urlscan.io logo urlscan.io
SecurityTrails logo

payments.hefr.ch Open in urlscan Pro
160.98.8.41  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://payments.hefr.ch/
Effective URL: https://payments.hefr.ch/heia-heg
Submission: On April 03 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 3 countries across 10 domains to perform 91 HTTP transactions. The main IP is 160.98.8.41, located in Switzerland and belongs to SWITCH Peering requests: peering@switch.ch, CH. The main domain is payments.hefr.ch.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on November 29th 2022. Valid for: a year.
This is the only time payments.hefr.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 15 160.98.8.41 559 (SWITCH Pe...)
4 2a00:1450:400... 15169 (GOOGLE)
9 151.101.66.133 54113 (FASTLY)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 13.248.139.42 16509 (AMAZON-02)
18 52.29.105.195 16509 (AMAZON-02)
3 192.229.221.25 15133 (EDGECAST)
8 151.101.129.21 54113 (FASTLY)
14 2606:4700::c6... 13335 (CLOUDFLAR...)
1 52.222.214.23 16509 (AMAZON-02)
7 151.101.1.35 54113 (FASTLY)
1 2 64.4.245.84 17012 (PAYPAL)
2 2606:4700::68... 13335 (CLOUDFLAR...)
91 16
15    160.98.8.41 (Switzerland)

ASN559 (SWITCH Peering requests: peering@switch.ch, CH)
PTR: ccrs.ch
payments.hefr.ch
4    2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
9    151.101.66.133 (United States)

ASN54113 (FASTLY, US)
js.braintreegateway.com
assets.braintreegateway.com
6    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    13.248.139.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: ae1d37305401c759d.awsglobalaccelerator.com
payments.braintree-api.com
18    52.29.105.195 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
client-analytics.braintreegateway.com
3    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
www.paypalobjects.com
8    151.101.129.21 (United States)

ASN54113 (FASTLY, US)
www.paypal.com
14    2606:4700::c6d9:fbfb (United States)

ASN13335 (CLOUDFLARENET, US)
songbird.cardinalcommerce.com
centinelapi.cardinalcommerce.com
geo.cardinalcommerce.com
writer.cardinalcommerce.com
1    52.222.214.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-23.fra56.r.cloudfront.net
checkout.paypal.com
7    151.101.1.35 (United States)

ASN54113 (FASTLY, US)
c.paypal.com
t.paypal.com
c6.paypal.com
2    64.4.245.84 (United States)

ASN17012 (PAYPAL, US)
b.stats.paypal.com
dub.stats.paypal.com
2    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
27 braintreegateway.com
js.braintreegateway.com — Cisco Umbrella Rank: 7919
client-analytics.braintreegateway.com — Cisco Umbrella Rank: 8355
assets.braintreegateway.com — Cisco Umbrella Rank: 19540
280 KB
18 paypal.com
www.paypal.com — Cisco Umbrella Rank: 2477
checkout.paypal.com — Cisco Umbrella Rank: 15011
c.paypal.com — Cisco Umbrella Rank: 5512
b.stats.paypal.com — Cisco Umbrella Rank: 5099
dub.stats.paypal.com — Cisco Umbrella Rank: 21041
t.paypal.com — Cisco Umbrella Rank: 3199
c6.paypal.com — Cisco Umbrella Rank: 6640
78 KB
15 hefr.ch
payments.hefr.ch
206 KB
14 cardinalcommerce.com
songbird.cardinalcommerce.com — Cisco Umbrella Rank: 24619
centinelapi.cardinalcommerce.com — Cisco Umbrella Rank: 23445
geo.cardinalcommerce.com — Cisco Umbrella Rank: 23715
writer.cardinalcommerce.com — Cisco Umbrella Rank: 26052
212 KB
8 gstatic.com
www.gstatic.com
fonts.gstatic.com
574 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 2
29 KB
3 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2321
454 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
31 KB
2 braintree-api.com
payments.braintree-api.com — Cisco Umbrella Rank: 10145
1 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
944 B
91 10
Domain Requested by
18 client-analytics.braintreegateway.com js.braintreegateway.com
assets.braintreegateway.com
15 payments.hefr.ch 2 redirects payments.hefr.ch
8 www.paypal.com www.paypalobjects.com
6 www.gstatic.com www.google.com
www.gstatic.com
5 geo.cardinalcommerce.com songbird.cardinalcommerce.com
geo.cardinalcommerce.com
cdnjs.cloudflare.com
5 c.paypal.com js.braintreegateway.com
c.paypal.com
5 songbird.cardinalcommerce.com js.braintreegateway.com
songbird.cardinalcommerce.com
5 js.braintreegateway.com payments.hefr.ch
4 assets.braintreegateway.com js.braintreegateway.com
4 www.google.com payments.hefr.ch
www.gstatic.com
www.google.com
3 www.paypalobjects.com js.braintreegateway.com
www.paypal.com
2 writer.cardinalcommerce.com songbird.cardinalcommerce.com
2 cdnjs.cloudflare.com geo.cardinalcommerce.com
2 centinelapi.cardinalcommerce.com songbird.cardinalcommerce.com
2 payments.braintree-api.com js.braintreegateway.com
2 fonts.gstatic.com fonts.googleapis.com
www.google.com
1 c6.paypal.com
1 t.paypal.com
1 dub.stats.paypal.com
1 b.stats.paypal.com 1 redirects
1 checkout.paypal.com js.braintreegateway.com
1 fonts.googleapis.com payments.hefr.ch
91 22

This site contains links to these domains. Also see Links.

Domain
heia-fr.ch
heg-fr.ch
www.hefr.ch
Subject Issuer Validity Valid
*.hefr.ch
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2022-11-29 -
2023-11-05		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2022-11-10 -
2023-11-10		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
payments.braintree-api.com
DigiCert SHA2 Extended Validation Server CA		 2022-09-15 -
2023-10-16		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
client-analytics.braintreegateway.com
DigiCert SHA2 High Assurance Server CA		 2023-02-24 -
2024-03-26		 a year crt.sh
*.cardinalcommerce.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-02-23 -
2024-03-25		 a year crt.sh
checkout.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2022-07-28 -
2023-08-28		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh

This page contains 12 frames:

Primary Page: https://payments.hefr.ch/heia-heg
Frame ID: D87787C0FB8DB0F1D8035B15F18AA11B
Requests: 44 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8&co=aHR0cHM6Ly9wYXltZW50cy5oZWZyLmNoOjQ0Mw..&hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&size=normal&cb=1t7di3s43hni
Frame ID: 237B84FEBDFAE3F813E2B291116F7A7B
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8
Frame ID: 056E6372584129EB2C0043C2F4C49758
Requests: 3 HTTP requests in this frame

Frame: https://checkout.paypal.com/web/3.83.0/html/dispatch-frame.min.html
Frame ID: C862FE1E01D06B078AE02CDB0EBFDBD1
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/smart/button?env=production&style.label=checkout&funding.disallowed=venmo%2Citau%2Ccard%2Cideal%2Celv%2Cbancontact%2Cgiropay%2Csofort%2Ceps%2Cmybank%2Cp24%2Czimpler%2Cblik%2Cmaxima%2Cboleto%2Coxxo%2Cmercadopago%2Ccredit&domain=payments.hefr.ch&sessionID=uid_a7e66ca5b3_mti6mdu6mze&buttonSessionID=uid_0e051cf681_mti6mdu6mze&renderedButtons=paypal&storageID=uid_95bd8c2775_mti6mdu6mze&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=1ee727e81f&version=min&xcomponent=1
Frame ID: F05E09FCD2F8BE10745E3DCAF79E5DE9
Requests: 9 HTTP requests in this frame

Frame: data://truncated
Frame ID: D95DD8F99A6EC322118DB47791FFC627
Requests: 2 HTTP requests in this frame

Frame: https://assets.braintreegateway.com/web/3.83.0/html/hosted-fields-frame.min.html
Frame ID: 27BECFD5FACEC8C3D7093FC94E541F10
Requests: 2 HTTP requests in this frame

Frame: https://assets.braintreegateway.com/web/3.83.0/html/hosted-fields-frame.min.html
Frame ID: 91638505D9176E6406B1379FCF1F83F1
Requests: 1 HTTP requests in this frame

Frame: https://assets.braintreegateway.com/web/3.83.0/html/hosted-fields-frame.min.html
Frame ID: D51B9E7E959BA548B525E7CC654A23A1
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 1FD1812412CAEE95BAABE20F2E67575A
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=7ff09b39726c6100088ea838a7c04ccb&t=1680523531.596&a=14
Frame ID: 7C3865D598A865AF52ACAA6E1576A1CB
Requests: 1 HTTP requests in this frame

Frame: https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
Frame ID: 7F81B366DD2F82B27BD0517EE6D0530D
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Payment gateway - HEIA-FR HEG-FRVisaMasterCardUnion PayAmerican ExpressJCBDiscoverDiners ClubMaestroPayPal LogoPayPal Credit LogoGeneric CardCVV BackCVV FrontCheckXLock LoaderApple Pay LogoGoogle Pay MarkVenmo

Page URL History Show full URLs

  1. https://payments.hefr.ch/ HTTP 302
    http://payments.hefr.ch/heia-heg HTTP 302
    https://payments.hefr.ch/heia-heg Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • js\.braintreegateway\.com
Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • googleapis\.com/.+webfont
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

91
Requests

99 %
HTTPS

40 %
IPv6

10
Domains

22
Subdomains

16
IPs

3
Countries

1866 kB
Transfer

5877 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://payments.hefr.ch/ HTTP 302
    http://payments.hefr.ch/heia-heg HTTP 302
    https://payments.hefr.ch/heia-heg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62
  • https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=7ff09b39726c6100088ea838a7c04ccb&t=1680523531.596&a=14 HTTP 302
  • https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=7ff09b39726c6100088ea838a7c04ccb&t=1680523531.596&a=14

