urlscan.io logo urlscan.io
SecurityTrails logo

account.protonvpn.com Open in urlscan Pro
185.159.159.143  Public Scan

Go To Rescan Add Verdict Report
URL: https://account.protonvpn.com/favicon.ico
Submission: On February 12 via api from LU — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 185.159.159.143, located in Switzerland and belongs to PROTONVPN, CH. The main domain is account.protonvpn.com. The Cisco Umbrella rank of the primary domain is 396178.
TLS certificate: Issued by R3 on February 1st 2024. Valid for: 3 months.
This is the only time account.protonvpn.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 185.159.159.143 209103 (PROTONVPN)
2 185.159.159.145 209103 (PROTONVPN)
19 3
Apex Domain
Subdomains		 Transfer
19 protonvpn.com
account.protonvpn.com — Cisco Umbrella Rank: 396178
account-api.protonvpn.com
2 MB
19 1
Domain Requested by
17 account.protonvpn.com account.protonvpn.com
2 account-api.protonvpn.com account.protonvpn.com
19 2

This site contains links to these domains. Also see Links.

Domain
protonvpn.com
proton.me
Subject Issuer Validity Valid
protonmail.com
R3		 2024-02-01 -
2024-05-01		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://account.protonvpn.com/favicon.ico
Frame ID: E09E6AA81DB6A4A8000F63C26C73E6F5
Requests: 18 HTTP requests in this frame

Frame: https://account-api.protonvpn.com/challenge/v4/html?Type=0&Name=unauth
Frame ID: 38EDA29548ACB25686F40D46B8E4D1ED
Requests: 1 HTTP requests in this frame

Frame: https://account-api.protonvpn.com/challenge/v4/html?Type=0&Name=login
Frame ID: 1C1BB54D5679209FFAF0A62D5874EDB7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Proton VPN: Sign-inProtonProton MailProton CalendarProton DriveProton VPNProton Pass

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

1634 kB
Transfer

5390 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request favicon.ico
account.protonvpn.com/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
168a52084bdcf40f4d6506e4e8e544ba66ad273d917162cde480ab3ed960972a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://account.protonvpn.com/favicon.ico

Response headers

accept-ranges
bytes
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
1776
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
content-type
text/html; charset=UTF-8
date
Mon, 12 Feb 2024 05:44:22 GMT
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
expires
Wed, 11 Jan 1984 05:00:00 GMT
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
pragma
no-cache
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
deny
x-permitted-cross-domain-policies
none
x-xss-protection
0
index.d4cea759.css
account.protonvpn.com/assets/ 		292 KB
45 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/index.d4cea759.css?v=5.0.74.3
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
81ee4b1c8bd19a1745b506b8df368bd0546b78ff63342e98eb8544fc78614373
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
45284
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
etag
"48f67-610daeb3073c0-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
text/css
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
runtime.9ac656d6.js
account.protonvpn.com/assets/ 		25 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/runtime.9ac656d6.js?v=5.0.74.3
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
398ff5df239910cf36ba5876c1ebfbc2d1152b3f5c40b711073475e39fe1d24c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13054
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
etag
"6302-610daeb3073c0-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
pre.231c15c1.js
account.protonvpn.com/assets/ 		836 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/pre.231c15c1.js?v=5.0.74.3
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
1ccc1572105a0bb77d7101a36b0d3edfa057a5fd338e46f086d1e6f86c442923
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
480
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
etag
"344-610daeb3073c0-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
index.af83ab26.js
account.protonvpn.com/assets/ 		3 MB
769 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/index.af83ab26.js?v=5.0.74.3
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
bedd52bef4c0f3542bb349a8a60b06f819870ef025c65962a556e771054622a2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
etag
"3489a6-610daeb3073c0-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
unsupported.c79529a5.js
account.protonvpn.com/assets/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/unsupported.c79529a5.js?v=5.0.74.3
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
a5b6eedce666ad4c70e458ff19dc4b22fab121c0d9e205865b4c1ca0c7a907c7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3368
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
etag
"1f96-610daeb3073c0-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cfdbcf80c99a2666e810de78f93932251c3a30ddec9bec29d5087bd7047af31

