urlscan.io logo urlscan.io
SecurityTrails logo

hello.friday.de Open in urlscan Pro
13.32.99.105  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hello.friday.de/
Effective URL: https://hello.friday.de/
Submission: On December 12 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 4 domains to perform 42 HTTP transactions. The main IP is 13.32.99.105, located in United States and belongs to AMAZON-02, US. The main domain is hello.friday.de.
TLS certificate: Issued by Amazon RSA 2048 M02 on November 10th 2022. Valid for: a year.
This is the only time hello.friday.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 10 13.32.99.105 16509 (AMAZON-02)
1 52.49.94.7 16509 (AMAZON-02)
16 2600:1901:0:5... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
6 2600:1901:0:c... 15169 (GOOGLE)
2 2600:1901:0:7... 15169 (GOOGLE)
2 2600:1901:0:6... 15169 (GOOGLE)
1 34.95.108.180 396982 (GOOGLE-CL...)
1 2a04:4e42:8e:... 54113 (FASTLY)
42 10
10    13.32.99.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-105.fra60.r.cloudfront.net
hello.friday.de
1    52.49.94.7 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-94-7.eu-west-1.compute.amazonaws.com
gtm-server.friday.de
16    2600:1901:0:5987:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
app.usercentrics.eu
4    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
6    2600:1901:0:c07c:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
api.usercentrics.eu
2    2600:1901:0:7903:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
graphql.usercentrics.eu
2    2600:1901:0:656b:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
consent-api.service.consent.usercentrics.eu
1    34.95.108.180 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 180.108.95.34.bc.googleusercontent.com
uct.service.usercentrics.eu
1    2a04:4e42:8e::720 (United States)

ASN54113 (FASTLY, US)
images.prismic.io
Apex Domain
Subdomains		 Transfer
27 usercentrics.eu
app.usercentrics.eu — Cisco Umbrella Rank: 15373
api.usercentrics.eu — Cisco Umbrella Rank: 15783
graphql.usercentrics.eu — Cisco Umbrella Rank: 19039
consent-api.service.consent.usercentrics.eu — Cisco Umbrella Rank: 26838
uct.service.usercentrics.eu — Cisco Umbrella Rank: 24924
198 KB
11 friday.de
hello.friday.de
gtm-server.friday.de
3 MB
4 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 371
185 KB
1 prismic.io
images.prismic.io — Cisco Umbrella Rank: 13269
6 KB
42 4
Domain Requested by
16 app.usercentrics.eu hello.friday.de
app.usercentrics.eu
10 hello.friday.de 1 redirects hello.friday.de
6 api.usercentrics.eu hello.friday.de
4 maps.googleapis.com hello.friday.de
maps.googleapis.com
2 consent-api.service.consent.usercentrics.eu hello.friday.de
2 graphql.usercentrics.eu hello.friday.de
1 images.prismic.io
1 uct.service.usercentrics.eu
1 gtm-server.friday.de hello.friday.de
42 9

This site contains links to these domains. Also see Links.

Domain
friday.de
Subject Issuer Validity Valid
*.friday.de
Amazon RSA 2048 M02		 2022-11-10 -
2023-12-09		 a year crt.sh
*.friday-prod.de
Amazon		 2022-02-16 -
2023-03-17		 a year crt.sh
app.usercentrics.eu
GTS CA 1D4		 2022-10-16 -
2023-01-14		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-07 -
2023-01-30		 3 months crt.sh
api.usercentrics.eu
GTS CA 1D4		 2022-12-12 -
2023-03-12		 3 months crt.sh
graphql.usercentrics.eu
GTS CA 1D4		 2022-10-17 -
2023-01-15		 3 months crt.sh
consent-api.service.consent.usercentrics.eu
GTS CA 1D4		 2022-12-01 -
2023-03-01		 3 months crt.sh
uct.service.usercentrics.eu
GTS CA 1D4		 2022-12-03 -
2023-03-03		 3 months crt.sh
images.prismic.io
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-06-06 -
2023-07-08		 a year crt.sh

This page contains 2 frames:

Primary Page: https://hello.friday.de/
Frame ID: C417E012496071C3D9C09F188DA2F5E4
Requests: 37 HTTP requests in this frame

Frame: https://app.usercentrics.eu/browser-sdk/4.19.0/cross-domain-bridge.html
Frame ID: 40E448AFE1AC4C409BE98CCC8415DFB7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

FRIDAY Autoversicherung. In nur 90 Sekunden zu deinem Angebot!

