1&ep.from_page=&ep.to_page=&ep.method=replaceState&ep.clientId=devxtestpac15602&tfd=1236
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S02QQK4RHS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 17 Jun 2024 07:17:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://devxtestpac15602.thron.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 getClientInformations Show response
devxtestpac15602-view.thron.com/ux/xbridge/resources/userutils/ 175 B
831 B 148ms
147ms XHR
application/json 2.16.33.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602-view.thron.com/ux/xbridge/resources/userutils/getClientInformations

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/js/274.a0b865bee8de0da2c16a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.33.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-16-33-140.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

15e28e6c555c278ae4bb7e1ae2d2f2b9212fa44774e0ead615dbfbdc34b0767d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://devxtestpac15602.thron.com/
X-THRONAPP: dashboard
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:17:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'
strict-transport-security: max-age=600 ; includeSubDomains
content-length: 159
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: THRON
vary: Accept-Encoding
access-control-max-age: 600
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,OPTIONS
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: true
x-robots-tag: noindex
access-control-allow-headers: X-TOKENID, Content-Type, X-USERNAME, X-PASSWORD, X-DID, X-THRONAPP, Authorization

OPTIONS
H2 204 getClientInformations
devxtestpac15602-view.thron.com/ux/xbridge/resources/userutils/ Frame 0
0 174ms
42ms Preflight
text/html 2.16.33.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602-view.thron.com/ux/xbridge/resources/userutils/getClientInformations

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.33.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-16-33-140.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-thronapp
Access-Control-Request-Method: POST
Origin: https://devxtestpac15602.thron.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: X-TOKENID, Content-Type, X-USERNAME, X-PASSWORD, X-DID, X-THRONAPP, Authorization
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
access-control-max-age: 600
content-length: 0
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'
content-type: text/html
date: Mon, 17 Jun 2024 07:17:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: THRON
strict-transport-security: max-age=600 ; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: noindex
x-xss-protection: 1; mode=block

GET
H3 200 openid-configuration Show response
devxtestpac15602.thron.com/api/v1/authentication/.well-known/ 1 KB
407 B 129ms
129ms Fetch
application/json 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/api/v1/authentication/.well-known/openid-configuration

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/js/274.a0b865bee8de0da2c16a.js

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

84cb15c7315c8dd8abbf0736176061edfd35d656c3c9458f1d04ca9d16313b07

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/jwk-set+json, application/json
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

quic-version: 0x00000001
date: Mon, 17 Jun 2024 07:18:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 380
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: THRON
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: max-age=0, no-cache, no-store
x-robots-tag: noindex
expires: Mon, 17 Jun 2024 07:18:00 GMT

GET
H3 200 262.fe5671ebab8356c3a19f.css
devxtestpac15602.thron.com/css/ 271 B
195 B 228ms
227ms Stylesheet
text/css 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/css/262.fe5671ebab8356c3a19f.css

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/js/app.a3b68574e5dfc01df59e.js

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

9132075c5a356d5df8ef6e1aa1eeb12a6d6422ba79c90ae43f910ffa749f0645

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

quic-version: 0x00000001
date: Mon, 17 Jun 2024 07:18:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 166
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 13 Jun 2024 12:56:25 GMT
server: THRON
etag: W/"6e60e00a8b772c9cb0728b01abd824e7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=300
x-robots-tag: noindex
expires: Mon, 17 Jun 2024 07:23:00 GMT

GET
H3 200 262.992f328d5a1b83b98886.js
devxtestpac15602.thron.com/js/ 5 KB
2 KB 279ms
279ms Script
application/javascript 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/js/262.992f328d5a1b83b98886.js

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/js/app.a3b68574e5dfc01df59e.js

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

quic-version: 0x00000001
date: Mon, 17 Jun 2024 07:18:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 2003
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 13 Jun 2024 12:56:26 GMT
server: THRON
etag: W/"68c5791aafe7ec8aa6cf68294f166d6c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=274
x-robots-tag: noindex
expires: Mon, 17 Jun 2024 07:22:34 GMT

GET
H3

200

signin
devxtestpac15602.thron.com/ui/ Frame 17D3
Redirect Chain

https://devxtestpac15602.thron.com/api/v1/authentication/oauth2/auth?client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com...
https://devxtestpac15602.thron.com/ui/signin?prompt=none&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid&state=21a9d829a9474440aac4328c0b51ab39&c...