91 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request heia-heg
payments.hefr.ch/
Redirect Chain
  • https://payments.hefr.ch/
  • http://payments.hefr.ch/heia-heg
  • https://payments.hefr.ch/heia-heg
26 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
90c7193d26678202055340c12c37f7bcd8bd3c6543c2cdda74d7fdbd3a8cbe55
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Mon, 03 Apr 2023 12:05:30 GMT
Pragma
no-cache
Strict-Transport-Security
max-age=2592000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
https://payments.hefr.ch/heia-heg
Server
BigIP
app.css
payments.hefr.ch/heia-heg/css/ 		52 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg/css/app.css?v=2DV-D548-MNdrJa2kZV89zuXe86JXbSvs0XszTa-sgI
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
d8357e0f9e3cf8c35dac96b691957cf73b977bce895db4afb345eccd36beb202
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e801fc"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10420
overrides.css
payments.hefr.ch/heia-heg/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg/css/overrides.css?v=yI3RqqMyMNC08qdQU8fmO2jWc19uX1FY7byfwmYe9XQ
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
1b09993a0bd20757fe286229cc64c45080e7e35b5eb870682d95423eb233e61c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e8caee"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
733
logo-heia.png
payments.hefr.ch/heia-heg/volume/ 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.hefr.ch/heia-heg/volume/logo-heia.png
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
38616067ca3d205c66803c744fa0e1465bdf51f67a7ce25d88e337557fa5bdf7
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Last-Modified
Fri, 28 Oct 2022 05:45:27 GMT
ETag
"1d8ea907b2ae829"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
40361
logo-heg.png
payments.hefr.ch/heia-heg/volume/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.hefr.ch/heia-heg/volume/logo-heg.png
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
019c05d8e455c830c42b85705b9fa7391f59ddfb09f4fefe53a988d989e60503
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Last-Modified
Fri, 28 Oct 2022 05:45:27 GMT
ETag
"1d8ea907b2a5d90"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10256
logo_hefr.png
payments.hefr.ch/heia-heg/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.hefr.ch/heia-heg/images/logo_hefr.png
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
ed20d0af3e2774f833c03a61f8f14c6cf05d19f69c1444519a0a062f95a3d545
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e88d46"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17094
api.js
www.google.com/recaptcha/ 		850 B
878 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1ddc29e2605d3175edb5b8222cd13cdacbfe90b5b5f31ffe9c64e9698b4e848f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
558
x-xss-protection
1; mode=block
expires
Mon, 03 Apr 2023 12:05:30 GMT
dropin.min.js
js.braintreegateway.com/web/dropin/1.32.1/js/ 		465 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
28e0c23278b516040413db264c90929581a34de52e2296f2d73e3b2e9633e7fa
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:30 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
537d96147708f
dc
ccg11-origin-www-1.paypal.com
content-length
116218
x-served-by
cache-sjc10033-SJC, cache-fra-eddf8230088-FRA
last-modified
Fri, 10 Dec 2021 00:02:08 GMT
traceparent
00-0000000000000000000537d96147708f-f71e46c77d73cad4-01
x-timer
S1680523531.782066,VS0,VE0
etag
W/"61b29900-74573"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
1521, 196
three-d-secure.min.js
js.braintreegateway.com/web/3.84.0/js/ 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.84.0/js/three-d-secure.min.js
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9148c231d69b7bd48c5e5add84574ccb2cbe76e89c15647aa4e07bd9ed322cc9
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:30 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
6526c6dae2b43
dc
ccg11-origin-www-1.paypal.com
content-length
16159
x-served-by
cache-sjc10071-SJC, cache-fra-eddf8230088-FRA
last-modified
Fri, 10 Dec 2021 00:02:07 GMT
traceparent
00-00000000000000000006526c6dae2b43-c8da927998e68c6f-01
x-timer
S1680523531.782071,VS0,VE0
etag
W/"61b298ff-eff0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
5989, 9
hosted-fields.min.js
js.braintreegateway.com/web/3.84.0/js/ 		63 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.84.0/js/hosted-fields.min.js
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7383200ed422b1ff0a99b9b0ca411be866bee8296df06b6913aebea007fcf47c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:30 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
9ab9e9a4732dd
dc
ccg11-origin-www-1.paypal.com
content-length
17954
x-served-by
cache-sjc10050-SJC, cache-fra-eddf8230088-FRA
last-modified
Fri, 10 Dec 2021 00:02:07 GMT
traceparent
00-00000000000000000009ab9e9a4732dd-f0dd6022c2d45da0-01
x-timer
S1680523531.782038,VS0,VE2
etag
W/"61b298ff-fbd0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
383, 1
client.min.js
js.braintreegateway.com/web/3.84.0/js/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.84.0/js/client.min.js
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2f97eb422cdb0e72bec745a37f4d599e736492d6b65c1acb100a44e331723313
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:30 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
e2eea71730275
dc
ccg11-origin-www-1.paypal.com
content-length
12904
x-served-by
cache-sjc10078-SJC, cache-fra-eddf8230088-FRA
last-modified
Fri, 10 Dec 2021 00:02:07 GMT
traceparent
00-0000000000000000000e2eea71730275-b8476974efd66ce2-01
x-timer
S1680523531.782010,VS0,VE1
etag
W/"61b298ff-a80b"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
18, 61
data-collector.min.js
js.braintreegateway.com/web/3.83.0/js/ 		32 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.83.0/js/data-collector.min.js
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1bf295246ea27ebec4fc35c75e6ab4a52b461ec57e3480abeaf8d26a6a97a83b
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:30 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
e57f80aba6df8
dc
ccg11-origin-www-1.paypal.com
content-length
10780
x-served-by
cache-sjc10050-SJC, cache-fra-eddf8230088-FRA
last-modified
Fri, 10 Dec 2021 00:02:06 GMT
traceparent
00-0000000000000000000e57f80aba6df8-6ce07087fe9bd2c8-01
x-timer
S1680523531.781999,VS0,VE1
etag
W/"61b298fe-7f01"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
23, 290
BraintreeHelper.js
payments.hefr.ch/heia-heg/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg/js/BraintreeHelper.js?v=2.1
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
8a3f8bd08dc0fa2f54c63090db36a14801c5d7ba797dab03ba4ccc9ca5480656
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e8d68e"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1993
demo.js
payments.hefr.ch/heia-heg/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg/js/demo.js
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
0a046f4dae3b296a4de2a5eab7c3f502133d7ee0321cf94dee488f7b5c6690ea
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e8c857"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
804
jquery.min.js
payments.hefr.ch/heia-heg/lib/jquery/dist/ 		87 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg/lib/jquery/dist/jquery.min.js?v=9_aliU8dGd2tb6OSsuzixeV4y_faTqgFtohetphbbj0
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e99204"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
40395
bootstrap.bundle.min.js
payments.hefr.ch/heia-heg/lib/bootstrap/dist/js/ 		76 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg/lib/bootstrap/dist/js/bootstrap.bundle.min.js?v=9SEPo-fwJFpMUet_KACSwO-Z_dKMReF9q4zFhU_fT9M
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Content-Encoding
gzip
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e9feb1"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31560
site.js
payments.hefr.ch/heia-heg/js/ 		226 B
525 B 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg/js/site.js?v=BxFAw9RUJ1E4NycpKEjCNDeoSvr4RPHixdBq5wDnkeY
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
e03b397a81c986a9c9b1c0f14e69eef69ee6f45efee41b9c31a7912eaad1be76
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/heia-heg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e8cf62"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
226
recaptcha__de.js
www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/ 		410 KB
165 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
02fb03a90ba8e768848eccdace513b8d3a36a2c29b5497a2b43662b09dd59eed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://payments.hefr.ch/
Origin
https://payments.hefr.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 11:33:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1909
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
167953
x-xss-protection
0
last-modified
Tue, 28 Mar 2023 00:02:54 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 Apr 2024 11:33:41 GMT
css
fonts.googleapis.com/ 		2 KB
944 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg/css/overrides.css?v=yI3RqqMyMNC08qdQU8fmO2jWc19uX1FY7byfwmYe9XQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7cb2b177ef2c7560273c716faa3e8619d6493c29e6ebd2b4fae4459e28d66bde
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 03 Apr 2023 12:05:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 03 Apr 2023 10:17:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 03 Apr 2023 12:05:30 GMT
OpenSans-Regular-webfont.woff
payments.hefr.ch/heia-heg/fonts/open-sans/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg/fonts/open-sans/OpenSans-Regular-webfont.woff
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg/css/app.css?v=2DV-D548-MNdrJa2kZV89zuXe86JXbSvs0XszTa-sgI
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://payments.hefr.ch/heia-heg/css/app.css?v=2DV-D548-MNdrJa2kZV89zuXe86JXbSvs0XszTa-sgI
Origin
https://payments.hefr.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e89704"
Content-Type
application/font-woff
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22660
OpenSans-Bold-webfont.woff
payments.hefr.ch/heia-heg/fonts/open-sans/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://payments.hefr.ch/heia-heg/fonts/open-sans/OpenSans-Bold-webfont.woff
Requested by
Host: payments.hefr.ch
URL: https://payments.hefr.ch/heia-heg/css/app.css?v=2DV-D548-MNdrJa2kZV89zuXe86JXbSvs0XszTa-sgI
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
160.98.8.41 , Switzerland, ASN559 (SWITCH Peering requests: peering@switch.ch, CH),
Reverse DNS
ccrs.ch
Software
/
Resource Hash
a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://payments.hefr.ch/heia-heg/css/app.css?v=2DV-D548-MNdrJa2kZV89zuXe86JXbSvs0XszTa-sgI
Origin
https://payments.hefr.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:30 GMT
Strict-Transport-Security
max-age=2592000
Last-Modified
Thu, 08 Sep 2022 15:04:27 GMT
ETag
"1d8c39449e89820"
Content-Type
application/font-woff
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22432
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://payments.hefr.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 10:31:00 GMT
x-content-type-options
nosniff
age
524070
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Mar 2024 10:31:00 GMT
graphql
payments.braintree-api.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://payments.braintree-api.com/graphql
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.139.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ae1d37305401c759d.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,braintree-version,content-type
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-headers
authorization,braintree-version,content-type
access-control-allow-methods
GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://payments.hefr.ch
access-control-max-age
1800
date
Mon, 03 Apr 2023 12:05:30 GMT
paypal-debug-id
d8bdac83a7674
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-frame-options
DENY
graphql
payments.braintree-api.com/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://payments.braintree-api.com/graphql
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.139.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ae1d37305401c759d.awsglobalaccelerator.com
Software
nginx /
Resource Hash
5f68fd3f418184133a9f19637ef738315a1a319e36d2883f39362d4568c2f936
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://payments.hefr.ch/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE2ODA2MDk5MzAsImp0aSI6ImZjY2IxNWU2LWJlMmItNGY3MC04MGNkLTVmNzQ1NjliNDIwNSIsInN1YiI6Ijk2NXd6YzR4cXBjODkzdnEiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6Ijk2NXd6YzR4cXBjODkzdnEiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0IjpmYWxzZX0sInJpZ2h0cyI6WyJtYW5hZ2VfdmF1bHQiXSwic2NvcGUiOlsiQnJhaW50cmVlOlZhdWx0Il0sIm9wdGlvbnMiOnsibWVyY2hhbnRfYWNjb3VudF9pZCI6ImRhbmllbHBsYXNjaHloZWZyY2gifX0.LdNmfqb-MbsNAyvsHBhcib5Q1dbO_aw9UMU0qECZCagoga0iZbJ4h90XzRuM6aUNkN0CyfTKbyjKXBq1KN6K-w
Braintree-Version
2018-05-10
Content-Type
application/json