Page URL History Show full URLs

  1. http://hello.friday.de/ HTTP 301
    https://hello.friday.de/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js

Page Statistics

42
Requests

100 %
HTTPS

67 %
IPv6

4
Domains

9
Subdomains

10
IPs

3
Countries

3542 kB
Transfer

9991 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hello.friday.de/ HTTP 301
    https://hello.friday.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
hello.friday.de/
Redirect Chain
  • http://hello.friday.de/
  • https://hello.friday.de/
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hello.friday.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
82236d69f8bcb4314c201f3f463d995d06fbffb8f23dd6ab9fb52cb645d9490a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
content-type
text/html
date
Mon, 12 Dec 2022 16:33:44 GMT
etag
W/"638f34b5-6ca"
last-modified
Tue, 06 Dec 2022 12:25:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-id
rcAzqcZUSjWT0rNXK8DHuWwzJzGNW4bLzhZf8nrxUKUpyxdWkP0Imw==
x-amz-cf-pop
FRA60-P3
x-cache
RefreshHit from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Mon, 12 Dec 2022 16:33:44 GMT
Location
https://hello.friday.de/
Server
CloudFront
Via
1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
X-Amz-Cf-Id
M4Qq6vaYDMkSiciGbUp0_PkVxLMce8Pn7DFAFP8wGWzXDIqP5xm1Jg==
X-Amz-Cf-Pop
FRA60-P3
X-Cache
Redirect from cloudfront
salesFunnelbundle.440216.js
hello.friday.de/ 		7 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://hello.friday.de/salesFunnelbundle.440216.js?e5a25b62403872bac018
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
2502f43b8512803dac791b817ed8150ba25016e6aca745e7e502ca22438046c7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy
default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Mon, 12 Dec 2022 16:33:44 GMT
last-modified
Tue, 06 Dec 2022 12:25:25 GMT
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
etag
W/"638f34b5-70df98"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-cache
RefreshHit from cloudfront
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-id
yZtZJ3sP0I_cNjbTpD0JwxkC_VuvZJ9Lw5pQGJvd3lhGt5byccO5bA==
x-xss-protection
0
config.js
hello.friday.de/config/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hello.friday.de/config/config.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
30d683a02f6cf308b058a170a7fbaecd66b54445c666f4030a89daf60c367567
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy
default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Mon, 12 Dec 2022 16:33:44 GMT
last-modified
Tue, 06 Dec 2022 12:34:19 GMT
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
etag
W/"638f36cb-679"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-cache
RefreshHit from cloudfront
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-id
Cvig-hqauqA-RD7zrBhQA5gfUYub-nBRt_ufRVEriYw7kMWuNI65pw==
x-xss-protection
0
promise.min.js
hello.friday.de/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hello.friday.de/promise.min.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
0344d6a6292431917a2b282b2c32b20fb5af43c4f2be2910b3d8d8e47f426f27
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy
default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Mon, 12 Dec 2022 16:33:44 GMT
last-modified
Tue, 06 Dec 2022 12:25:25 GMT
content-encoding
gzip
x-amz-cf-pop
FRA60-P3
etag
W/"638f34b5-a5c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-cache
RefreshHit from cloudfront
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-id
_oHF9uNYQSJ5GN1mDpyXrijr7zwCHCOfuLq0_UBgA-iC_vHzwPKwjQ==
x-xss-protection
0
gtm.js
gtm-server.friday.de/ 		394 KB
394 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gtm-server.friday.de/gtm.js?id=GTM-MRV6J7J
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.94.7 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-94-7.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
3341257973327fd15fc7912a9b92c022122306a25c7ac70826be0cb14fb2c706
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date
Mon, 12 Dec 2022 16:33:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
last-modified
Mon, 12 Dec 2022 15:00:00 GMT
Content-Type
application/javascript; charset=UTF-8
cache-control
private, max-age=900
Connection
