sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io Open in urlscan Pro
104.18.1.216  Public Scan

Submitted URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/
Effective URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Submission: On June 25 via api from US — Scanned from DE

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 20 HTTP transactions. The main IP is 104.18.1.216, located in and belongs to CLOUDFLARENET, US. The main domain is sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io.
TLS certificate: Issued by GTS CA 1P5 on May 2nd 2024. Valid for: 3 months.
This is the only time sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 18 104.18.1.216 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
20 4
Apex Domain
Subdomains
Transfer
18 onewelcome.io
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
2 MB
1 gstatic.com
fonts.gstatic.com
29 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83
850 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81
49 KB
20 4
Domain Requested by
18 sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io 1 redirects sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
1 www.googletagmanager.com sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
20 4

This site contains links to these domains. Also see Links.

Domain
www.onewelcome.com
Subject Issuer Validity Valid
*.tryciam.onewelcome.io
GTS CA 1P5
2024-05-02 -
2024-07-31
3 months crt.sh
*.google-analytics.com
WR2
2024-06-03 -
2024-08-26
3 months crt.sh
upload.video.google.com
WR2
2024-06-03 -
2024-08-26
3 months crt.sh
*.gstatic.com
WR2
2024-06-03 -
2024-08-26
3 months crt.sh

This page contains 1 frames:

Primary Page: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Frame ID: 964D1B492B76EDEFAC01D712096246C3
Requests: 20 HTTP requests in this frame

Screenshot

Page Title

Log in | Sto Group

Page URL History Show full URLs

  1. https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/ HTTP 302
    https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