Response headers

pragma
no-cache
date
Mon, 03 Apr 2023 12:05:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
server
nginx
vary
Braintree-Version, Accept-Encoding
braintree-version
2016-10-07
content-type
application/json
access-control-allow-origin
https://payments.hefr.ch
paypal-debug-id
1f0f03aefac84
cache-control
no-cache, no-store
x-frame-options
DENY
content-length
940
anchor
www.google.com/recaptcha/api2/ Frame 237B 		48 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8&co=aHR0cHM6Ly9wYXltZW50cy5oZWZyLmNoOjQ0Mw..&hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&size=normal&cb=1t7di3s43hni
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__de.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d8cc2f63984d6fc47df62492f7d0b60e1a8fc7c821889d074835db21f32ffd1d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-a_RWeg9tz5g3WZ3FoPIwww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://payments.hefr.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
27096
content-security-policy
script-src 'report-sample' 'nonce-a_RWeg9tz5g3WZ3FoPIwww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 03 Apr 2023 12:05:30 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/ Frame 237B 		55 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8&co=aHR0cHM6Ly9wYXltZW50cy5oZWZyLmNoOjQ0Mw..&hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&size=normal&cb=1t7di3s43hni
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 11:51:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24605
x-xss-protection
0
last-modified
Tue, 28 Mar 2023 00:02:54 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 Apr 2024 11:51:31 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/ Frame 237B 		410 KB
164 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8&co=aHR0cHM6Ly9wYXltZW50cy5oZWZyLmNoOjQ0Mw..&hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&size=normal&cb=1t7di3s43hni
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
02fb03a90ba8e768848eccdace513b8d3a36a2c29b5497a2b43662b09dd59eed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 11:33:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1910
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
167953
x-xss-protection
0
last-modified
Tue, 28 Mar 2023 00:02:54 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 Apr 2024 11:33:41 GMT
truncated
/ Frame 237B 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 237B 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/png
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 237B 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Fri, 31 Mar 2023 18:05:12 GMT
x-content-type-options
nosniff
age
237619
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Fri, 07 Apr 2023 18:05:12 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 237B 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8&co=aHR0cHM6Ly9wYXltZW50cy5oZWZyLmNoOjQ0Mw..&hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&size=normal&cb=1t7di3s43hni
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 10:31:08 GMT
x-content-type-options
nosniff
age
524063
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Mar 2024 10:31:08 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 237B 		102 B
134 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=NZrMWHVy58-S9gVvad9HVGxk
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8&co=aHR0cHM6Ly9wYXltZW50cy5oZWZyLmNoOjQ0Mw..&hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&size=normal&cb=1t7di3s43hni
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5eeebeac1fee158e91552b54fd08b8d3db120dbe80ed09075135fa760415a3ba
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8&co=aHR0cHM6Ly9wYXltZW50cy5oZWZyLmNoOjQ0Mw..&hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&size=normal&cb=1t7di3s43hni
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112
x-xss-protection
1; mode=block
expires
Mon, 03 Apr 2023 12:05:31 GMT
bframe
www.google.com/recaptcha/api2/ Frame 056E 		7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
50ff9bf33a2f066fb2f2f43237ddb046a3d14db2272f8a68f061d9fc491bbab7
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-gC00iZKiz6IJv5LzmWzcnA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://payments.hefr.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
1121
content-security-policy
script-src 'report-sample' 'nonce-gC00iZKiz6IJv5LzmWzcnA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 03 Apr 2023 12:05:31 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/ Frame 056E 		55 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 11:51:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
840
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24605
x-xss-protection
0
last-modified
Tue, 28 Mar 2023 00:02:54 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 Apr 2024 11:51:31 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/ Frame 056E 		410 KB
164 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=NZrMWHVy58-S9gVvad9HVGxk&k=6LcHuI8aAAAAAIng-Hj9zoJiPiQaM2YDXCwaUco8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
02fb03a90ba8e768848eccdace513b8d3a36a2c29b5497a2b43662b09dd59eed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 11:33:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1910
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
167953
x-xss-protection
0
last-modified
Tue, 28 Mar 2023 00:02:54 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 02 Apr 2024 11:33:41 GMT
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ 		0
281 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payments.hefr.ch/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ 		0
281 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payments.hefr.ch/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ 		0
281 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payments.hefr.ch/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
dropin.min.css
assets.braintreegateway.com/web/dropin/1.32.1/css/ 		21 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.braintreegateway.com/web/dropin/1.32.1/css/dropin.min.css
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7a8acb2ec6ff7947b7ed2606870c7bbdddd3c02ae7800064797524de0cae44d3
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 03 Apr 2023 12:05:31 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
b007a61fc7cd6
dc
ccg11-origin-www-1.paypal.com
content-length
3784
x-served-by
cache-sjc10082-SJC, cache-fra-eddf8230088-FRA
last-modified
Fri, 10 Dec 2021 00:02:08 GMT
traceparent
00-0000000000000000000b007a61fc7cd6-784459848180351e-01
x-timer
S1680523531.387572,VS0,VE1
etag
W/"61b29900-5356"
vary
Accept-Encoding
content-type
text/css
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
281, 1
checkout.min.js
www.paypalobjects.com/api/ 		862 KB
189 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/api/checkout.min.js
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48F4) /
Resource Hash
950d13c3e8a9fd93e026afeec5ad6205e36d194aa1d8f062c0876a9f9c42405d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
ee872c376b8f9
dc
ccg11-origin-www-1.paypal.com
content-length
192776
last-modified
Mon, 25 Apr 2022 17:04:48 GMT
server
ECAcc (ama/48F4)
traceparent
00-0000000000000000000ee872c376b8f9-747f3ece749e7108-01
etag
W/"6266d4b0-d7987"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Tue, 04 Apr 2023 12:05:31 GMT
pptm.js
www.paypal.com/tagmanager/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/tagmanager/pptm.js?id=payments.hefr.ch&source=checkoutjs&t=xo&v=4.0.336
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-f1rtaRzZDIv5Tj0AN0Wt7sTeAA71tzMJjO2pPuo6l+wQr3SK' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-f1rtaRzZDIv5Tj0AN0Wt7sTeAA71tzMJjO2pPuo6l+wQr3SK' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Apr 2023 12:05:31 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
0
x-cache
HIT, HIT
paypal-debug-id
f657062dccb66
server-timing
"traceparent;desc="00-0000000000000000000f657062dccb66-dd964b268a373b7d-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
4299
x-xss-protection
1; mode=block
x-served-by
cache-hhn-etou8220025-HHN, cache-fra-eddf8230120-FRA
traceparent
00-0000000000000000000f657062dccb66-fe0330cf95da24b3-01
x-timer
S1680523532.534435,VS0,VE190
etag
W/"2f34-zQQ0FVqIlbkbuS4WgpPW/nUPXC4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Server-Timing
cache-control
public, max-age=3600
accept-ranges
bytes
x-cache-hits
2, 1
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
songbird.js
songbird.cardinalcommerce.com/edge/v1/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://songbird.cardinalcommerce.com/edge/v1/songbird.js
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee137b22cf3783b2d9e3d4583e4e871fc3e562da74149a0e775a065f4545e59b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:31 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1513
cf-bgj
minify
last-modified
Tue, 01 Mar 2022 19:58:10 GMT
server
cloudflare
etag
W/"0f522ada62dd81:0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SV2fWJzqgTZQs%2BvVNB4bfLWriA5hLvYScG4Kg%2F9KPeeXsZK6Q6EX7MJJO2f66Mm7SqQ8a4DdIwj9ckbSO7dxX6MTy1xojxPYIwxJEvP6mSzFA1hqNQ1Un2h%2BIrLD9UrdSlfRIROYqE7qv3AXGuYXWs0T87kTnnYqX7L4"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=14400
cf-ray
7b212e286c1939d9-FRA
expires
Mon, 03 Apr 2023 16:05:31 GMT
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ 		0
281 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payments.hefr.ch/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
dispatch-frame.min.html
checkout.paypal.com/web/3.83.0/html/ Frame C862 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://checkout.paypal.com/web/3.83.0/html/dispatch-frame.min.html
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-23.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
02c93fedf284ce5c2974f42ab35ad15754852d1dbc94d2d9032df250d2ad7f20
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;