524 B
344 B

145ms
145ms

Document
text/html

23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/ui/signin?prompt=none&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid&state=21a9d829a9474440aac4328c0b51ab39&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=IqtNpYo0lS8LlYqSLjs9Ypy75NwR9BC3ff_LIT0UFLA&code_challenge_method=S256

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/js/274.a0b865bee8de0da2c16a.js

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://devxtestpac15602.thron.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 314
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
content-type: text/html
date: Mon, 17 Jun 2024 07:18:00 GMT
etag: W/"be8bb65a7b5d8b1d414f0084d8e397a9"
expires: Mon, 17 Jun 2024 07:18:00 GMT
last-modified: Tue, 04 Jun 2024 14:38:22 GMT
pragma: no-cache
quic-version: 0x00000001
referrer-policy: strict-origin-when-cross-origin
server: THRON
strict-transport-security: max-age=600 ; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: noindex
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cache-control: max-age=0, no-cache, no-store
content-length: 407
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
content-type: text/html; charset=utf-8
date: Mon, 17 Jun 2024 07:18:00 GMT
expires: Mon, 17 Jun 2024 07:18:00 GMT
location: https://devxtestpac15602.thron.com/ui/signin?prompt=none&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid&state=21a9d829a9474440aac4328c0b51ab39&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=IqtNpYo0lS8LlYqSLjs9Ypy75NwR9BC3ff_LIT0UFLA&code_challenge_method=S256
pragma: no-cache
quic-version: 0x00000001
referrer-policy: strict-origin-when-cross-origin
server: THRON
strict-transport-security: max-age=600 ; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: noindex
x-xss-protection: 1; mode=block

OPTIONS
H2 204 /
devxtestpac15602-view.thron.com/versionmanager/assets-library/ Frame 0
0 30ms
29ms Preflight
text/html 2.16.33.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602-view.thron.com/versionmanager/assets-library/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.33.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-16-33-140.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: x-thronapp
Access-Control-Request-Method: GET
Origin: https://devxtestpac15602.thron.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: X-TOKENID, Content-Type, X-USERNAME, X-PASSWORD, X-DID, X-THRONAPP, Authorization
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
access-control-max-age: 600
content-length: 0
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'
content-type: text/html
date: Mon, 17 Jun 2024 07:18:00 GMT
referrer-policy: strict-origin-when-cross-origin
server: THRON
strict-transport-security: max-age=600 ; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: noindex
x-xss-protection: 1; mode=block

GET
H2 200 /
devxtestpac15602-view.thron.com/versionmanager/assets-library/ 76 B
684 B 158ms
158ms XHR
application/json 2.16.33.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602-view.thron.com/versionmanager/assets-library/

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/js/274.a0b865bee8de0da2c16a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.33.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-16-33-140.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: application/json
Referer: https://devxtestpac15602.thron.com/
X-THRONAPP: dashboard
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:18:00 GMT
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'
x-content-type-options: nosniff
strict-transport-security: max-age=600 ; includeSubDomains
content-length: 76
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: THRON
access-control-max-age: 600
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control: max-age=60
x-robots-tag: noindex
access-control-allow-headers: X-TOKENID, Content-Type, X-USERNAME, X-PASSWORD, X-DID, X-THRONAPP, Authorization

GET
H3

200

Primary Request signin Show response
devxtestpac15602.thron.com/ui/
Redirect Chain

https://devxtestpac15602.thron.com/api/v1/authentication/oauth2/auth?client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com...
https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZ...

524 B
344 B

50ms
49ms

Document
text/html

23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/js/274.a0b865bee8de0da2c16a.js

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

09441517b9cfb58224e205f7485d8391bd9eddff88384d4d752d827d0d00a062

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://devxtestpac15602.thron.com/contents
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 314
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
content-type: text/html
date: Mon, 17 Jun 2024 07:18:00 GMT
etag: W/"be8bb65a7b5d8b1d414f0084d8e397a9"
expires: Mon, 17 Jun 2024 07:18:00 GMT
last-modified: Tue, 04 Jun 2024 14:38:22 GMT
pragma: no-cache
quic-version: 0x00000001
referrer-policy: strict-origin-when-cross-origin
server: THRON
strict-transport-security: max-age=600 ; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: noindex
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cache-control: max-age=0, no-cache, no-store
content-length: 391
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
content-type: text/html; charset=utf-8
date: Mon, 17 Jun 2024 07:18:00 GMT
expires: Mon, 17 Jun 2024 07:18:00 GMT
location: https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid
pragma: no-cache
quic-version: 0x00000001
referrer-policy: strict-origin-when-cross-origin
server: THRON
strict-transport-security: max-age=600 ; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: noindex
x-xss-protection: 1; mode=block