20
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

2070 kB
Transfer

3396 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/ HTTP 302
    https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Redirect Chain
  • https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/
  • https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
5 KB
4 KB
Document
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42d5e036677899d02d475f22cc90c5b80a2ac6fd6a056fef076d01c6b68610ab
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-Gndb1b082zL8nlmsiDVB17k0GAIRmEcQ' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-Gndb1b082zL8nlmsiDVB17k0GAIRmEcQ' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8993917b4814bbd2-WAW
content-encoding
gzip
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-Gndb1b082zL8nlmsiDVB17k0GAIRmEcQ' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
content-type
text/html
date
Tue, 25 Jun 2024 08:25:40 GMT
expect-ct
enforce, max-age=300
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=15768000
vary
Accept-Encoding
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-Gndb1b082zL8nlmsiDVB17k0GAIRmEcQ' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
noindex
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
899391784c3dbbd2-WAW
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-TbxcKf1j9rQbB2eA8gqJFn4yhKfCVeDF' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
content-type
text/html
date
Tue, 25 Jun 2024 08:25:40 GMT
expect-ct
enforce, max-age=300
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
location
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=15768000
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-TbxcKf1j9rQbB2eA8gqJFn4yhKfCVeDF' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
noindex
x-xss-protection
1; mode=block
customFonts.css
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/common/login/ui/resources/theme/fonts/
2 KB
2 KB
Stylesheet
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/common/login/ui/resources/theme/fonts/customFonts.css
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c73809a577e5a87b1ad22d697333f79ea8875b61f113364cdb3645e5e60f8cc
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-kYECmeVsZPu4hi2LzBnKUwcntR6wpMuo' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-kYECmeVsZPu4hi2LzBnKUwcntR6wpMuo' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-kYECmeVsZPu4hi2LzBnKUwcntR6wpMuo' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
date
Tue, 25 Jun 2024 08:25:40 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-kYECmeVsZPu4hi2LzBnKUwcntR6wpMuo' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:40 GMT
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993917c89e1bbd2-WAW
expires
Tue, 25 Jun 2024 12:25:40 GMT
2.80660406.chunk.css
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/css/
247 B
2 KB
Stylesheet
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/css/2.80660406.chunk.css
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3019ed0d1ad1734d8103267f87a0222ada9dfc0d9224ce55318e24c35765c7ad
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-bJKkxL1tpyg9faEgDFLo8NhzTnDrjGMP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-bJKkxL1tpyg9faEgDFLo8NhzTnDrjGMP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-bJKkxL1tpyg9faEgDFLo8NhzTnDrjGMP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
date
Tue, 25 Jun 2024 08:25:40 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-bJKkxL1tpyg9faEgDFLo8NhzTnDrjGMP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:40 GMT
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993917c89e6bbd2-WAW
expires
Tue, 25 Jun 2024 12:25:40 GMT
main.f85e9d58.chunk.css
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/css/
247 B
2 KB
Stylesheet
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/css/main.f85e9d58.chunk.css
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3019ed0d1ad1734d8103267f87a0222ada9dfc0d9224ce55318e24c35765c7ad
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-tKRVlmes1s1ggTlgt7ZzSwiyuk4ds69V' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-tKRVlmes1s1ggTlgt7ZzSwiyuk4ds69V' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-tKRVlmes1s1ggTlgt7ZzSwiyuk4ds69V' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
date
Tue, 25 Jun 2024 08:25:40 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-tKRVlmes1s1ggTlgt7ZzSwiyuk4ds69V' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:40 GMT
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993917c89e8bbd2-WAW
expires
Tue, 25 Jun 2024 12:25:40 GMT
js
www.googletagmanager.com/gtag/
127 KB
49 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=SET-ID
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e409fb6049825f771fe8dc3798a8382f0f8255791f3131156ab7a074ede326cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 08:25:41 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49736
x-xss-protection
0
last-modified
Tue, 25 Jun 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 25 Jun 2024 08:25:41 GMT
runtime~main.d653cc00.js
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/
1 KB
2 KB
Script
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/runtime~main.d653cc00.js
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c54cb028b9fcfd64353119d3fdff46cf7e8e7cd5c08dfbd3c8dc40e177758bcf
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-h9mAit9SjZAdSfEDL9Ebl7TnhemIZ63N' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-h9mAit9SjZAdSfEDL9Ebl7TnhemIZ63N' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-h9mAit9SjZAdSfEDL9Ebl7TnhemIZ63N' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
date
Tue, 25 Jun 2024 08:25:40 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-h9mAit9SjZAdSfEDL9Ebl7TnhemIZ63N' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:40 GMT
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993917c89eabbd2-WAW
expires
Tue, 25 Jun 2024 12:25:40 GMT
2.51bd40ba.chunk.js
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/
1 MB
319 KB
Script
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/2.51bd40ba.chunk.js
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a569c2ce992d823894d4aaad2fcbac15b98bff2c5b76db47f517419d3a7ae200
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-4gJdai2EEzhMQt9SVVKqIlc4WIBbUd4a' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-4gJdai2EEzhMQt9SVVKqIlc4WIBbUd4a' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-4gJdai2EEzhMQt9SVVKqIlc4WIBbUd4a' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