keep-alive
Content-Length
403048
expires
Mon, 12 Dec 2022 16:48:11 GMT
loader.js
app.usercentrics.eu/browser-ui/latest/ 		62 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/latest/loader.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/salesFunnelbundle.440216.js?e5a25b62403872bac018
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
903ad5c839c0f1202c762b27af62e387903e6e5946c5b88b2852a0c578d3b1ff
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:09:30 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
1455
x-guploader-uploadid
ADPycdtFGsw4RK_mVvlYBTj63lrrYOsnDKNJwA_wUyH2zubwzLo1xOaqUV-ChfRCezGAFs7W0sbpu5i9HvVqirjXiEvv1w
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21129
last-modified
Thu, 08 Dec 2022 14:43:29 GMT
server
UploadServer
etag
"da9bc911bf1aca4056b1ad82376d89a1"
x-goog-generation
1670510609742976
x-goog-hash
crc32c=a6iLSQ==, md5=2pvJEb8aykBWsa2CN22JoQ==
access-control-allow-origin
*
access-control-expose-headers
Content-Type, Content-Length, Transfer-Encoding
cache-control
public, max-age=3600, no-transform
x-goog-stored-content-length
21129
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 12 Dec 2022 17:09:30 GMT
js
maps.googleapis.com/maps/api/ 		169 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyBU_5g9Tqp4yGEn3duzmlf5NdPT919F0qM&libraries=places
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/salesFunnelbundle.440216.js?e5a25b62403872bac018
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
bba70da1e951234a4011fe85867fd6f098f718679b6f705497d5fafa89467b7a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:33:45 GMT
content-encoding
gzip
server
mafe
vary
Accept-Language
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
server-timing
gfet4t7; dur=16
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56385
x-xss-protection
0
expires
Mon, 12 Dec 2022 17:03:45 GMT
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d68bc54f396861ad589919bb25517802af7ac7e8758d2141f6853926d07c5fd5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type
image/svg+xml
rubik-v7-latin-regular.woff2
hello.friday.de/assets/fonts/ 		22 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hello.friday.de/assets/fonts/rubik-v7-latin-regular.woff2
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/quote/selectPrecondition
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
d09dd002cdf8c4c75e79eae2a6dbc0b7570a49d0fcc38f9ae9184f3f69a8376d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://hello.friday.de/
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy
default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Mon, 12 Dec 2022 16:33:45 GMT
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-cache
RefreshHit from cloudfront
content-length
22332
x-xss-protection
0
last-modified
Tue, 06 Dec 2022 12:25:25 GMT
etag
"638f34b5-573c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff2
accept-ranges
bytes
x-amz-cf-id
EF6T6gcC_woImy3iIvX_quAijG-WeyrPolGwvDTran3UYmNN1XsXWw==
rubik-v7-latin-300.woff2
hello.friday.de/assets/fonts/ 		20 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hello.friday.de/assets/fonts/rubik-v7-latin-300.woff2
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/quote/selectPrecondition
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
c97238c3c1826119a2375a234401dea3631ad1ac29973bdf94bba87f0bcc80dc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://hello.friday.de/
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy
default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Mon, 12 Dec 2022 16:33:45 GMT
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-cache
RefreshHit from cloudfront
content-length
20792
x-xss-protection
0
last-modified
Tue, 06 Dec 2022 12:25:25 GMT
etag
"638f34b5-5138"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff2
accept-ranges
bytes
x-amz-cf-id
PJd0ifJB6wAorJHGxsEfc0uxapqbjxdpJw4ICoTgvrwLIzeitOHJKQ==
autobildSeal_951ed.png
hello.friday.de/assets/images/ 		483 KB
486 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hello.friday.de/assets/images/autobildSeal_951ed.png
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/quote/selectPrecondition
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