Request headers

Referer
https://payments.hefr.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
27886
cache-control
max-age=86400
content-encoding
gzip
content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type
text/html
date
Mon, 03 Apr 2023 04:21:58 GMT
etag
W/"64274209-261a"
expires
Tue, 04 Apr 2023 04:20:45 GMT
last-modified
Fri, 31 Mar 2023 20:26:49 GMT
server
nginx
vary
Accept-Encoding
via
1.1 4c692717a0e85914a993c3aa5c8a2ef6.cloudfront.net (CloudFront)
x-amz-cf-id
mAT_GuJZkXtwcK24HJ0LrHIeY-RjwJbwNOV_fBSO0vXziobUuMHx3Q==
x-amz-cf-pop
FRA56-P3
x-cache
Hit from cloudfront
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ 		0
281 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payments.hefr.ch/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ 		0
281 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payments.hefr.ch/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
button
www.paypal.com/smart/ Frame F05E 		64 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/smart/button?env=production&style.label=checkout&funding.disallowed=venmo%2Citau%2Ccard%2Cideal%2Celv%2Cbancontact%2Cgiropay%2Csofort%2Ceps%2Cmybank%2Cp24%2Czimpler%2Cblik%2Cmaxima%2Cboleto%2Coxxo%2Cmercadopago%2Ccredit&domain=payments.hefr.ch&sessionID=uid_a7e66ca5b3_mti6mdu6mze&buttonSessionID=uid_0e051cf681_mti6mdu6mze&renderedButtons=paypal&storageID=uid_95bd8c2775_mti6mdu6mze&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=1ee727e81f&version=min&xcomponent=1
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
871e4e1bad1395ffce6280940c3d8ca05349bfd8b46fffea374f6cbce556c056
Security Headers
Name Value
Content-Security-Policy form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://payments.hefr.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Full
accept-ranges
bytes
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html; charset=utf-8
date
Mon, 03 Apr 2023 12:05:31 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
p3p
true
paypal-debug-id
f55060334c7bc
server-timing
"traceparent;desc="00-0000000000000000000f55060334c7bc-f36e8598bcd245a5-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f55060334c7bc-a4ab090e8c857846-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-csrf-jwt
__blank__
x-served-by
cache-hhn-etou8220078-HHN, cache-fra-eddf8230120-FRA
x-timer
S1680523532.598471,VS0,VE342
x-xss-protection
1; mode=block
truncated
/ Frame D95D 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
adf9b3c556710fac2e0f2ecf748a1f82afd023d7957336ef228db33f1deb83d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame D95D 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb91dfcb049d42c6a9b5b9798498ced5f618b7a5838c15468da7fe38745d4378

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/svg+xml
fb.js
c.paypal.com/da/r/ 		59 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.83.0/js/data-collector.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dcc49c76e2faccba32a3f6c2c419e8f6724a46f2ccd16c822be0bae10268294b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-cache-hits
4, 1, 2398566
date
Mon, 03 Apr 2023 12:05:31 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
5323057
x-cache
HIT, HIT, HIT
paypal-debug-id
8d02b3197927f
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
20545
x-served-by
cache-sjc10074-SJC, cache-fra-eddf8230048-FRA, cache-fra-eddf8230064-FRA
last-modified
Tue, 31 Jan 2023 20:30:46 GMT
traceparent
00-00000000000000000008d02b3197927f-a6cbabdc8c2b29e1-01
x-timer
S1680523532.656525,VS0,VE1
etag
W/"63d97a76-ecbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=86400
access-control-allow-credentials
false
access-control-max-age
86400
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Apr 2023 12:05:31 GMT
hosted-fields-frame.min.html
assets.braintreegateway.com/web/3.83.0/html/ Frame 27BE 		126 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.braintreegateway.com/web/3.83.0/html/hosted-fields-frame.min.html
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dbcc6835cc0e644b0658894997d7b1df0401a48452b9b061ad110e320ead68d4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
https://payments.hefr.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
34674
content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type
text/html
date
Mon, 03 Apr 2023 12:05:31 GMT
dc
ccg11-origin-www-1.paypal.com
etag
W/"63764270-1f7ab"
last-modified
Thu, 17 Nov 2022 14:17:20 GMT
paypal-debug-id
c5d206c738e08
strict-transport-security
max-age=31557600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-0000000000000000000c5d206c738e08-fe274c670066f949-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
5306, 2
x-content-type-options
nosniff
x-served-by
cache-sjc10076-SJC, cache-fra-eddf8230088-FRA
x-timer
S1680523532.651162,VS0,VE1
hosted-fields-frame.min.html
assets.braintreegateway.com/web/3.83.0/html/ Frame 9163 		126 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.braintreegateway.com/web/3.83.0/html/hosted-fields-frame.min.html
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dbcc6835cc0e644b0658894997d7b1df0401a48452b9b061ad110e320ead68d4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
https://payments.hefr.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
34674
content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type
text/html
date
Mon, 03 Apr 2023 12:05:31 GMT
dc
ccg11-origin-www-1.paypal.com
etag
W/"63764270-1f7ab"
last-modified
Thu, 17 Nov 2022 14:17:20 GMT
paypal-debug-id
c5d206c738e08
strict-transport-security
max-age=31557600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-0000000000000000000c5d206c738e08-fe274c670066f949-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
5306, 2
x-content-type-options
nosniff
x-served-by
cache-sjc10076-SJC, cache-fra-eddf8230088-FRA
x-timer
S1680523532.651772,VS0,VE1
logger
www.paypal.com/xoplatform/logger/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-app-name,x-requested-with
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Full
accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-app-name,x-requested-with
access-control-allow-methods
POST
access-control-allow-origin
https://payments.hefr.ch
cache-control
max-age=0, no-cache, no-store, must-revalidate
date
Mon, 03 Apr 2023 12:05:31 GMT
dc
ccg11-origin-www-1.paypal.com
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
f5506030535ef
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
traceparent
00-0000000000000000000f5506030535ef-516b5490e78606c8-01
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-served-by
cache-hhn-etou8220055-HHN, cache-fra-eddf8230055-FRA
x-timer
S1680523532.707532,VS0,VE172
hosted-fields-frame.min.html
assets.braintreegateway.com/web/3.83.0/html/ Frame D51B 		126 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.braintreegateway.com/web/3.83.0/html/hosted-fields-frame.min.html
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dbcc6835cc0e644b0658894997d7b1df0401a48452b9b061ad110e320ead68d4
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

Referer
https://payments.hefr.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
s-maxage=31536000, public,max-age=3600
content-encoding
gzip
content-length
34674
content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type
text/html
date
Mon, 03 Apr 2023 12:05:31 GMT
dc
ccg11-origin-www-1.paypal.com
etag
W/"63764270-1f7ab"
last-modified
Thu, 17 Nov 2022 14:17:20 GMT
paypal-debug-id
c5d206c738e08
strict-transport-security
max-age=31557600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
traceparent
00-0000000000000000000c5d206c738e08-fe274c670066f949-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
5306, 3
x-content-type-options
nosniff
x-served-by
cache-sjc10076-SJC, cache-fra-eddf8230088-FRA
x-timer
S1680523532.655641,VS0,VE0
logger
www.paypal.com/xoplatform/logger/api/ 		1005 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cbb730407d1819f6e04bad876890348e8658e4b9a732f67e225ff644e0bb78d5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

x-app-name
checkoutjs
Referer
https://payments.hefr.ch/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-type
application/json

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS
paypal-debug-id
f5506032d5b4d
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-hhn-etou8220042-HHN, cache-fra-eddf8230055-FRA
accept-ch
Sec-CH-UA-Full
traceparent
00-0000000000000000000f5506032d5b4d-e069be1db49505c6-01
x-timer
S1680523532.888097,VS0,VE213
etag
W/"3ed-lErJOV67IocHcBCzxuJgqioVqwE"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://payments.hefr.ch
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
none
x-cache-hits
0, 0
1.597f4104d311c33d4189.songbird.js
songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/ 		388 KB
153 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/1.597f4104d311c33d4189.songbird.js
Requested by
Host: songbird.cardinalcommerce.com
URL: https://songbird.cardinalcommerce.com/edge/v1/songbird.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49f44b77dcf6c6d78e309bdea55a83ff9fcd20f461aa08c11416126d1b3663c8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://payments.hefr.ch/
Origin
https://payments.hefr.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:31 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
last-modified
Tue, 01 Mar 2022 19:58:10 GMT
server
cloudflare
etag
"0f522ada62dd81:0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RwNsbmY5f8WQiKk8c5y9AGAr2nU4P83o5KMUoF6IwSqlFvHWmA4Gmu4I%2BjHxDCLE7WXSBNjTOT3Z8jYT%2B%2B8vxHlATtOmWC1Rzbp%2Fejv%2F9OMYmuM8erIniu0X5oENMWVUlwGBzkVjgzwwY1u%2BDfxadZ%2F07ljtpcP5LDnN"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=15552000
cf-ray
7b212e29291a692b-FRA
expires
Sat, 30 Sep 2023 12:05:31 GMT
i
c.paypal.com/v1/r/d/ Frame 1FD1 		160 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://payments.hefr.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, Sec-CH-UA-Full
accept-ranges
none
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy-report-only
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html;charset=UTF-8
correlation-id
c2888f0a0a5e8
date
Mon, 03 Apr 2023 12:05:31 GMT
origin-trial
A+THamRrv1ypMR6JeaJx7Wmo8rytLELMAeCL0XGhTihfUtp+dVqcCNYiWxOzySlH2Xk7lzRrFY3mxv6viKT1qggAAACKeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
paypal-debug-id
c2888f0a0a5e8
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
*
traceparent
00-0000000000000000000c2888f0a0a5e8-c2f117fc8526df34-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-served-by
cache-hhn-etou8220078-HHN, cache-fra-eddf8230064-FRA
x-timer
S1680523532.783833,VS0,VE173
x-xss-protection
1; mode=block
counter2.cgi
dub.stats.paypal.com/ Frame 7C38
Redirect Chain
  • https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=7ff09b39726c6100088ea838a7c04ccb&t=1680523531.596&a=14
  • https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=7ff09b39726c6100088ea838a7c04ccb&t=1680523531.596&a=14
42 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=7ff09b39726c6100088ea838a7c04ccb&t=1680523531.596&a=14
Protocol
HTTP/1.1
Server
64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software
PayPal-B.Stats/1.0 /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
42
Content-Type
image/jpeg