GET remoteEntry.js
devxtestpac15602-cdn.thron.com/shared/microfrontend/assets-library/1717399821-c133393d2c456a1d2f1ac83fe1a3b97d0c8dc595/ 0
0

GET index-41f31d63.js
devxtestpac15602.thron.com/ui/signin/assets/ Frame 17D3 0
0

GET index-cc9f41b1.css
devxtestpac15602.thron.com/ui/signin/assets/ Frame 17D3 0
0

POST collect
region1.google-analytics.com/g/ 0
0

GET
H3 200 index-41f31d63.js Show response
devxtestpac15602.thron.com/ui/signin/assets/ 661 KB
208 KB 226ms
225ms Script
text/javascript 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/ui/signin/assets/index-41f31d63.js

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

7774f624085cbe495c32b34121775819df5ff5eb8d0449f2e54cd9147b62c73f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid
Origin: https://devxtestpac15602.thron.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

quic-version: 0x00000001
date: Mon, 17 Jun 2024 07:18:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 04 Jun 2024 14:38:21 GMT
server: THRON
etag: W/"8320be7f9f4db419784c2bef921cb5ac"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript
access-control-max-age: 600
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
cache-control: max-age=273
access-control-allow-origin: https://devxtestpac15602.thron.com
x-robots-tag: noindex
access-control-allow-headers: Authorization, Content-Type
expires: Mon, 17 Jun 2024 07:22:33 GMT

GET
H3 200 index-cc9f41b1.css
devxtestpac15602.thron.com/ui/signin/assets/ 97 KB
50 KB 239ms
238ms Stylesheet
text/css 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/ui/signin/assets/index-cc9f41b1.css

Requested by

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

cc9f41b1f5abb8d805d41200ef04bbd43262a0f975f046066572347157f303ce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/ui/signin?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

quic-version: 0x00000001
date: Mon, 17 Jun 2024 07:18:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 04 Jun 2024 14:38:21 GMT
server: THRON
etag: W/"5ce5f1530636c8d4ce8bc1ab12b76df4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=300
x-robots-tag: noindex
expires: Mon, 17 Jun 2024 07:23:00 GMT

GET
H2 200 entrypoints Show response
devxtestpac15602-view.thron.com/api/v1/openid/ 12 B
684 B 202ms
201ms Fetch
application/json 2.16.33.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602-view.thron.com/api/v1/openid/entrypoints

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/ui/signin/assets/index-41f31d63.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.33.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-16-33-140.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

eef46741adfc3a9f76294d3b78f37a45f113092ac9d44ee77c7a038a88ff09a1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: application/json
Referer: https://devxtestpac15602.thron.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:18:01 GMT
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'
x-content-type-options: nosniff
strict-transport-security: max-age=600 ; includeSubDomains
content-length: 12
x-xss-protection: 1; mode=block
correlation-id: d31798eb02fe5517fb8e440b7f5f247e
referrer-policy: strict-origin-when-cross-origin
server: THRON
access-control-max-age: 600
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control: no-cache, no-store, must-revalidate
x-robots-tag: noindex
access-control-allow-headers: X-TOKENID, Content-Type, X-USERNAME, X-PASSWORD, X-DID, X-THRONAPP, Authorization

GET
H3 200 logo-7f445c0b.svg
devxtestpac15602.thron.com/ui/signin/assets/ 7 KB
3 KB 257ms
257ms Image
image/svg+xml 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://devxtestpac15602.thron.com/ui/signin/assets/logo-7f445c0b.svg

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/ui/signin/?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

7f445c0b2e2ed87a1b86a30af87a85401055a3804f56984fcb69c6d846394f81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/ui/signin/?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

quic-version: 0x00000001
date: Mon, 17 Jun 2024 07:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 3046
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 04 Jun 2024 14:38:21 GMT
server: THRON
etag: "b2f4a64bc4f90e1ab7970bfbd4f901da"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=279
accept-ranges: bytes
x-robots-tag: noindex
expires: Mon, 17 Jun 2024 07:22:40 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d5b315181fbacc1fd97a9c307b5e01cce0a5b921f8fb469bb08b0efb1d92a9