1d57267209e3d410e51605017d756787bb0d23ea7c2a0eaab8b492510c65c3bc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/quote/selectPrecondition
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy
default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Mon, 12 Dec 2022 16:33:45 GMT
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
57
x-cache
Hit from cloudfront
content-length
494873
x-xss-protection
0
last-modified
Tue, 06 Dec 2022 12:25:25 GMT
etag
"638f34b5-78d19"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
gvMa8UTtCUxfaEe5bQ60tP2Irn1x_ApoUDaSXlKj7rnQapx68LbKOg==
focus-money_0d419.png
hello.friday.de/assets/images/ 		571 KB
575 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hello.friday.de/assets/images/focus-money_0d419.png
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/quote/selectPrecondition
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
9898e407c518b4017e7317294f5d9991a8d6760ab76cacd279a80c870a202f18
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/quote/selectPrecondition
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy
default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Mon, 12 Dec 2022 16:33:45 GMT
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
57
x-cache
Hit from cloudfront
content-length
585155
x-xss-protection
0
last-modified
Tue, 06 Dec 2022 12:25:25 GMT
etag
"638f34b5-8edc3"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
0UKxyGtBX9trf68R-taDMxLuc3Cp8gNJneTIMCRQG2qWarCnskuLyA==
stiftung-warentest-seal_9f16b.png
hello.friday.de/assets/images/ 		22 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hello.friday.de/assets/images/stiftung-warentest-seal_9f16b.png
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/quote/selectPrecondition
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-105.fra60.r.cloudfront.net
Software
/
Resource Hash
95439d4595cfc44a65e70d544aaec5635dfa66d28c22913e2306c006085d6526
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/quote/selectPrecondition
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy
default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
date
Mon, 12 Dec 2022 16:33:45 GMT
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
56
x-cache
Hit from cloudfront
content-length
22905
x-xss-protection
0
last-modified
Tue, 06 Dec 2022 12:25:25 GMT
etag
"638f34b5-5979"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
p1J1n-e0CyxYWjOO84NPR33VS0VrMLYIF-ipcnnHdAtknp6pBO2XpA==
index.module.js
app.usercentrics.eu/browser-ui/3.13.0/ 		346 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/index.module.js
Requested by
Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/latest/loader.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
1ad1674f9081543f70e29f94fae3c5f9653586f42ecd7cb4b7c601b5afa0669b
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:11 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352054
x-guploader-uploadid
ADPycdsNvnZm6Cy8PUdkZRwcfDDGTq7xvPRCq6YkgVPjqoOJWIuD5w8POSESWgyEbrzLIP00ucJqls2IPAnvJrrWwr30jfKz0XoU
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
102141
last-modified
Thu, 08 Dec 2022 14:43:07 GMT
server
UploadServer
etag
"72033b79853031c9951be252512610bc"
x-goog-generation
1670510587609067
x-goog-hash
crc32c=MqgwcA==, md5=cgM7eYUwMcmVG+JSUSYQvA==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
102141
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:11 GMT
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/salesFunnelbundle.440216.js?e5a25b62403872bac018
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:33:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://hello.friday.de
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23
x-xss-protection
0
languages.json
api.usercentrics.eu/settings/vXRFwEMn3/latest/ 		61 B
100 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.usercentrics.eu/settings/vXRFwEMn3/latest/languages.json
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/salesFunnelbundle.440216.js?e5a25b62403872bac018
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
dc8343dae24291634bf1aec40cb6794f860bc2b1d28f0ab683854cced24619a0
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
content-type
application/json