Redirect headers

Location
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=7ff09b39726c6100088ea838a7c04ccb&t=1680523531.596&a=14
Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
0
Content-Type
application/octet-stream
ts
t.paypal.com/ 		42 B
723 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Payment%20gateway%20-%20HEIA-FR%20HEG-FR&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1680523531804&g=0&completeurl=https%3A%2F%2Fpayments.hefr.ch%2Fheia-heg&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payments.hefr.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-cache-hits
0, 0
date
Mon, 03 Apr 2023 12:05:32 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
65dd9e2a6dbb7
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-hhn-etou8220078-HHN, cache-fra-eddf8230064-FRA
pragma
no-cache
correlation-id
65dd9e2a6dbb7
traceparent
00-000000000000000000065dd9e2a6dbb7-9c62b3d3153a6864-01
x-timer
S1680523532.838755,VS0,VE166
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 03 Apr 2023 12:05:31 GMT
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 27BE 		0
292 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Requested by
Host: assets.braintreegateway.com
URL: https://assets.braintreegateway.com/web/3.83.0/html/hosted-fields-frame.min.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://assets.braintreegateway.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://assets.braintreegateway.com
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://assets.braintreegateway.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://assets.braintreegateway.com
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Mon, 03 Apr 2023 12:05:31 GMT
Server
nginx
checkout.min.js
www.paypalobjects.com/api/ Frame F05E 		862 KB
188 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/api/checkout.min.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/smart/button?env=production&style.label=checkout&funding.disallowed=venmo%2Citau%2Ccard%2Cideal%2Celv%2Cbancontact%2Cgiropay%2Csofort%2Ceps%2Cmybank%2Cp24%2Czimpler%2Cblik%2Cmaxima%2Cboleto%2Coxxo%2Cmercadopago%2Ccredit&domain=payments.hefr.ch&sessionID=uid_a7e66ca5b3_mti6mdu6mze&buttonSessionID=uid_0e051cf681_mti6mdu6mze&renderedButtons=paypal&storageID=uid_95bd8c2775_mti6mdu6mze&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=1ee727e81f&version=min&xcomponent=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48F4) /
Resource Hash
950d13c3e8a9fd93e026afeec5ad6205e36d194aa1d8f062c0876a9f9c42405d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
ee872c376b8f9
dc
ccg11-origin-www-1.paypal.com
content-length
192776
last-modified
Mon, 25 Apr 2022 17:04:48 GMT
server
ECAcc (ama/48F4)
traceparent
00-0000000000000000000ee872c376b8f9-747f3ece749e7108-01
etag
W/"6266d4b0-d7987"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
expires
Tue, 04 Apr 2023 12:05:31 GMT
button.js
www.paypalobjects.com/api/xo/ Frame F05E 		446 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/api/xo/button.js?date=2023-3-3
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/smart/button?env=production&style.label=checkout&funding.disallowed=venmo%2Citau%2Ccard%2Cideal%2Celv%2Cbancontact%2Cgiropay%2Csofort%2Ceps%2Cmybank%2Cp24%2Czimpler%2Cblik%2Cmaxima%2Cboleto%2Coxxo%2Cmercadopago%2Ccredit&domain=payments.hefr.ch&sessionID=uid_a7e66ca5b3_mti6mdu6mze&buttonSessionID=uid_0e051cf681_mti6mdu6mze&renderedButtons=paypal&storageID=uid_95bd8c2775_mti6mdu6mze&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=1ee727e81f&version=min&xcomponent=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48DF) /
Resource Hash
d423b2b316d239308fcb45a1cbf9e68b6436767c2c4f6b4f2fbeb8190fb79f0a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
8b8f43c8dd757
dc
ccg11-origin-www-1.paypal.com
content-length
78632
last-modified
Tue, 28 Mar 2023 15:15:01 GMT
server
ECAcc (ama/48DF)
traceparent
00-00000000000000000008b8f43c8dd757-6383da29e01cccd8-01
etag
W/"64230475-6f8fe"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Tue, 04 Apr 2023 12:05:31 GMT
truncated
/ Frame F05E 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
adf9b3c556710fac2e0f2ecf748a1f82afd023d7957336ef228db33f1deb83d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame F05E 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb91dfcb049d42c6a9b5b9798498ced5f618b7a5838c15468da7fe38745d4378

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/svg+xml
fb.js
c.paypal.com/da/r/ Frame 1FD1 		59 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dcc49c76e2faccba32a3f6c2c419e8f6724a46f2ccd16c822be0bae10268294b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-cache-hits
4, 1, 2398568
date
Mon, 03 Apr 2023 12:05:31 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
5323057
x-cache
HIT, HIT, HIT
paypal-debug-id
8d02b3197927f
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
20545
x-served-by
cache-sjc10074-SJC, cache-fra-eddf8230048-FRA, cache-fra-eddf8230064-FRA
last-modified
Tue, 31 Jan 2023 20:30:46 GMT
traceparent
00-00000000000000000008d02b3197927f-a6cbabdc8c2b29e1-01
x-timer
S1680523532.995706,VS0,VE1
etag
W/"63d97a76-ecbf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=86400
access-control-allow-credentials
false
access-control-max-age
86400
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Apr 2023 12:05:31 GMT
12.597f4104d311c33d4189.songbird.js
songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/ 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/12.597f4104d311c33d4189.songbird.js
Requested by
Host: songbird.cardinalcommerce.com
URL: https://songbird.cardinalcommerce.com/edge/v1/songbird.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a029f8651c1abf6eb77706476716f84fa986d95ba7f3ade6583106f6f678f3a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://payments.hefr.ch/
Origin
https://payments.hefr.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
9688
last-modified
Tue, 01 Mar 2022 19:58:10 GMT
server
cloudflare
etag
"0f522ada62dd81:0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fyPUQfy9gKD6hPUJARMBzc%2BYzdKAoK0PTSvHtvTjMOANmCNyhUNEFTCbQty8lgR4bmjURuhJ0XzflA2fMAYzk0H%2FVo5EggVtO7Ow2%2FWkUBc3ebO7nmLFDRbySeLFf3Fv8L6BKsIAEpu9rLwFvls69XX0zF7G9%2Bw2uTzC"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=15552000
accept-ranges
bytes
cf-ray
7b212e2bed2e692b-FRA
expires
Sat, 30 Sep 2023 12:05:32 GMT
graphql
www.paypal.com/ Frame F05E 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/graphql?GetNativeEligibility
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/xo/button.js?date=2023-3-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2f260fabfc5680b362f4e348f2232d645e46fd0b39e8403f6bfe9c09e9859f65
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-HLnPhmHzNU99xhbTOHitTd4iaNqMY4pxdYH1pYJob/WNuOc+' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data: https://c.paypal.com; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

x-app-name
smart-payment-buttons
accept
application/json
Referer
https://www.paypal.com/smart/button?env=production&style.label=checkout&funding.disallowed=venmo%2Citau%2Ccard%2Cideal%2Celv%2Cbancontact%2Cgiropay%2Csofort%2Ceps%2Cmybank%2Cp24%2Czimpler%2Cblik%2Cmaxima%2Cboleto%2Coxxo%2Cmercadopago%2Ccredit&domain=payments.hefr.ch&sessionID=uid_a7e66ca5b3_mti6mdu6mze&buttonSessionID=uid_0e051cf681_mti6mdu6mze&renderedButtons=paypal&storageID=uid_95bd8c2775_mti6mdu6mze&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=1ee727e81f&version=min&xcomponent=1
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type
application/json

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-HLnPhmHzNU99xhbTOHitTd4iaNqMY4pxdYH1pYJob/WNuOc+' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data: https://c.paypal.com; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
date
Mon, 03 Apr 2023 12:05:32 GMT
content-encoding
br
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
paypal-debug-id
f5506030da1e0
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
x-served-by
cache-hhn-etou8220032-HHN, cache-fra-eddf8230120-FRA
accept-ch
Sec-CH-UA-Full
traceparent
00-0000000000000000000f5506030da1e0-4d4c07078523e4cb-01
x-timer
S1680523532.181526,VS0,VE272
etag
W/"66a-Sw+NVwM4dbc7lgsWTi1VqT6MpXU"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
none
x-cache-hits
0, 0
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ 		0
281 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payments.hefr.ch/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 03 Apr 2023 12:05:32 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Mon, 03 Apr 2023 12:05:32 GMT
Server
nginx
logger
www.paypal.com/xoplatform/logger/api/ Frame F05E 		1014 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
37a02d8569655dd46c0142a6c3e03ca330b261ed269fd7439033c5cfddf5bc70
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

x-app-name
checkoutjs
Referer
https://www.paypal.com/smart/button?env=production&style.label=checkout&funding.disallowed=venmo%2Citau%2Ccard%2Cideal%2Celv%2Cbancontact%2Cgiropay%2Csofort%2Ceps%2Cmybank%2Cp24%2Czimpler%2Cblik%2Cmaxima%2Cboleto%2Coxxo%2Cmercadopago%2Ccredit&domain=payments.hefr.ch&sessionID=uid_a7e66ca5b3_mti6mdu6mze&buttonSessionID=uid_0e051cf681_mti6mdu6mze&renderedButtons=paypal&storageID=uid_95bd8c2775_mti6mdu6mze&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=1ee727e81f&version=min&xcomponent=1
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-type
application/json