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

Content-Type
image/svg+xml
InterVariable.a0e477f2f1f9d2376fde.woff2
account.protonvpn.com/assets/ 		337 KB
339 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/InterVariable.a0e477f2f1f9d2376fde.woff2?v=5.0.74.3
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.d4cea759.css?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
8af7bd5b545567adffb3dfceb5bedb353a522d7bf1b3a2b8af7b6064156babc0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:22 GMT
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
content-length
345588
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
etag
"545f4-610daeb3073c0"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
x-frame-options
deny
content-type
font/woff2
access-control-allow-origin
https://account.protonvpn.com
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
en-US.c932e5db.chunk.js
account.protonvpn.com/assets/date-fns/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/date-fns/en-US.c932e5db.chunk.js?v=5.0.74.3
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/runtime.9ac656d6.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
fc4b390ded9415e6ca1570e549416802038da5c3fc9a2109acc739018373ae81
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/favicon.ico
Origin
https://account.protonvpn.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2647
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
etag
"2358-610daeb3073c0-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
crypto-worker.53a34d0f.chunk.js
account.protonvpn.com/assets/ 		556 KB
178 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/crypto-worker.53a34d0f.chunk.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
f37608641b2866412580533d584f5ffb4483ff73ba7d1da58307bf8e6a6e7395
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
etag
"8b1e4-610daeb3073c0-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
crypto-worker.53a34d0f.chunk.js
account.protonvpn.com/assets/ 		556 KB
178 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/assets/crypto-worker.53a34d0f.chunk.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
f37608641b2866412580533d584f5ffb4483ff73ba7d1da58307bf8e6a6e7395
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
etag
"8b1e4-610daeb3073c0-gzip"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/javascript
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
accept-ranges
bytes
html
account-api.protonvpn.com/challenge/v4/ Frame 38ED 		115 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account-api.protonvpn.com/challenge/v4/html?Type=0&Name=unauth
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.af83ab26.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.145 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
6432fb34a01e856d78902c3f359fd8966e791ed564ad7434884d67b57b437c6b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZcmwNlwtngHqEI7P1GbN6gAAAFg' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; font-src 'self' https://account.protonvpn.com data:; img-src http: https: data: blob: cid:; frame-src https:; connect-src https: wss:; media-src https:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://account.protonvpn.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://account.protonvpn.com/favicon.ico

Response headers

access
application/vnd.protonmail.api+json;apiversion=4
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
content-encoding
gzip
content-length
43318
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZcmwNlwtngHqEI7P1GbN6gAAAFg' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; font-src 'self' https://account.protonvpn.com data:; img-src http: https: data: blob: cid:; frame-src https:; connect-src https: wss:; media-src https:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://account.protonvpn.com;
content-type
text/html; charset=UTF-8
date
Mon, 12 Feb 2024 05:44:22 GMT
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
expires
Fri, 04 May 1984 22:15:00 GMT
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
0
sessions
account.protonvpn.com/api/auth/v4/ 		198 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/auth/v4/sessions
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.af83ab26.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
f1449c279dc78be3914092385d2f6b9ca850887ced8057c76247a3341ba3a95d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept
application/vnd.protonmail.v1+json
x-enforce-unauthsession
true
Referer
https://account.protonvpn.com/favicon.ico
accept-language
de-CH,de;q=0.9
x-pm-appversion
web-vpn-settings@5.0.74.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=4
content-length
184
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
access-control-allow-origin
https://account.protonvpn.com
access-control-expose-headers
Date, Retry-After
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
access-control-allow-credentials
true
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
expires
Fri, 04 May 1984 22:15:00 GMT
cookies
account.protonvpn.com/api/core/v4/auth/ 		85 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/core/v4/auth/cookies
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.af83ab26.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
da6362ab5c5324f0f25b7184d4b6aea6af4d5072c93914fb82f0b0eb050a4742
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Authorization
Bearer ygntdjosbnr63d7gv3rggqnt6xwkg727
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
x-pm-uid
a35bij3cpinijpoac7doswroxswby3ag
Content-Type
application/json
accept
application/vnd.protonmail.v1+json
Referer
https://account.protonvpn.com/favicon.ico
x-pm-appversion
web-vpn-settings@5.0.74.3

