owasp.org Open in urlscan Pro
2606:4700:10::6816:1a4d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://owasp.org/Top10/A01_2021-Broken_Access_Control/
Submission: On July 02 via api (July 2nd 2023, 8:41:34 am UTC) from US — Scanned from DE

Summary HTTP 13 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2606:4700:10::6816:1a4d, located in United States and belongs to CLOUDFLARENET, US. The main domain is owasp.org. The Cisco Umbrella rank of the primary domain is 164282.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 4th 2023. Valid for: a year.

This is the only time owasp.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2606:4700:10:... 2606:4700:10::6816:1a4d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2	192.30.255.117 192.30.255.117	36459 (GITHUB) (GITHUB)
13	5

5 2606:4700:10::6816:1a4d (United States)

ASN13335 (CLOUDFLARENET, US)

owasp.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.30.255.117 (United States)

ASN36459 (GITHUB, US)
PTR: lb-192-30-255-117-sea.github.com

api.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	gstatic.com fonts.gstatic.com	86 KB
5	owasp.org owasp.org — Cisco Umbrella Rank: 164282	115 KB
2	github.com api.github.com — Cisco Umbrella Rank: 4493	4 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	2 KB
13	4

	Domain	Requested by
5	fonts.gstatic.com	fonts.googleapis.com
5	owasp.org	owasp.org
2	api.github.com	owasp.org
1	fonts.googleapis.com	owasp.org
13	4

This site contains links to these domains. Also see Links.

Domain
github.com
cheatsheetseries.owasp.org
portswigger.net
www.oauth.com
cwe.mitre.org
creativecommons.org
squidfunk.github.io

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-04` - `2024-05-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-16` - `2024-03-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://owasp.org/Top10/A01_2021-Broken_Access_Control/
Frame ID: 4AC01A634BA23EFFD9492BB3A21F8340
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

A01 Broken Access Control - OWASP Top 10:2021

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

13
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

206 kB
Transfer

413 kB
Size

0
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/OWASP/Top10
Title: OWASP/Top10 3.7k760

Search URL Search Domain Scan URL

URL: https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html
Title: OWASP Cheat Sheet: Authorization

Search URL Search Domain Scan URL

URL: https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties
Title: PortSwigger: Exploiting CORS misconfiguration

Search URL Search Domain Scan URL

URL: https://www.oauth.com/oauth2-servers/listing-authorizations/revoking-access/
Title: OAuth: Revoking Access

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/22.html
Title: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/23.html
Title: CWE-23 Relative Path Traversal

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/35.html
Title: CWE-35 Path Traversal: '.../...//'

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/59.html
Title: CWE-59 Improper Link Resolution Before File Access ('Link Following')

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/200.html
Title: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/201.html
Title: CWE-201 Exposure of Sensitive Information Through Sent Data

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/219.html
Title: CWE-219 Storage of File with Sensitive Data Under Web Root

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/264.html
Title: CWE-264 Permissions, Privileges, and Access Controls (should no longer be used)

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/275.html
Title: CWE-275 Permission Issues

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/276.html
Title: CWE-276 Incorrect Default Permissions

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/284.html
Title: CWE-284 Improper Access Control

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/285.html
Title: CWE-285 Improper Authorization

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/352.html
Title: CWE-352 Cross-Site Request Forgery (CSRF)

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/359.html
Title: CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/377.html
Title: CWE-377 Insecure Temporary File

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/402.html
Title: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/425.html
Title: CWE-425 Direct Request ('Forced Browsing')

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/441.html
Title: CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/497.html
Title: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/538.html
Title: CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/540.html
Title: CWE-540 Inclusion of Sensitive Information in Source Code

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/548.html
Title: CWE-548 Exposure of Information Through Directory Listing

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/552.html
Title: CWE-552 Files or Directories Accessible to External Parties

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/566.html
Title: CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/601.html
Title: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/639.html
Title: CWE-639 Authorization Bypass Through User-Controlled Key

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/651.html
Title: CWE-651 Exposure of WSDL File Containing Sensitive Information

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/668.html
Title: CWE-668 Exposure of Resource to Wrong Sphere