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS
paypal-debug-id
f5506032c5cef
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-hhn-etou8220061-HHN, cache-fra-eddf8230120-FRA
accept-ch
Sec-CH-UA-Full
traceparent
00-0000000000000000000f5506032c5cef-b5adad1e3ef5d140-01
x-timer
S1680523532.196398,VS0,VE217
etag
W/"3f6-K0v1Dg0QI8KAkXgnwKKIrWtCZWw"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
none
x-cache-hits
0, 0
p1
c.paypal.com/v1/r/d/b/ Frame 1FD1 		125 B
892 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/v1/r/d/b/p1
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6fe79ff93f45ab3f9b1de2702aaf50bb5677041901a6f4388919b3460f591397
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id
82b21fb78392a
server-timing
"traceparent;desc="00-000000000000000000082b21fb78392a-103c821b2d3e8809-01"";content-encoding;desc="",x-cdn;desc="fastly"
content-length
125
x-served-by
cache-hhn-etou8220034-HHN, cache-fra-eddf8230064-FRA
correlation-id
82b21fb78392a
traceparent
00-000000000000000000082b21fb78392a-94f0d53010f77cc5-01
content-type
application/json
access-control-allow-origin
https://www.paypal.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
e
c.paypal.com/v1/r/d/b/ Frame 1FD1 		0
342 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/v1/r/d/b/e
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
paypal-debug-id
300a51e0260ab
server-timing
"traceparent;desc="00-0000000000000000000300a51e0260ab-4a50fac83fd67b58-01"";content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-hhn-etou8220035-HHN, cache-fra-eddf8230064-FRA
correlation-id
300a51e0260ab
traceparent
00-0000000000000000000300a51e0260ab-deb35982a7fc6f77-01
access-control-allow-origin
https://www.paypal.com
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
p3
c6.paypal.com/v1/r/d/b/ Frame 1FD1 		0
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c6.paypal.com/v1/r/d/b/p3?f=7ff09b39726c6100088ea838a7c04ccb&s=BRAINTREE_SIGNIN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
paypal-debug-id
e6f14b94a195c
server-timing
"traceparent;desc="00-0000000000000000000e6f14b94a195c-ec175896b139bb68-01"";content-encoding;desc="",x-cdn;desc="fastly"
content-length
0
x-served-by
cache-hhn-etou8220059-HHN, cache-fra-eddf8230064-FRA
correlation-id
e6f14b94a195c
traceparent
00-0000000000000000000e6f14b94a195c-a0a5c5dbc536d367-01
x-timer
S1680523532.253574,VS0,VE181
access-control-expose-headers
Server-Timing
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
logger
www.paypal.com/xoplatform/logger/api/ Frame F05E 		1005 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/checkout.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b4bb13b1c64c68a7ddf7bb796442ee270041985937090f3a98b3410ecb6642f3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

x-app-name
checkoutjs
Referer
https://www.paypal.com/smart/button?env=production&style.label=checkout&funding.disallowed=venmo%2Citau%2Ccard%2Cideal%2Celv%2Cbancontact%2Cgiropay%2Csofort%2Ceps%2Cmybank%2Cp24%2Czimpler%2Cblik%2Cmaxima%2Cboleto%2Coxxo%2Cmercadopago%2Ccredit&domain=payments.hefr.ch&sessionID=uid_a7e66ca5b3_mti6mdu6mze&buttonSessionID=uid_0e051cf681_mti6mdu6mze&renderedButtons=paypal&storageID=uid_95bd8c2775_mti6mdu6mze&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=1ee727e81f&version=min&xcomponent=1
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-type
application/json