Response headers

date
Mon, 12 Dec 2022 16:33:46 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
0
x-client-geo-location
DE,DEHE
x-guploader-uploadid
ADPycdvCpChg5BItzFXJDT4CiDmO-glrJMNUnKh30tBt45UlkKT8ESFxzRBOQNds9DnN1FcUOErbXtL5imikVTZ6-gSN0g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67
last-modified
Tue, 06 Dec 2022 13:33:20 GMT
server
UploadServer
etag
"da13a9b5363ff28c20e52e67131f24fd"
vary
Accept-Encoding
x-goog-generation
1668194465611949
x-goog-hash
crc32c=u6slow==, md5=2hOptTY/8owg5S5nEx8k/Q==
access-control-allow-origin
*
access-control-expose-headers
*, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=1800, s-maxage=10
x-goog-stored-content-length
67
accept-ranges
bytes
content-type
application/json
expires
Mon, 12 Dec 2022 16:33:56 GMT
languages.json
api.usercentrics.eu/settings/vXRFwEMn3/latest/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usercentrics.eu/settings/vXRFwEMn3/latest/languages.json
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://hello.friday.de
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-origin
*
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Mon, 12 Dec 2022 16:33:46 GMT
expires
Mon, 12 Dec 2022 16:33:46 GMT
server
UploadServer
strict-transport-security
max-age=7776000
x-client-geo-location
DE,DEHE
x-guploader-uploadid
ADPycdsGuZbIp6ulyA29gdnXPrLqiFnVRpTr5OtNk8x5Wf72pJQwNeeAgcvew2FWWZeIL6TX_WV_jJJQVvglGDQiI3_Is-rajgfc
de.json
api.usercentrics.eu/settings/vXRFwEMn3/latest/ 		43 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.usercentrics.eu/settings/vXRFwEMn3/latest/de.json
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/salesFunnelbundle.440216.js?e5a25b62403872bac018
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
a4c55e16579c0d9be4117094b58089d7af0f7379fc86ed677f2e85c31e5eee51
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
content-type
application/json

Response headers

date
Mon, 12 Dec 2022 16:33:46 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
0
x-client-geo-location
DE,DEHE
x-guploader-uploadid
ADPycdvYS782eoSfcqtepdvsF9YfqSMx_aPFfSTmvhDo5XGxUbt98w0vduXAkfywjrg20_okPYxhHLlqhSDH6y0W4J2qTg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13003
last-modified
Tue, 06 Dec 2022 13:33:20 GMT
server
UploadServer
etag
"1d53db9169ae5dc7ade57531251ce429"
vary
Accept-Encoding
x-goog-generation
1670333600503926
x-goog-hash
crc32c=X+1u9w==, md5=HVPbkWmuXcet5XUxJRzkKQ==
access-control-allow-origin
*
access-control-expose-headers
*, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=1800, s-maxage=10
x-goog-stored-content-length
13003
accept-ranges
bytes
content-type
application/json
expires
Mon, 12 Dec 2022 16:33:56 GMT
de.json
api.usercentrics.eu/settings/vXRFwEMn3/latest/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usercentrics.eu/settings/vXRFwEMn3/latest/de.json
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://hello.friday.de
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-origin
*
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Mon, 12 Dec 2022 16:33:46 GMT
expires
Mon, 12 Dec 2022 16:33:46 GMT
server
UploadServer
strict-transport-security
max-age=7776000
x-client-geo-location
DE,DEHE
x-guploader-uploadid
ADPycdum0aJHXmzLEBhNbrYL547bl72KpL2xliPzJzp3uoJC-5C94N3yOq_3rAVFWr8cvCnw1mDrpx3V4j3fjsE93oq-gQ
cross-domain-bridge.html