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/706.html
Title: CWE-706 Use of Incorrectly-Resolved Name or Reference

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/862.html
Title: CWE-862 Missing Authorization

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/863.html
Title: CWE-863 Incorrect Authorization

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/913.html
Title: CWE-913 Improper Control of Dynamically-Managed Code Resources

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/922.html
Title: CWE-922 Insecure Storage of Sensitive Information

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/1275.html
Title: CWE-1275 Sensitive Cookie with Improper SameSite Attribute

Search URL Search Domain Scan URL

URL: http://creativecommons.org/licenses/by/3.0/deed.en_US
Title: Creative Commons Attribution 3.0 Unported License

Search URL Search Domain Scan URL

URL: https://squidfunk.github.io/mkdocs-material/
Title: Material for MkDocs

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
owasp.org/Top10/A01_2021-Broken_Access_Control/ 29 KB
9 KB 228ms
174ms Document
text/html 2606:4700:10::6816:1a4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/Top10/A01_2021-Broken_Access_Control/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1a4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c909e8b26f51414f91116617b6172372c38e47d284961771fbbd377fd7fa52b0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 0
cache-control: max-age=600
cf-cache-status: DYNAMIC
cf-ray: 7e0597082a489a03-FRA
content-encoding: br
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-type: text/html; charset=utf-8
date: Sun, 02 Jul 2023 08:41:29 GMT
expires: Sun, 02 Jul 2023 07:11:28 GMT
last-modified: Wed, 24 May 2023 22:55:48 GMT
permissions-policy: geolocation=(self)
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-content-type-options: nosniff
x-fastly-request-id: a010d09a0007299102b3adb055e7218d4fc0665f
x-frame-options: SAMEORIGIN
x-github-request-id: 8110:C9E9:284CABC:299D593:64A120C7
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230112-FRA
x-timer: S1688287290.671622,VS0,VE108

GET
H2 200 main.ded33207.min.css
owasp.org/Top10/assets/stylesheets/ 111 KB
20 KB 153ms
153ms Stylesheet
text/css 2606:4700:10::6816:1a4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/Top10/assets/stylesheets/main.ded33207.min.css

Requested by

Host: owasp.org
URL: https://owasp.org/Top10/A01_2021-Broken_Access_Control/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1a4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ded332077fbb768f29149148725c7cedaa836c6617eb3884063e5c974b7fe7e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/Top10/A01_2021-Broken_Access_Control/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id: 787add826bb8e3b6a78def792d573cc9a310bfe0
date: Sun, 02 Jul 2023 08:41:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sun, 02 Jul 2023 05:51:10 GMT
x-served-by: cache-fra-eddf8230087-FRA
referrer-policy: same-origin
last-modified: Wed, 24 May 2023 22:55:48 GMT
server: cloudflare
x-github-request-id: 73D6:9C69:39E4E81:3B9D999:646E971A
x-timer: S1684969243.600171,VS0,VE98
etag: W/"646e95f4-1bb09"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 7e0597094b899a03-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 css
fonts.googleapis.com/ 23 KB
2 KB 79ms
31ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback

Requested by

Host: owasp.org
URL: https://owasp.org/Top10/A01_2021-Broken_Access_Control/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0dc560a51a4414c2f14eb6d5c9b3f681b1debe37232bfb9cd75073acf77ffcda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 02 Jul 2023 08:41:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 02 Jul 2023 08:32:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 02 Jul 2023 08:41:29 GMT

GET
H2 200 OWASP_Logo_Transp.png
owasp.org/Top10/assets/ 12 KB
14 KB 161ms
161ms Image
image/png 2606:4700:10::6816:1a4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/Top10/assets/OWASP_Logo_Transp.png

Requested by

Host: owasp.org
URL: https://owasp.org/Top10/A01_2021-Broken_Access_Control/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1a4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