Response headers

date
Mon, 12 Feb 2024 05:44:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=4
content-length
101
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
access-control-allow-origin
https://account.protonvpn.com
access-control-expose-headers
Date, Retry-After
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
access-control-allow-credentials
true
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
expires
Fri, 04 May 1984 22:15:00 GMT
payload
account.protonvpn.com/api/auth/v4/sessions/ 		13 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/auth/v4/sessions/payload
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.af83ab26.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
4733b85883a9b044b5dc137df5011f7b68e852fa9381fe60d05aed26e45b1b9c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept
application/vnd.protonmail.v1+json
Referer
https://account.protonvpn.com/favicon.ico
accept-language
de-CH,de;q=0.9
x-pm-appversion
web-vpn-settings@5.0.74.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
x-pm-uid
a35bij3cpinijpoac7doswroxswby3ag
Content-Type
application/json

Response headers

date
Mon, 12 Feb 2024 05:44:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=4
content-length
33
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
access-control-allow-origin
https://account.protonvpn.com
access-control-expose-headers
Date, Retry-After
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
access-control-allow-credentials
true
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
expires
Fri, 04 May 1984 22:15:00 GMT
html
account-api.protonvpn.com/challenge/v4/ Frame 1C1B 		117 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account-api.protonvpn.com/challenge/v4/html?Type=0&Name=login
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.af83ab26.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.145 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
6c3aaf10b313b5b4dae1f8de818cf32734d13b1fa72334ef7a035efe44b73ed5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZcmwN1wtngHqEI7P1GbN7QAAAFs' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; font-src 'self' https://account.protonvpn.com data:; img-src http: https: data: blob: cid:; frame-src https:; connect-src https: wss:; media-src https:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://account.protonvpn.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://account.protonvpn.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://account.protonvpn.com/favicon.ico

Response headers

access
application/vnd.protonmail.api+json;apiversion=4
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
content-encoding
gzip
content-length
43896
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZcmwN1wtngHqEI7P1GbN7QAAAFs' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline'; font-src 'self' https://account.protonvpn.com data:; img-src http: https: data: blob: cid:; frame-src https:; connect-src https: wss:; media-src https:; report-uri https://reports.proton.me/reports/csp; frame-ancestors https://account.protonvpn.com;
content-type
text/html; charset=UTF-8
date
Mon, 12 Feb 2024 05:44:23 GMT
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
expires
Fri, 04 May 1984 22:15:00 GMT
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
0
host.png
account.protonvpn.com/assets/ 		42 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.protonvpn.com/assets/host.png
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.d4cea759.css?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:23 GMT
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
referrer-policy
strict-origin-when-cross-origin
x-permitted-cross-domain-policies
none
etag
"2a-610daeb3073c0"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
x-frame-options
deny
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
content-type
image/png
accept-ranges
bytes
content-length
42
x-xss-protection
0
%68%6f%73%74.%70%6e%67
account.protonvpn.com/%61%73%73%65%74%73/ 		42 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.protonvpn.com/%61%73%73%65%74%73/%68%6f%73%74.%70%6e%67
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.d4cea759.css?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://account.protonvpn.com/favicon.ico
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36