app.usercentrics.eu/browser-sdk/4.19.0/ Frame 40E4 		5 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-sdk/4.19.0/cross-domain-bridge.html
Requested by
Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.13.0/index.module.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
8563f915516318c564b1a4b4d4005778294178cfac736d0ed7dd5afa86d4cd50
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
Content-Type Content-Length Transfer-Encoding
age
352150
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=2592000, no-transform
content-encoding
gzip
content-length
1123
content-type
text/html
date
Thu, 08 Dec 2022 14:44:36 GMT
etag
"2977ec05195d0423dfda055af3288b9d"
expires
Sat, 07 Jan 2023 14:44:36 GMT
last-modified
Thu, 08 Dec 2022 14:42:47 GMT
server
UploadServer
strict-transport-security
max-age=7776000
x-goog-generation
1670510567794287
x-goog-hash
crc32c=bXcD0Q== md5=KXfsBRldBCPf2gVa8yiLnQ==
x-goog-metageneration
2
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
gzip
x-goog-stored-content-length
1123
x-guploader-uploadid
ADPycdvxM8_x16TW2aFgQEzffYE4lGs-p99xNCv-cEgqa3cU3X1LKvikmeXsE2BPVWSaqb1WWCGIVZ4D5M198XI4icwfIriB1IzJ
1px.png
app.usercentrics.eu/session/ 		489 B
551 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.usercentrics.eu/session/1px.png?settingsId=vXRFwEMn3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:13:35 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
1211
x-guploader-uploadid
ADPycdts7QwkU8N1BN_zvhBDEWSRd16nMdo88wmuaBhKK-aDSVb5Ku-Dge9XlLg1LVHLEc0KIO9Naasybn8ueLGkjTxJxXf3oZN_
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
522
last-modified
Fri, 08 May 2020 09:06:13 GMT
server
UploadServer
etag
"3702ada73b8951017b8451cbd6a96523"
x-goog-generation
1588928773413784
x-goog-hash
crc32c=pFwm0Q==, md5=NwKtpzuJUQF7hFHL1qllIw==
content-type
image/png
cache-control
public,max-age=1800,no-transform
x-goog-stored-content-length
522
accept-ranges
bytes
expires
Mon, 12 Dec 2022 16:43:35 GMT
DefaultData-4deaa1fc-d87e6a3b.js
app.usercentrics.eu/browser-ui/3.13.0/ 		2 KB
1000 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/DefaultData-4deaa1fc-d87e6a3b.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
70fdf46ec720c9235e60fe600dd444bd55a7422894d37763364fe4cde32d0d14
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:13 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352053
x-guploader-uploadid
ADPycdswLlFAwEW7xlSDndAqQ5BIqxgCSz2tEsiXZQnQs7696izsLlgZFo5a0pjwIURh0MEcyGgUL82hmin5-VrQFI68rEDlVB47
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
969
last-modified
Thu, 08 Dec 2022 14:42:57 GMT
server
UploadServer
etag
"2eb1f60f0a7c28ab462e71cbea3722ba"
x-goog-generation
1670510577824386
x-goog-hash
crc32c=zaDu2g==, md5=LrH2Dwp8KKtGLnHL6jciug==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
969
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:13 GMT
translations-de.json
api.usercentrics.eu/translations/ 		7 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.usercentrics.eu/translations/translations-de.json
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/salesFunnelbundle.440216.js?e5a25b62403872bac018
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
28d967ee9f4817230c9e4684f4e7831848e20ff45afb7432d57c25f7a32cf1aa
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
content-type
application/json