740a4cfa9ea983f861cdeb7c2aabd1fe56cbcd19a1a9e3ff690e51b1401a896e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/Top10/A01_2021-Broken_Access_Control/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id: a8da167610b8f0b3ac2606e55dfeea1c7ba5e8d4
date: Sun, 02 Jul 2023 08:41:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sun, 02 Jul 2023 05:51:10 GMT
content-length: 12233
x-served-by: cache-fra-eddf8230066-FRA
referrer-policy: same-origin
last-modified: Wed, 24 May 2023 22:55:48 GMT
server: cloudflare
x-github-request-id: 0B60:0F5D:318EC3C:332553A:646E971A
x-timer: S1684969243.758145,VS0,VE99
etag: "646e95f4-2fc9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 7e05970a4caa9a03-FRA
x-cache-hits: 0

GET
H2 200 TOP_10_Icons_Final_Broken_Access_Control.png
owasp.org/Top10/assets/ 36 KB
36 KB 159ms
159ms Image
image/png 2606:4700:10::6816:1a4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/Top10/assets/TOP_10_Icons_Final_Broken_Access_Control.png

Requested by

Host: owasp.org
URL: https://owasp.org/Top10/A01_2021-Broken_Access_Control/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1a4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fd10e901a68eee4734c03b779e03e388f60723cab87397cdf44199b1e003099

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/Top10/A01_2021-Broken_Access_Control/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id: d703112124b1cba2854a43e6d35b734b44740a2c
date: Sun, 02 Jul 2023 08:41:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sun, 02 Jul 2023 07:11:29 GMT
content-length: 36832
x-served-by: cache-fra-eddf8230081-FRA
referrer-policy: same-origin
last-modified: Wed, 24 May 2023 22:55:48 GMT
server: cloudflare
x-github-request-id: 67B0:24FE:2C25C33:2D97F40:64A120C8
x-timer: S1688281289.990138,VS0,VE102
etag: "646e95f4-8fe0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 7e05970a6cca9a03-FRA
x-cache-hits: 0

GET
H2 200 bundle.51198bba.min.js Show response
owasp.org/Top10/assets/javascripts/ 111 KB
36 KB 151ms
151ms Script
application/javascript 2606:4700:10::6816:1a4d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/Top10/assets/javascripts/bundle.51198bba.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/Top10/A01_2021-Broken_Access_Control/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1a4d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

586bd900e06fe89cdb1494835e97de46dc42a098ac7100d1d6c1097622e437cc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/Top10/A01_2021-Broken_Access_Control/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-fastly-request-id: bb04e960103aa2b0a802c0155b53bab84feb2465
date: Sun, 02 Jul 2023 08:41:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sun, 02 Jul 2023 04:59:01 GMT
x-served-by: cache-fra-eddf8230083-FRA
referrer-policy: same-origin
last-modified: Wed, 24 May 2023 22:55:48 GMT
server: cloudflare
x-github-request-id: E4CA:8C78:17E34B2:1898CBE:646E971A
x-timer: S1684969243.672757,VS0,VE99
etag: W/"646e95f4-1bad7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 7e059709cc299a03-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 82ms
20ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 22:16:07 GMT
x-content-type-options: nosniff
age: 210323
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Jun 2024 22:16:07 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 86ms
25ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 05:19:29 GMT
x-content-type-options: nosniff
age: 12121
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 01 Jul 2024 05:19:29 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 100ms
38ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 17:28:20 GMT
x-content-type-options: nosniff
age: 227590
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 Jun 2024 17:28:20 GMT

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ 17 KB
17 KB 116ms
55ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 17:25:47 GMT
x-content-type-options: nosniff
age: 54943
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17368
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Jun 2024 17:25:47 GMT

GET
H2 200 L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0mQ.woff2
fonts.gstatic.com/s/robotomono/v22/ 22 KB
22 KB 111ms
50ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v22/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0mQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f39f934bc7f7b1b4dfa532f4b38dac960a3a7ad6bb9789a412f03bdcb4abd9f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Jul 2023 17:30:45 GMT
x-content-type-options: nosniff
age: 54645
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22168
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:56:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Jun 2024 17:30:45 GMT

GET
H2 404 latest Show response
api.github.com/repos/OWASP/Top10/releases/ 125 B
1 KB 730ms
280ms Fetch
application/json 192.30.255.117
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://api.github.com/repos/OWASP/Top10/releases/latest