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 22 KB
22 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40

Request headers

Referer
Origin: https://devxtestpac15602.thron.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 22 KB
22 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 26b216fadb2ffcd542ca56c2d84f9918f62e40de89bf88b4211fffacd2a4ad83

Request headers

Referer
Origin: https://devxtestpac15602.thron.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff

POST
H2 200 getClientInformations Show response
devxtestpac15602-view.thron.com/ux/xbridge/resources/userutils/ 175 B
831 B 124ms
123ms Fetch
application/json 2.16.33.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602-view.thron.com/ux/xbridge/resources/userutils/getClientInformations

Requested by

Host: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/ui/signin/assets/index-41f31d63.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.16.33.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-16-33-140.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

15e28e6c555c278ae4bb7e1ae2d2f2b9212fa44774e0ead615dbfbdc34b0767d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://devxtestpac15602.thron.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 17 Jun 2024 07:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn 'unsafe-inline' 'unsafe-eval'
strict-transport-security: max-age=600 ; includeSubDomains
content-length: 159
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: THRON
vary: Accept-Encoding
access-control-max-age: 600
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,OPTIONS
access-control-expose-headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: true
x-robots-tag: noindex
access-control-allow-headers: X-TOKENID, Content-Type, X-USERNAME, X-PASSWORD, X-DID, X-THRONAPP, Authorization

GET
H3 200 favicon.ico
devxtestpac15602.thron.com/ui/signin/ 9 KB
1 KB 123ms
123ms Other
image/vnd.microsoft.icon 23.48.23.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devxtestpac15602.thron.com/ui/signin/favicon.ico

Protocol

Security

QUIC, , AES_256_GCM

Server

23.48.23.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-48-23-12.deploy.static.akamaitechnologies.com

Software

THRON /

Resource Hash

8da7bd14907e60ee021e20d62aaef4244716d9228f3cb819f018d458f37e5e05

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://devxtestpac15602.thron.com/ui/signin/?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

quic-version: 0x00000001
date: Mon, 17 Jun 2024 07:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.thron.com *.thron.cn; script-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com js-agent.newrelic.com *.nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.thron.com *.thron.cn surveys-static.survicate.com data:; worker-src 'self' *.thron.com *.thron.cn blob:; img-src 'self' *.thron.com *.thron.cn *.google-analytics.com *.googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' *.thron.com *.thron.cn *.s3.eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com survey.survicate.com respondent.survicate.com wss: *.nr-data.net; media-src 'self' *.thron.com *.thron.cn blob:
strict-transport-security: max-age=600 ; includeSubDomains
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 1127
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 04 Jun 2024 14:38:21 GMT
server: THRON
etag: "c92bad06c8be86ac479504e0a67b2fd3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/vnd.microsoft.icon
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-robots-tag: noindex
expires: Mon, 17 Jun 2024 07:18:01 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: devxtestpac15602-cdn.thron.com
URL: https://devxtestpac15602-cdn.thron.com/shared/microfrontend/assets-library/1717399821-c133393d2c456a1d2f1ac83fe1a3b97d0c8dc595/remoteEntry.js

Domain: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/ui/signin/assets/index-41f31d63.js

Domain: devxtestpac15602.thron.com
URL: https://devxtestpac15602.thron.com/ui/signin/assets/index-cc9f41b1.css

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-S02QQK4RHS&gtm=45je46c0v9137718937z89137393646za200zb9137393646&_p=1718608678743&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=402527325.1718608680&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.61%7CGoogle%2520Chrome%3B126.0.6478.61&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&dt=&sid=1718608679&sct=1&seg=0&dl=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcontents&_s=2&tfd=2158