Response headers

date
Mon, 12 Feb 2024 05:44:23 GMT
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Thu, 08 Feb 2024 08:51:35 GMT
referrer-policy
strict-origin-when-cross-origin
x-permitted-cross-domain-policies
none
etag
"2a-610daeb3073c0"
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
x-frame-options
deny
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
content-type
image/png
accept-ranges
bytes
content-length
42
x-xss-protection
0
available
account.protonvpn.com/api/domains/ 		54 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/domains/available?Type=login
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.af83ab26.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
3ba9fce180e0a7fe534adb72b6fc0240bbf47de8eebc5daaf4b66eeca712a434
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept
application/vnd.protonmail.v1+json
Referer
https://account.protonvpn.com/favicon.ico
accept-language
de-CH,de;q=0.9
x-pm-appversion
web-vpn-settings@5.0.74.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
x-pm-uid
a35bij3cpinijpoac7doswroxswby3ag

Response headers

date
Mon, 12 Feb 2024 05:44:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=3
content-length
67
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
expires
Fri, 04 May 1984 22:15:00 GMT
frontend
account.protonvpn.com/api/feature/v2/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://account.protonvpn.com/api/feature/v2/frontend?sessionId=31447613&appName=-&environment=default
Requested by
Host: account.protonvpn.com
URL: https://account.protonvpn.com/assets/index.af83ab26.js?v=5.0.74.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.159.159.143 , Switzerland, ASN209103 (PROTONVPN, CH),
Reverse DNS
Software
/
Resource Hash
30379ba80b79e134199159e6d4a69adcc153550cb51865de091ebef4310fa02a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Authorization
-
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.9 Safari/537.36
x-pm-uid
a35bij3cpinijpoac7doswroxswby3ag
Content-Type
application/json
accept
application/vnd.protonmail.v1+json, application/json
Referer
https://account.protonvpn.com/favicon.ico
x-pm-appversion
web-vpn-settings@5.0.74.3

Response headers

date
Mon, 12 Feb 2024 05:44:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains; preload
access
application/vnd.protonmail.api+json;apiversion=2
content-length
361
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=2592000, enforce, report-uri="https://reports.proton.me/reports/tls"
vary
Accept-Encoding
x-frame-options
deny
content-type
application/json
public-key-pins-report-only
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.proton.me/reports/tls"
cache-control
max-age=0, must-revalidate, no-cache, no-store, private
expires
Fri, 04 May 1984 22:15:00 GMT

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| webpackChunkproton_vpn_settings object| SENTRY_RELEASE function| clearImmediate function| setImmediate number| protonSupportedBrowser object| __SENTRY__

6 Cookies

Domain/Path Name / Value
account.protonvpn.com/api/auth/refresh Name: REFRESH-a35bij3cpinijpoac7doswroxswby3ag
Value: %7B%22ResponseType%22%3A%22token%22%2C%22ClientID%22%3A%22WebVPNSettings%22%2C%22GrantType%22%3A%22refresh_token%22%2C%22RefreshToken%22%3A%22zrz62rwy3ddajmn243cjrsdnbiir6fpw%22%2C%22UID%22%3A%22a35bij3cpinijpoac7doswroxswby3ag%22%2C%22RedirectURI%22%3A%22https%3A%5C%2F%5C%2Fmail.proton.me%22%7D
account.protonvpn.com/api/ Name: AUTH-a35bij3cpinijpoac7doswroxswby3ag
Value: t3tczymvqjjldtunxgbufcz5cjeq4b7p
.protonvpn.com/ Name: Session-Id
Value: ZcmwNkZYxeeW8r-E2Os2wAAAANo
account.protonvpn.com/ Name: Tag
Value: default
account.protonvpn.com/ Name: Domain
Value: protonvpn.com
account-api.protonvpn.com/ Name: Tag
Value: vpn-a

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; connect-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: 'sha256-sr6QFXaAzaED/ceWMZXHe1Pyp61/PvOF8Qe1icp5vDQ='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://account-api.protonvpn.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 0