date
Tue, 25 Jun 2024 08:25:41 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-4gJdai2EEzhMQt9SVVKqIlc4WIBbUd4a' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:40 GMT
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993917c89ecbbd2-WAW
expires
Tue, 25 Jun 2024 12:25:40 GMT
main.f9250ce1.chunk.js
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/
455 KB
106 KB
Script
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/main.f9250ce1.chunk.js
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23a4f3689b08ebe63e86cbba5361f06cd9419cfc08cb4a32bb34c469aefcca15
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-pTFvVeSMuRNeFGDEFgmNg9ANJevaxYcP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-pTFvVeSMuRNeFGDEFgmNg9ANJevaxYcP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-pTFvVeSMuRNeFGDEFgmNg9ANJevaxYcP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
date
Tue, 25 Jun 2024 08:25:41 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-pTFvVeSMuRNeFGDEFgmNg9ANJevaxYcP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:40 GMT
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993917c89edbbd2-WAW
expires
Tue, 25 Jun 2024 12:25:40 GMT
css2
fonts.googleapis.com/
2 KB
850 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Red+Hat+Display:wght@400;500;700&display=swap
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/css/2.80660406.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3c748b45dad986d3679b9fc7265bbe19bf922b78291ff783627f5619ad8e2930
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Tue, 25 Jun 2024 08:25:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 25 Jun 2024 08:14:37 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 25 Jun 2024 08:25:41 GMT
configuration
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/uic/api/v1/
3 KB
3 KB
Fetch
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/uic/api/v1/configuration?type=page&name=default
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/2.51bd40ba.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3b10cd4a4e8aae20aea7dc68e676a14e5609087b359f6fbd0b7e2f6c9945de4
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-MJCF4PzxjtlHm5Saycz4F3gzKVuuI7EB' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-MJCF4PzxjtlHm5Saycz4F3gzKVuuI7EB' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 08:25:42 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-MJCF4PzxjtlHm5Saycz4F3gzKVuuI7EB' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
DYNAMIC
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json;charset=UTF-8
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
89939184ce6abbd2-WAW
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-MJCF4PzxjtlHm5Saycz4F3gzKVuuI7EB' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
favicon.ico
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/img/
15 KB
9 KB
Other
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/img/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12bc12c5592404a8fad2d4d2583a08e5bf1880ca9541daafb955de8fdf822098
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-foL3AJYpMncIUfDzo1r5EMs7TfVM7K7U' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-foL3AJYpMncIUfDzo1r5EMs7TfVM7K7U' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-foL3AJYpMncIUfDzo1r5EMs7TfVM7K7U' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
date
Tue, 25 Jun 2024 08:25:42 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-foL3AJYpMncIUfDzo1r5EMs7TfVM7K7U' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:42 GMT
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/x-icon
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
89939184fe9fbbd2-WAW
expires
Tue, 25 Jun 2024 12:25:42 GMT
configuration
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/uic/api/v1/
122 KB
25 KB
Fetch
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/uic/api/v1/configuration?type=workflowEngine&name=iwMUITheme
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/2.51bd40ba.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdcdc07d69db1606f74ac18eaa8b7b2af117c27b0cab8bb694ad214fca9095a1
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-UzucjqQ1AIx9qOyAZgoeG8YBlHyvxjAg' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-UzucjqQ1AIx9qOyAZgoeG8YBlHyvxjAg' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 08:25:42 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-UzucjqQ1AIx9qOyAZgoeG8YBlHyvxjAg' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
DYNAMIC
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json;charset=UTF-8
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
89939186b951bbd2-WAW
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-UzucjqQ1AIx9qOyAZgoeG8YBlHyvxjAg' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
configuration
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/api/
2 KB
2 KB
Fetch
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/api/configuration
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/2.51bd40ba.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d591cf3bd919eaefb337bab451970a2666211bb45ec2921634434d7d85c4a53
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-vEApbYC8JeXle4RIOYzSGKU2q1HaG9Qu' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-vEApbYC8JeXle4RIOYzSGKU2q1HaG9Qu' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 08:25:42 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-vEApbYC8JeXle4RIOYzSGKU2q1HaG9Qu' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
DYNAMIC
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
89939188cc42bbd2-WAW
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-vEApbYC8JeXle4RIOYzSGKU2q1HaG9Qu' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
configuration
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/uic/api/v1/
9 KB
4 KB
Fetch
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/uic/api/v1/configuration?type=page&name=login
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/2.51bd40ba.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da7b3846402c1189cc2762ad9e5db6c3fcd6682587b3f6bfc50bf67ea05580c1
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-p9Pv0HGP4endhUvFVs4dtDl3gZd8TPnD' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-p9Pv0HGP4endhUvFVs4dtDl3gZd8TPnD' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 08:25:42 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-p9Pv0HGP4endhUvFVs4dtDl3gZd8TPnD' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
DYNAMIC
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json;charset=UTF-8