Requested by

Host: owasp.org
URL: https://owasp.org/Top10/assets/javascripts/bundle.51198bba.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.30.255.117 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-192-30-255-117-sea.github.com

Software

GitHub.com /

Resource Hash

09484432f7b44413d8ad72c82fa87dfd3b29cfa09a5ff14876cf1a231473fc1d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 08:41:30 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'
content-encoding: gzip
x-ratelimit-used: 1
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
content-length: 122
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: GitHub.com
x-github-request-id: C898:3C3A:7BE053D:7F97CAB:64A1383A
x-frame-options: deny
vary: Accept-Encoding, Accept, X-Requested-With
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
x-ratelimit-remaining: 59
x-ratelimit-resource: core
x-ratelimit-reset: 1688290890
x-ratelimit-limit: 60

GET
H2 200 Top10 Show response
api.github.com/repos/OWASP/ 6 KB
3 KB 745ms
295ms Fetch
application/json 192.30.255.117
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://api.github.com/repos/OWASP/Top10

Requested by

Host: owasp.org
URL: https://owasp.org/Top10/assets/javascripts/bundle.51198bba.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.30.255.117 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-192-30-255-117-sea.github.com

Software

GitHub.com /

Resource Hash

1bb39925d1e3cd0612931e259b231623fba0523b311ce4d27fee0267db0e0f1a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 02 Jul 2023 08:41:30 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'
content-encoding: gzip
x-ratelimit-used: 2
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
content-length: 1453
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Sat, 01 Jul 2023 13:38:14 GMT
server: GitHub.com
x-github-request-id: C898:3C3A:7BE053D:7F97CAC:64A1383A
etag: W/"ce89635cdeb47152baa572d3c078dd2e7019d1ad422f948eab2b04fd8b7ed26a"
vary: Accept, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
cache-control: public, max-age=60, s-maxage=60
x-ratelimit-resource: core
x-ratelimit-reset: 1688290890
x-ratelimit-limit: 60
accept-ranges: bytes
x-ratelimit-remaining: 58

GET
DATA 200
OK truncated
/ 548 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 472961eb52640bc49059deac8d64214489f3bdc19177d645661427e5a3912ca1

Request headers

Referer
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 432 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba42348c56564f99673afa7bb2187f203d69759153a807bc2530efa90c8fbff8

Request headers

Referer
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.github.com/repos/OWASP/Top10/releases/latest Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.github.com
fonts.googleapis.com
fonts.gstatic.com
owasp.org
192.30.255.117
2606:4700:10::6816:1a4d
2a00:1450:4001:808::2003
2a00:1450:4001:828::200a
09484432f7b44413d8ad72c82fa87dfd3b29cfa09a5ff14876cf1a231473fc1d
0dc560a51a4414c2f14eb6d5c9b3f681b1debe37232bfb9cd75073acf77ffcda
1bb39925d1e3cd0612931e259b231623fba0523b311ce4d27fee0267db0e0f1a
2fd10e901a68eee4734c03b779e03e388f60723cab87397cdf44199b1e003099
472961eb52640bc49059deac8d64214489f3bdc19177d645661427e5a3912ca1
586bd900e06fe89cdb1494835e97de46dc42a098ac7100d1d6c1097622e437cc
740a4cfa9ea983f861cdeb7c2aabd1fe56cbcd19a1a9e3ff690e51b1401a896e
ba42348c56564f99673afa7bb2187f203d69759153a807bc2530efa90c8fbff8
c909e8b26f51414f91116617b6172372c38e47d284961771fbbd377fd7fa52b0
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
ded332077fbb768f29149148725c7cedaa836c6617eb3884063e5c974b7fe7e3
f39f934bc7f7b1b4dfa532f4b38dac960a3a7ad6bb9789a412f03bdcb4abd9f5
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

owasp.org Open in urlscan Pro 2606:4700:10::6816:1a4d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

206 kBTransfer

413 kBSize

0 Cookies

40 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

owasp.org Open in urlscan Pro
2606:4700:10::6816:1a4d Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

206 kB
Transfer

413 kB
Size

0
Cookies

13 HTTP transactions
2 data transactions