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS
paypal-debug-id
f5506034ad4cb
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-hhn-etou8220060-HHN, cache-fra-eddf8230120-FRA
accept-ch
Sec-CH-UA-Full
traceparent
00-0000000000000000000f5506034ad4cb-588a4443eb005410-01
x-timer
S1680523532.226391,VS0,VE212
etag
W/"3ed-YWl8nftymGoUxvK8efdDC9yAiIM"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
none
x-cache-hits
0, 0
logger
www.paypal.com/xoplatform/logger/api/ Frame F05E 		1023 B
1 KB 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/xoplatform/logger/api/logger
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/api/xo/button.js?date=2023-3-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.21 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2649cee6542a2b1c658d40e5f3da98fe642befabc92a36c89d95539a0d955292
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.paypal.com/smart/button?env=production&style.label=checkout&funding.disallowed=venmo%2Citau%2Ccard%2Cideal%2Celv%2Cbancontact%2Cgiropay%2Csofort%2Ceps%2Cmybank%2Cp24%2Czimpler%2Cblik%2Cmaxima%2Cboleto%2Coxxo%2Cmercadopago%2Ccredit&domain=payments.hefr.ch&sessionID=uid_a7e66ca5b3_mti6mdu6mze&buttonSessionID=uid_0e051cf681_mti6mdu6mze&renderedButtons=paypal&storageID=uid_95bd8c2775_mti6mdu6mze&locale.x=en_US&logLevel=warn&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWxvYmplY3RzLmNvbS9hcGkvY2hlY2tvdXQubWluLmpzIn0&uid=1ee727e81f&version=min&xcomponent=1
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-cache
MISS, MISS
paypal-debug-id
f550603a4150c
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
x-served-by
cache-hhn-etou8220061-HHN, cache-fra-eddf8230120-FRA
accept-ch
Sec-CH-UA-Full
traceparent
00-0000000000000000000f550603a4150c-b1668036fe22abc7-01
x-timer
S1680523532.253166,VS0,VE214
etag
W/"3ff-id0d7FszBLEkNX+tB27kesCCYco"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges
none
x-cache-hits
0, 0
Init
centinelapi.cardinalcommerce.com/V1/Order/JWT/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://centinelapi.cardinalcommerce.com/V1/Order/JWT/Init
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-cardinal-tid
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type, x-cardinal-tid
access-control-allow-methods
GET,POST,HEAD,OPTIONS
access-control-allow-origin
https://payments.hefr.ch
access-control-expose-headers
Access-Control-Allow-Origin
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
cf-cache-status
DYNAMIC
cf-ray
7b212e2cee52692b-FRA
content-length
0
date
Mon, 03 Apr 2023 12:05:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjTlipiXPpPEG8ksgf8JqSbcv1QB%2FoZXjRV%2BUBx1cPU0ZEqOwx%2BkJU9Uk7R3EkLIoxKV%2BGQbHFzcPdtlqqoMZbg48Ya8W0Zg2h28MEwQiVf4Y1un2NwnL7M%2FDY0YfvjVm4udHihVM4SxLm5TMZQ44HVhpaOMA27e%2F4wP7Qs5"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Init
centinelapi.cardinalcommerce.com/V1/Order/JWT/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://centinelapi.cardinalcommerce.com/V1/Order/JWT/Init
Requested by
Host: songbird.cardinalcommerce.com
URL: https://songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/1.597f4104d311c33d4189.songbird.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88467f376860ef1c206ce813c38dd7322a7106c8ca076e725965373185cf2cd7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://payments.hefr.ch/
X-Cardinal-Tid
Tid-39c414a1-5f28-446d-b59b-d4b545ba6659
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0mtVALIk2%2FAiCXTdxxWYLt3HueCKPxOhhCUQnhUVsrSzwKGwlEFyCfQvoe82AKcXrQ6x2j1QhUfw9ti1JTqogoH1YLdVdh6YJrTI0MwwsVYvvDgPVWgotRS%2BK6%2B90cIdBRvenyzrAFi4zyN5QEav4idieL%2FV8mHh06rBUYNG"}],"group":"cf-nel","max_age":604800}
content-type
text/plain
access-control-allow-origin
https://payments.hefr.ch
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cf-ray
7b212e2def78692b-FRA
11.597f4104d311c33d4189.songbird.js
songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/ 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/11.597f4104d311c33d4189.songbird.js
Requested by
Host: songbird.cardinalcommerce.com
URL: https://songbird.cardinalcommerce.com/edge/v1/songbird.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87377a76242a921e0058aed55a8a705d9469eb122a5d26c6f3ff2e50fa55d127
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://payments.hefr.ch/
Origin
https://payments.hefr.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
10265
last-modified
Tue, 01 Mar 2022 19:58:10 GMT
server
cloudflare
etag
"0f522ada62dd81:0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TeaQ2BY0kcriGSW66CpiJCk6G2mhVTy0HkzUtrMeuWzIFG3yZHC1TGTWWvalHzuLWKxRcumQDHf6kh2SYJVvolm%2Faxo4RMrFo82TAhSL725jdHKz33mrxh9XyXN2H8rAoZnia7O2TUc9SuVY5%2BeTGNunEsEkafNjHgBX"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=15552000
accept-ranges
bytes
cf-ray
7b212e2f18e6692b-FRA
expires
Sat, 30 Sep 2023 12:05:32 GMT
Render
geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/ Frame 7F81 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
Requested by
Host: songbird.cardinalcommerce.com
URL: https://songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/1.597f4104d311c33d4189.songbird.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ae8e65abab653f87fa511618ea22e2b95d0bc63bddc9b05ec65e46b975eb5b9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://payments.hefr.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
7b212e2f3f0d39d9-FRA
content-encoding
gzip
content-language
de-DE
content-length
1165
content-type
text/html;charset=ISO-8859-1
date
Mon, 03 Apr 2023 12:05:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="This site does not have a p3p policy."
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bYBXSdszkNQjj5Y9y6jA5n2kBYWlPK%2F0vbXs%2Bpa5bb5JWx9BFVMIkCREwr1shdvmFbOBhZp01C6TrvaevVwMDTVYPKiS77U3SgynjTPXO%2Fl5SndKHehMYvr9FAuNf%2F5FTnnHDKHeS493%2Ftu6lBviv6UpeBOqzA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000
vary
accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
3.597f4104d311c33d4189.songbird.js
songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/3.597f4104d311c33d4189.songbird.js
Requested by
Host: songbird.cardinalcommerce.com
URL: https://songbird.cardinalcommerce.com/edge/v1/songbird.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6879c93ab49e4e79ea4286c937326c4fbeef281b7da982e6046cbac4d882fbce
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://payments.hefr.ch/
Origin
https://payments.hefr.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
9295
last-modified
Tue, 01 Mar 2022 19:58:10 GMT
server
cloudflare
etag
"0f522ada62dd81:0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6I81RdDxAMkVZiF0tMtSsAFE2GKIoaoKFIFFQFSK1qJvkRjcPpxCBkQkWiuB5bElMiMfI4vTS3dvGjuj%2FSKVs93xoGpUDJd2PpVVzKkRPe0uc1rOLJ5WDW4vj0GwtA6qjfFfTuRQFcH154JU%2BmSUyZNj9RePhqDLTINf"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=15552000
accept-ranges
bytes
cf-ray
7b212e301a19692b-FRA
expires
Sat, 30 Sep 2023 12:05:32 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ Frame 7F81 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: geo.cardinalcommerce.com
URL: https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://geo.cardinalcommerce.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1160859
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27958
last-modified
Mon, 04 May 2020 23:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb09ed3-15d84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YDVX1GilUWJDsjIZnolFo2X1cyErWWg3YEI9D0ZrFzOgeiS1QFdwq6fINxBWaTcrxi8vA5z95fj11NRccWJY%2FwLb9L1zbUfwSYwqGcQePqnHKVA%2BNjnYbpIwftg9zMtzUqXkA1Dtz72R4duKjGNdDAWX"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7b212e305f93bb86-FRA
expires
Sat, 23 Mar 2024 12:05:32 GMT
json3.min.js
cdnjs.cloudflare.com/ajax/libs/json3/3.3.2/ Frame 7F81 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/json3/3.3.2/json3.min.js
Requested by
Host: geo.cardinalcommerce.com
URL: https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c3e64ef84e5290feef3e6e6943c4618cd3b609995b6d7bde6e898b06bbf5d5a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://geo.cardinalcommerce.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2122192
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3209
last-modified
Mon, 04 May 2020 16:11:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec9-1fd1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=azINoxmkeiYdwqtr1JoNCvIEyEJeRSC14dRvJ73BAhkZMJuUoc6keXFONz7v%2BZFSpHXWQeWdxAXk6M7vC%2FhKsJw1iTcqG9pLv7n4yVUHqSsfNY9vSHVnw7g5dvhodJ9rMIqSLanEortUr5KWkj8t5LNo"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7b212e305f94bb86-FRA
expires
Sat, 23 Mar 2024 12:05:32 GMT
6d028a6f5c5c7a8f8dbd924b0fc274afbf37412e.min.js
geo.cardinalcommerce.com/DeviceFingerprintWeb/includes/js/ Frame 7F81 		34 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.cardinalcommerce.com/DeviceFingerprintWeb/includes/js/6d028a6f5c5c7a8f8dbd924b0fc274afbf37412e.min.js
Requested by
Host: geo.cardinalcommerce.com
URL: https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d59d7ef453977062a7c216e3fa8d62c26a8e49b62c1625d23f655ed457f10808
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2190
p3p
CP="This site does not have a p3p policy."
content-length
13047
last-modified
Fri, 03 Mar 2023 16:08:06 GMT
server
cloudflare
vary
accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VIXS25GbLdCmPqPcWNEIkHnA59GyakII%2BAXETTwZlI7xq13FMz2P5KW8RVvT3FNUSkm3%2FikCyWDrPVeeJzbFmbmyatHOY%2FQjG%2FoKuYBAUvTZ0%2Fu%2BS13nJh52xqtnf5RJDeLS%2FoEOYbSIjbjTup7%2FwIKDqYg9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
7b212e30389b39d9-FRA
expires
Mon, 03 Apr 2023 16:05:32 GMT
profiler.min.js
geo.cardinalcommerce.com/DeviceFingerprintWeb/includes/js/ Frame 7F81 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.cardinalcommerce.com/DeviceFingerprintWeb/includes/js/profiler.min.js
Requested by
Host: geo.cardinalcommerce.com
URL: https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95483314622403ce35e1a25b049f5520355b2465b31e6620df4109c4d41b8f99
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7166
p3p
CP="This site does not have a p3p policy."
content-length
5158
last-modified
Fri, 03 Mar 2023 16:08:20 GMT
server
cloudflare
vary
accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WEcFgIV8bMLue%2BEMPVtAqugVEoPA6mV8KevyAaOg5WKOjyt37dqZdvt2N6dmvZe2MnsQvdFPkh0UGKTQR%2BbiFkN5IFD%2FE7RLdGmQV9rMY%2F0ExitqCflT6%2FHeJYA3xsemKsij5KrQVThvQh%2Byp4lA%2F7joX5LJhA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
7b212e30389d39d9-FRA
expires
Mon, 03 Apr 2023 16:05:32 GMT
acsprofiler.min.js
geo.cardinalcommerce.com/DeviceFingerprintWeb/includes/js/ Frame 7F81 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.cardinalcommerce.com/DeviceFingerprintWeb/includes/js/acsprofiler.min.js
Requested by
Host: geo.cardinalcommerce.com
URL: https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13bf5fb4ced782c0fe5d2a5d181a9d4ffd92d5fa26304ec78fe7fdf9ee4c3e77
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 12:05:32 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5507
p3p
CP="This site does not have a p3p policy."
content-length
2051
last-modified
Fri, 03 Mar 2023 16:08:22 GMT
server
cloudflare
vary
accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSDBHNS8Ch1%2FYujMWmqP%2FKry8a%2BU4oHdM6DTTsA5uEAAPhm1eHyPsPVyvYcovUiy9g2SCZIH7gO3cFNh0Cap5Taj6GsJxwoEWLoDNwWBxMKCYZhEvHUvVjb2hXT4H37ehXzXRLdOr7lA%2BVPUsBiQE6tuJwSeqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
7b212e3038a239d9-FRA
expires
Mon, 03 Apr 2023 16:05:32 GMT
SaveBrowserData
geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/ Frame 7F81 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/SaveBrowserData
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Accept
*/*
Referer
https://geo.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/Render?threatmetrix=true&alias=Default&orgUnitId=5c8959f0823c162dc03a4103&tmEventType=PAYMENT&referenceId=1_b34c2119-bab8-4d18-b2fd-80fa0bb21212&geolocation=false&origin=Songbird
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 03 Apr 2023 12:05:33 GMT
strict-transport-security
max-age=15552000
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
adrum_1
n:cardinalcommerce-prod_93ff2f8d-3ce1-43f8-8827-3466b84b528c
p3p
CP="This site does not have a p3p policy."
adrum_2
i:4894854
content-length
0
adrum_4
d:12
server
cloudflare
adrum_0
g:ad26688d-2dec-4133-a4c0-ef1ec2b23787
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QzPdPOTvDkSKtPhCNY7V8RRCuAMqwgU5Ar0irEB0yCxI2gOGN3hy%2BQbDlRNBTUlWUVyDY8kluSLBIbRfekvQ4%2FGNLiXL4jFUzXE0wSfDdtLBrBwfDWRCT0%2FG%2BYe0%2BQxBOAIoSyn2Gs%2BSzxcwQtJaTR8uZ1JpOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain
access-control-allow-origin
https://geo.cardinalcommerce.com
access-control-expose-headers
Access-Control-Allow-Origin
adrum_3
e:15
access-control-allow-credentials
true
cf-ray
7b212e30f9c939d9-FRA
log
writer.cardinalcommerce.com/prod/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://writer.cardinalcommerce.com/prod/log
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-cardinal-tid
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Cardinal-Tid
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-ray
7b212e324d0a692b-FRA
content-length
0
content-type
application/json
date
Mon, 03 Apr 2023 12:05:33 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSAMUUh14gedgt0LHJ4Wxlen5SifCDqfHm4VrOknhhM0PWQ44Ih8u0HvU9V99qcst8Rff37R5XlkExdgLLRO1wlU5KXrx19apCFsZZW6%2B0gQmvWQ95tGTMktOzKGnkVzzGQ80%2FNDNPz4c8jZ4x%2FYC%2FAcO33kONLWCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront)
x-amz-apigw-id
CzMaHF1fIAMFY8w=
x-amz-cf-id
ysB6AhRsYyZPDagAU7NY98G6zaPcMzwtqS578wqlyJCmqVP-0Ajwrg==
x-amz-cf-pop
FRA60-P1
x-amzn-requestid
9d312b6d-ab46-4ada-999e-6bc82aaa6d8d
x-amzn-trace-id
Root=1-642ac10d-598daa673f297388271beb5e
x-cache
Miss from cloudfront
log
writer.cardinalcommerce.com/prod/ 		15 B
539 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://writer.cardinalcommerce.com/prod/log
Requested by
Host: songbird.cardinalcommerce.com
URL: https://songbird.cardinalcommerce.com/edge/v1/597f4104d311c33d4189/1.597f4104d311c33d4189.songbird.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

Request headers

Referer
https://payments.hefr.ch/
X-Cardinal-Tid
Tid-39c414a1-5f28-446d-b59b-d4b545ba6659
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Mon, 03 Apr 2023 12:05:33 GMT
via
1.1 b04a6cb0bde4a78c29099913e07f9056.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA60-P1
x-amzn-requestid
b3082010-e3e2-4d9e-8948-42df9850c5fa
x-cache
Miss from cloudfront
x-amz-apigw-id
CzMaIH5EoAMFl-g=
content-length
15
server
cloudflare
x-amzn-trace-id
Root=1-642ac10d-0e9c797a123b7b707bcb37df
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Za8kI%2FvXaRThNFo4HvuWvDNUNdGI2UL5dR6apH%2BqDj%2B5H7p0SOWb8LDTyGDlQkBFT63it3rqNWIYPQpkxNWhWwr17uUvHLPV%2BzHPEgBuM5mbczvbmhcSpI0FxXidDK2OOZaHglUDpXQ%2BGaSEcOWJxI4cTRxMB9DwMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cf-ray
7b212e330e3b692b-FRA
x-amz-cf-id
dEvbjkE-F8o0nlWBOQD2QbjndOSpF09pN4VT6liFAEiBjGiwi4zyJg==
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ 		0
281 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/dropin/1.32.1/js/dropin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payments.hefr.ch/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/json