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993918a2e23bbd2-WAW
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-p9Pv0HGP4endhUvFVs4dtDl3gZd8TPnD' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
translations
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/uic/api/v1/
22 KB
7 KB
Fetch
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/uic/api/v1/translations?language=en_GB_login
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/2.51bd40ba.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41d4d94f51b64e6ea8ed2d5c1e25355ce9c6a7a05583dd1cb5992bdc9e2d6e8f
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-LA5hgDipWA9xDjanV7bp3zaRvrbDpo62' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-LA5hgDipWA9xDjanV7bp3zaRvrbDpo62' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 08:25:43 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-LA5hgDipWA9xDjanV7bp3zaRvrbDpo62' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
content-encoding
gzip
cf-cache-status
DYNAMIC
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json;charset=UTF-8
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993918c18c7bbd2-WAW
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-LA5hgDipWA9xDjanV7bp3zaRvrbDpo62' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
authenticate
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/api/
0
0
Fetch
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/api/authenticate
Requested by
Host: sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/js/2.51bd40ba.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 08:25:43 GMT
strict-transport-security
max-age=15768000
cf-cache-status
DYNAMIC
server
cloudflare
x-robots-tag
noindex
cf-ray
8993918c18c8bbd2-WAW
content-length
0
x-xss-protection
1; mode=block
alt-svc
h3=":443"; ma=86400
sto-background.jpg
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/ui/resources/theme/img/
1020 KB
1022 KB
Image
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/ui/resources/theme/img/sto-background.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51612da4cefd26a68d6b215c5118c95a6824c5fe4cd6f03f03e05991cd14078c
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-4ohUu9pAZ3PSAKtZz7icb94wabavf3oC' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-4ohUu9pAZ3PSAKtZz7icb94wabavf3oC' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Tue, 25 Jun 2024 12:25:43 GMT
date
Tue, 25 Jun 2024 08:25:43 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-4ohUu9pAZ3PSAKtZz7icb94wabavf3oC' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
cf-cache-status
MISS
strict-transport-security
max-age=15768000
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:43 GMT
server
cloudflare
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993918c28d1bbd2-WAW
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-4ohUu9pAZ3PSAKtZz7icb94wabavf3oC' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
sto-logo.png
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/ui/resources/theme/img/
474 KB
476 KB
Image
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/ui/resources/theme/img/sto-logo.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a8fef9b157a0b63dd5d3a0e7a7b903d94a847d32d90bfc3a5725de733aea499
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-MCJp79ZHBFH7fwrJ0lTIKO1pNigqTTMV' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-MCJp79ZHBFH7fwrJ0lTIKO1pNigqTTMV' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Tue, 25 Jun 2024 12:25:43 GMT
date
Tue, 25 Jun 2024 08:25:43 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-MCJp79ZHBFH7fwrJ0lTIKO1pNigqTTMV' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
cf-cache-status
MISS
strict-transport-security
max-age=15768000
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:43 GMT
server
cloudflare
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
8993918e4be2bbd2-WAW
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-MCJp79ZHBFH7fwrJ0lTIKO1pNigqTTMV' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
8vIQ7wUr0m80wwYf0QCXZzYzUoTg_T6h.woff2
fonts.gstatic.com/s/redhatdisplay/v19/
28 KB
29 KB
Font
General
Full URL
https://fonts.gstatic.com/s/redhatdisplay/v19/8vIQ7wUr0m80wwYf0QCXZzYzUoTg_T6h.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Red+Hat+Display:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
25ea6c91f8fbcbd412919dbb47da3e432622997eb37a3139fad5d21d59135962
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 22 Jun 2024 08:46:58 GMT
x-content-type-options
nosniff
age
257925
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29072
x-xss-protection
0
last-modified
Thu, 24 Aug 2023 21:14:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 22 Jun 2025 08:46:58 GMT
logo-microsoft.png
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/img/
4 KB
6 KB
Image
General
Full URL
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/static/img/logo-microsoft.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.1.216 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
930c58828d987f2a5041c1752b8512bb2f58296d60756e9f7bc7cd6337b4f4fa
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-6KODYmhpY5h4rfWH91IYbbv7QNrtq0Pa' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-6KODYmhpY5h4rfWH91IYbbv7QNrtq0Pa' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Tue, 25 Jun 2024 12:25:44 GMT
date
Tue, 25 Jun 2024 08:25:44 GMT
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-6KODYmhpY5h4rfWH91IYbbv7QNrtq0Pa' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
cf-cache-status
MISS
strict-transport-security
max-age=15768000
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 25 Jun 2024 08:25:44 GMT
server
cloudflare
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=14400
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-robots-tag
noindex
cf-ray
899391909ed5bbd2-WAW
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-6KODYmhpY5h4rfWH91IYbbv7QNrtq0Pa' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| readCookie function| setCookie function| _setAppBrand string| brand function| gtag object| dataLayer object| trackEvent object| webpackJsonp object| google_tag_manager object| google_tag_data object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill number| 2f1acc6c3a606b082e5eef5e54414ffb function| _ function| classNames undefined| stepUpTrackId undefined| return_from undefined| trackingId boolean| useV2authentication string| clientId string| redirectUri boolean| isTagManagerEnable object| theme boolean| isAuthReqPending