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.thron.com/	1970-01-21 06:59:28	Name: _ga Value: GA1.1.402527325.1718608680
			.thron.com/	1970-01-21 06:59:28	Name: _ga_S02QQK4RHS Value: GS1.1.1718608679.1.0.1718608680.0.0.0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://devxtestpac15602.thron.com/ui/signin/?state=e210710ff3f94e43b604401d7d34f430&client_id=afcf7555d454e2ffb9a24222420f0fe22699abcdb98c6f44103b317f8d9c1a18&code_challenge=FyG9HDYa3bzqkcfq2m_VahZo96VBIdGOyYlrTEij5QA&code_challenge_method=S256&redirect_uri=https%3A%2F%2Fdevxtestpac15602.thron.com%2Fcallback%2F&response_type=code&scope=openid Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .thron.com .thron.cn; script-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com js-agent.newrelic.com .nr-data.net survey.survicate.com surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' .thron.com .thron.cn surveys-static.survicate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' .thron.com .thron.cn surveys-static.survicate.com data:; worker-src 'self' .thron.com .thron.cn blob:; img-src 'self' .thron.com .thron.cn .google-analytics.com .googletagmanager.com surveys-static.survicate.com assets.survicate.com res.cloudinary.com images.unsplash.com data: blob:; connect-src 'self' .thron.com .thron.cn .s3.eu-west-1.amazonaws.com .google-analytics.com .analytics.google.com .googletagmanager.com survey.survicate.com respondent.survicate.com wss: .nr-data.net; media-src 'self' .thron.com *.thron.cn blob:
Strict-Transport-Security	max-age=600 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

devxtestpac15602-cdn.thron.com
devxtestpac15602-view.thron.com
devxtestpac15602.thron.com
region1.google-analytics.com
survey.survicate.com
surveys-static.survicate.com
www.googletagmanager.com
devxtestpac15602-cdn.thron.com
devxtestpac15602.thron.com
region1.google-analytics.com
2.16.33.140
2001:4860:4802:32::36
23.48.23.12
2400:52e0:1a00::1067:1
2400:52e0:1e00::1081:1
2a00:1450:4001:830::2008
0471c1d12cf98aa40673c36127d59bbcd778e942ae8133a1683cffaa1d8ad1bc
09441517b9cfb58224e205f7485d8391bd9eddff88384d4d752d827d0d00a062
126dc71b6ec427859d1e5743f48fcfe771c06e8d21abd054502b71c1c7c778c3
15e28e6c555c278ae4bb7e1ae2d2f2b9212fa44774e0ead615dbfbdc34b0767d
17dc530adfe08e2d882a254f0e7073982689d4db279f46de8335d209ccecbc29
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
26b216fadb2ffcd542ca56c2d84f9918f62e40de89bf88b4211fffacd2a4ad83
3d02f7ada4babf6c93a51f2d994f5681907fc879aa456e1ecda0f81a8c5e508c
3e2d49f1ff49a190b44ff6e4517a8fdc2d4714dc0da48c880bb9923ded032f82
61c21a9f78363afc33a054b609f76dc8de2c792f139e2e662aa94742a4dffa7c
7774f624085cbe495c32b34121775819df5ff5eb8d0449f2e54cd9147b62c73f
789e8685a564e07274fec164118e89fa040ff2779c6efe3d781b94aeea6f06eb
7f445c0b2e2ed87a1b86a30af87a85401055a3804f56984fcb69c6d846394f81
80d5b315181fbacc1fd97a9c307b5e01cce0a5b921f8fb469bb08b0efb1d92a9
84cb15c7315c8dd8abbf0736176061edfd35d656c3c9458f1d04ca9d16313b07
8da7bd14907e60ee021e20d62aaef4244716d9228f3cb819f018d458f37e5e05
9132075c5a356d5df8ef6e1aa1eeb12a6d6422ba79c90ae43f910ffa749f0645
97c7931d82fa4b6fd17d4e3c7673bd1ce3f4715adbd39b8c3ad068391fbbc478
998ecd4c045780606c45fe67ccd67a9b2a9b635e3bfca67ee71fa2cc5be36417
b3b8dc255ae61aa3c79690fe02ed66e9c5707fe1a4a79864fb49128e8077b6e0
cc9f41b1f5abb8d805d41200ef04bbd43262a0f975f046066572347157f303ce
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eef46741adfc3a9f76294d3b78f37a45f113092ac9d44ee77c7a038a88ff09a1

devxtestpac15602.thron.com Open in urlscan Pro 23.48.23.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

87 %HTTPS

67 %IPv6

4 Domains

7 Subdomains

7 IPs

2 Countries

1390 kBTransfer

3357 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

devxtestpac15602.thron.com Open in urlscan Pro
23.48.23.12 Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

87 %
HTTPS

67 %
IPv6

4
Domains

7
Subdomains

7
IPs

2
Countries

1390 kB
Transfer

3357 kB
Size

2
Cookies

30 HTTP transactions
3 data transactions