Response headers

Date
Mon, 03 Apr 2023 12:05:33 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
965wzc4xqpc893vq
client-analytics.braintreegateway.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://client-analytics.braintreegateway.com/965wzc4xqpc893vq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.105.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-105-195.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://payments.hefr.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://payments.hefr.ch
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Mon, 03 Apr 2023 12:05:33 GMT
Server
nginx

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 boolean| credentialless object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| braintree function| fixSelectedCountryTag function| initBraintree function| displayErrorMessage function| Demo function| $ function| jQuery object| recaptcha number| uidEvent object| bootstrap object| closure_lm_793371 object| __postRobot__ object| __zoid__ function| onLegacyPaymentAuthorize function| watchForLegacyFallback function| onLegacyFallback string| LOG_LEVEL function| __pptmLoadedWithNoContent object| paypal object| PAYPAL object| ppxo object| paypalDDL function| songbirdLoader object| Cardinal function| setImmediate function| clearImmediate object| __paypal_global__

13 Cookies

Domain/Path Name / Value
payments.hefr.ch/heia-heg Name: .AspNetCore.Antiforgery.zdFo-VGKLbQ
Value: CfDJ8E4NM-j3-MVKk05wPep2ee9q5p22JgBWxYjGH1IWyScNYuZhruv4TypuyEo6ni91yML2V3hjW1U6VJ0cMHBGqUl6siG6mlGaNOBLGIcNPxmTc2Jal5sPXPuQsGZ8TMslEp5D4FFye6hgo-0CafdPPWg
payments.hefr.ch/ Name: BIGipServer~HEFR-Web~HEFR_K8s_dodona.app~HEFR_K8s_dodona_pool
Value: 1743544992.20480.0000
.paypal.com/ Name: l7_az
Value: dcg15.slc
.paypal.com/ Name: ts_c
Value: vr%3D470216961870a464067339f4ffc6a973%26vt%3D470216961870a464067339f4ffc6a972
.paypal.com/ Name: enforce_policy
Value: gdpr_v2.1
.paypal.com/ Name: LANG
Value: de_DE%3BDE
.paypal.com/ Name: ts
Value: vreXpYrS%3D1775217932%26vteXpYrS%3D1680525332%26vr%3D470216961870a464067339f4ffc6a973%26vt%3D470216961870a464067339f4ffc6a972%26vtyp%3D
.c.paypal.com/ Name: sc_f
Value: WcWM1KwtSV1eXAtiFxpEBqAuMFFqqpgKlCTBkVr84QicpWqcD-SUQiM8dX_PKA9BviHdUzSpcKWuZJt0V3VcI92Zs9DN0IYgl5c6Nm
.paypal.com/ Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK
Value: DhP3cYdbn_PtP5di3wckPoZxIyJzmW3TDDoF7v6xeaRLhu8oYREBX3XFnmUcf18SbjF7zqmTydw0RGNL
.paypal.com/ Name: x-pp-s
Value: eyJ0IjoiMTY4MDUyMzUzMjM3NyIsImwiOiIwIiwibSI6IjAifQ
www.paypal.com/ Name: nsid
Value: s%3A5t7aK8raiWgSckIIPb0gtgVNBGOxD8Va.fxiGmi9FJuyvqWfJ1czLS%2BRi5AZithcWdl7K2mB9JyM
.paypal.com/ Name: tsrce
Value: loggernodeweb
.cardinalcommerce.com/ Name: __cfruid
Value: 7e556ae7784d8a30fcdc04e5b70564f6d7b74b4b-1680523532

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.braintreegateway.com
b.stats.paypal.com
c.paypal.com
c6.paypal.com
cdnjs.cloudflare.com
centinelapi.cardinalcommerce.com
checkout.paypal.com
client-analytics.braintreegateway.com
dub.stats.paypal.com
fonts.googleapis.com
fonts.gstatic.com
geo.cardinalcommerce.com
js.braintreegateway.com
payments.braintree-api.com
payments.hefr.ch
songbird.cardinalcommerce.com
t.paypal.com
writer.cardinalcommerce.com
www.google.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
13.248.139.42
151.101.1.35
151.101.129.21
151.101.66.133
160.98.8.41
192.229.221.25
2606:4700::6811:180e
2606:4700::c6d9:fbfb
2a00:1450:4001:808::200a
2a00:1450:4001:829::2003
2a00:1450:4001:830::2004
2a00:1450:4001:831::2003
52.222.214.23
52.29.105.195
64.4.245.84
019c05d8e455c830c42b85705b9fa7391f59ddfb09f4fefe53a988d989e60503
02c93fedf284ce5c2974f42ab35ad15754852d1dbc94d2d9032df250d2ad7f20
02fb03a90ba8e768848eccdace513b8d3a36a2c29b5497a2b43662b09dd59eed
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0a046f4dae3b296a4de2a5eab7c3f502133d7ee0321cf94dee488f7b5c6690ea
13bf5fb4ced782c0fe5d2a5d181a9d4ffd92d5fa26304ec78fe7fdf9ee4c3e77
1b09993a0bd20757fe286229cc64c45080e7e35b5eb870682d95423eb233e61c
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1bf295246ea27ebec4fc35c75e6ab4a52b461ec57e3480abeaf8d26a6a97a83b
1ddc29e2605d3175edb5b8222cd13cdacbfe90b5b5f31ffe9c64e9698b4e848f
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655
2649cee6542a2b1c658d40e5f3da98fe642befabc92a36c89d95539a0d955292
28e0c23278b516040413db264c90929581a34de52e2296f2d73e3b2e9633e7fa
2ae8e65abab653f87fa511618ea22e2b95d0bc63bddc9b05ec65e46b975eb5b9
2f260fabfc5680b362f4e348f2232d645e46fd0b39e8403f6bfe9c09e9859f65
2f97eb422cdb0e72bec745a37f4d599e736492d6b65c1acb100a44e331723313
37a02d8569655dd46c0142a6c3e03ca330b261ed269fd7439033c5cfddf5bc70
38616067ca3d205c66803c744fa0e1465bdf51f67a7ce25d88e337557fa5bdf7
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
49f44b77dcf6c6d78e309bdea55a83ff9fcd20f461aa08c11416126d1b3663c8
50ff9bf33a2f066fb2f2f43237ddb046a3d14db2272f8a68f061d9fc491bbab7
5a029f8651c1abf6eb77706476716f84fa986d95ba7f3ade6583106f6f678f3a
5eeebeac1fee158e91552b54fd08b8d3db120dbe80ed09075135fa760415a3ba
5f68fd3f418184133a9f19637ef738315a1a319e36d2883f39362d4568c2f936
6879c93ab49e4e79ea4286c937326c4fbeef281b7da982e6046cbac4d882fbce
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6fe79ff93f45ab3f9b1de2702aaf50bb5677041901a6f4388919b3460f591397
7383200ed422b1ff0a99b9b0ca411be866bee8296df06b6913aebea007fcf47c
7a8acb2ec6ff7947b7ed2606870c7bbdddd3c02ae7800064797524de0cae44d3
7c3e64ef84e5290feef3e6e6943c4618cd3b609995b6d7bde6e898b06bbf5d5a
7cb2b177ef2c7560273c716faa3e8619d6493c29e6ebd2b4fae4459e28d66bde
871e4e1bad1395ffce6280940c3d8ca05349bfd8b46fffea374f6cbce556c056
87377a76242a921e0058aed55a8a705d9469eb122a5d26c6f3ff2e50fa55d127
88467f376860ef1c206ce813c38dd7322a7106c8ca076e725965373185cf2cd7
8a3f8bd08dc0fa2f54c63090db36a14801c5d7ba797dab03ba4ccc9ca5480656
90c7193d26678202055340c12c37f7bcd8bd3c6543c2cdda74d7fdbd3a8cbe55
9148c231d69b7bd48c5e5add84574ccb2cbe76e89c15647aa4e07bd9ed322cc9
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
950d13c3e8a9fd93e026afeec5ad6205e36d194aa1d8f062c0876a9f9c42405d
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
95483314622403ce35e1a25b049f5520355b2465b31e6620df4109c4d41b8f99
a0357cb694b5284870c77c0dbcaf33f238004800419288afde313317b0dbd0b7
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
adf9b3c556710fac2e0f2ecf748a1f82afd023d7957336ef228db33f1deb83d3
b4bb13b1c64c68a7ddf7bb796442ee270041985937090f3a98b3410ecb6642f3
cbb730407d1819f6e04bad876890348e8658e4b9a732f67e225ff644e0bb78d5
d423b2b316d239308fcb45a1cbf9e68b6436767c2c4f6b4f2fbeb8190fb79f0a
d59d7ef453977062a7c216e3fa8d62c26a8e49b62c1625d23f655ed457f10808
d8357e0f9e3cf8c35dac96b691957cf73b977bce895db4afb345eccd36beb202
d8cc2f63984d6fc47df62492f7d0b60e1a8fc7c821889d074835db21f32ffd1d
dbcc6835cc0e644b0658894997d7b1df0401a48452b9b061ad110e320ead68d4
dcc49c76e2faccba32a3f6c2c419e8f6724a46f2ccd16c822be0bae10268294b
e03b397a81c986a9c9b1c0f14e69eef69ee6f45efee41b9c31a7912eaad1be76
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed20d0af3e2774f833c03a61f8f14c6cf05d19f69c1444519a0a062f95a3d545
ee137b22cf3783b2d9e3d4583e4e871fc3e562da74149a0e775a065f4545e59b
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fb91dfcb049d42c6a9b5b9798498ced5f618b7a5838c15468da7fe38745d4378