4 Cookies

Domain/Path Name / Value
.sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/ Name: iWelcome-Segment
Value: thales
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/ Name: INGRESSCOOKIE
Value: b3575966f14cb4fa
.onewelcome.io/ Name: _cfuvid
Value: _Ydk7Cska2kMAIezd3mTnCr9RU4_ZRPc_n389b0RUNA-1719303940309-0.0.1.1-604800000
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/ Name: iWelcome-Locale
Value: en_GB

6 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'notifications'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'push'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
security warning URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network error URL: https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io/training/login/api/authenticate
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-Gndb1b082zL8nlmsiDVB17k0GAIRmEcQ' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=15768000
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'nonce-Gndb1b082zL8nlmsiDVB17k0GAIRmEcQ' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
sandbox-demo-sto-1-deployment-thales.tryciam.onewelcome.io
www.googletagmanager.com
104.18.1.216
2a00:1450:4001:812::2003
2a00:1450:4001:81d::2008
2a00:1450:4001:829::200a
12bc12c5592404a8fad2d4d2583a08e5bf1880ca9541daafb955de8fdf822098
23a4f3689b08ebe63e86cbba5361f06cd9419cfc08cb4a32bb34c469aefcca15
25ea6c91f8fbcbd412919dbb47da3e432622997eb37a3139fad5d21d59135962
2d591cf3bd919eaefb337bab451970a2666211bb45ec2921634434d7d85c4a53
3019ed0d1ad1734d8103267f87a0222ada9dfc0d9224ce55318e24c35765c7ad
3a8fef9b157a0b63dd5d3a0e7a7b903d94a847d32d90bfc3a5725de733aea499
3c748b45dad986d3679b9fc7265bbe19bf922b78291ff783627f5619ad8e2930
41d4d94f51b64e6ea8ed2d5c1e25355ce9c6a7a05583dd1cb5992bdc9e2d6e8f
42d5e036677899d02d475f22cc90c5b80a2ac6fd6a056fef076d01c6b68610ab
51612da4cefd26a68d6b215c5118c95a6824c5fe4cd6f03f03e05991cd14078c
930c58828d987f2a5041c1752b8512bb2f58296d60756e9f7bc7cd6337b4f4fa
9c73809a577e5a87b1ad22d697333f79ea8875b61f113364cdb3645e5e60f8cc
a569c2ce992d823894d4aaad2fcbac15b98bff2c5b76db47f517419d3a7ae200
bdcdc07d69db1606f74ac18eaa8b7b2af117c27b0cab8bb694ad214fca9095a1
c54cb028b9fcfd64353119d3fdff46cf7e8e7cd5c08dfbd3c8dc40e177758bcf
da7b3846402c1189cc2762ad9e5db6c3fcd6682587b3f6bfc50bf67ea05580c1
e409fb6049825f771fe8dc3798a8382f0f8255791f3131156ab7a074ede326cd
f3b10cd4a4e8aae20aea7dc68e676a14e5609087b359f6fbd0b7e2f6c9945de4