Response headers

date
Mon, 12 Dec 2022 10:11:43 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
22923
x-client-geo-location
DE,DEHE
x-guploader-uploadid
ADPycdurrJ63aNu54UgynbvKxvwSwdtWG4NqNuHb3S1psXr7ZpRqAySICsw6YSf4lDe-Loxf3b37lbVR-YTv3qW12gCq1PvVKC37
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2617
last-modified
Mon, 21 Nov 2022 10:38:06 GMT
server
UploadServer
etag
"1e6c18ba1562fb68d61f476e99b573d0"
vary
Accept-Encoding
x-goog-generation
1669027086147410
x-goog-hash
crc32c=En4/eg==, md5=HmwYuhVi+2jWH0dumbVz0A==
access-control-allow-origin
*
access-control-expose-headers
*, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400, s-maxage=86400
x-goog-stored-content-length
2617
accept-ranges
bytes
content-type
application/json
expires
Tue, 13 Dec 2022 10:11:43 GMT
translations-de.json
api.usercentrics.eu/translations/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.usercentrics.eu/translations/translations-de.json
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://hello.friday.de
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-origin
*
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Mon, 12 Dec 2022 16:33:46 GMT
expires
Mon, 12 Dec 2022 16:33:46 GMT
server
UploadServer
strict-transport-security
max-age=7776000
x-client-geo-location
DE,DEHE
x-guploader-uploadid
ADPycdvZxr1QnQQIoh8Sjqha4nK_A-Ty-LJqsSZYVlpy1m5zbgPLiKH4XNu-3EjCU1nebnPbXMtFDlEO9jlknxJStH_D2g
DefaultUI-24d47f15-dbab331c.js
app.usercentrics.eu/browser-ui/3.13.0/ 		2 KB
788 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/DefaultUI-24d47f15-dbab331c.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
2ad164580c0e9292854fc25a482abfa5bc8f16fe6c66a38ce196aef1a567e471
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:13 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352053
x-guploader-uploadid
ADPycdv9aScAGgZN2M5D2Fxg5atqk8vOuppkT7T0OZH0H1RJ_Pis8HXZXpyjwbccSSwhvzYOkJ43cmMlqZ7jXx5WXNp1wRvd5GSh
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
757
last-modified
Thu, 08 Dec 2022 14:42:58 GMT
server
UploadServer
etag
"3cc4028a53b778e688b695e43756424f"
x-goog-generation
1670510578744977
x-goog-hash
crc32c=e0wqdQ==, md5=PMQCilO3eOaItpXkN1ZCTw==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
757
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:13 GMT
FirstLayerCustomization-0b1fa250-19564d24.js
app.usercentrics.eu/browser-ui/3.13.0/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/FirstLayerCustomization-0b1fa250-19564d24.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e9007130e03ed730801cea9e8f70175288cb441c97e84b94e34f50d3c542a562
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://app.usercentrics.eu/browser-ui/3.13.0/DefaultUI-24d47f15-dbab331c.js
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:13 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352053
x-guploader-uploadid
ADPycdvfIKTx6ik-5RAP2_gkgdJ-PtBNJAXPGxGD1JKrjSgmgSFf0LXlOOsu0uSLU1muc2BCrPJbDDXbKTzUYw3T3qUBPZuo5PZr
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1065
last-modified
Thu, 08 Dec 2022 14:42:58 GMT
server
UploadServer
etag
"380896fc6a6bfa8ade113b827088c2c6"
x-goog-generation
1670510578949428
x-goog-hash
crc32c=S8xKZw==, md5=OAiW/Gpr+oreETuCcIjCxg==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
1065
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:13 GMT
ButtonsCustomization-03458b05-fcc0cf7e.js
app.usercentrics.eu/browser-ui/3.13.0/ 		473 B
266 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/ButtonsCustomization-03458b05-fcc0cf7e.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e1e2838d72c3c267345fa419ecba66f968fefc1f0928a8dc3da1d6df5078278c
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://app.usercentrics.eu/browser-ui/3.13.0/DefaultUI-24d47f15-dbab331c.js
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:13 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352053
x-guploader-uploadid
ADPycdvtEmpsCGjT6lmf0iyzYfQM41tFd84X6yU0ZjVd61i6jMGrblCqx7afBDto1B1gMp0OLo1miB57re2wNTr0UuHaUTc1Xih3
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
235
last-modified
Thu, 08 Dec 2022 14:42:57 GMT
server
UploadServer
etag
"da1e8fe5cee3593c24535a301fb32ae0"
x-goog-generation
1670510577174589
x-goog-hash
crc32c=V4FkVA==, md5=2h6P5c7jWTwkU1owH7Mq4A==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
235
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:13 GMT
SecondLayerUI-1353e4dc-b50acf35.js
app.usercentrics.eu/browser-ui/3.13.0/ 		567 B
348 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/SecondLayerUI-1353e4dc-b50acf35.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
112f05d9a926b4846f9325f21f6851a8fd3baecafb76be4e0a49265a3cf91da1
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://app.usercentrics.eu/browser-ui/3.13.0/DefaultUI-24d47f15-dbab331c.js
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:13 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352053
x-guploader-uploadid
ADPycdsVYH3ttkQB75noMxihlUjSPyWBD48fMBqPit8_A6OFAKFXfxT-U3pC8xm86s-sXNr7I6oqmXH-9xDNgMSuFPFwUIMespS7
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
317
last-modified
Thu, 08 Dec 2022 14:43:00 GMT
server
UploadServer
etag
"d161d2e0ff26a0677df7cac26397cd29"
x-goog-generation
1670510580150132
x-goog-hash
crc32c=xZTBiQ==, md5=0WHS4P8moGd998rCY5fNKQ==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
317
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:13 GMT
Taglogger-bb0af295-1ccff441.js
app.usercentrics.eu/browser-ui/3.13.0/ 		1 KB
650 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/Taglogger-bb0af295-1ccff441.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
43023061a506aa31987f6a256e4b42561c2fba643dcbba8e17124cb070d0a4da
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:13 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352053
x-guploader-uploadid
ADPycdvSpPHWzkN17hwo2FXhXf0ffbyjJR8-z12fuaRyFRIoiLyldrH08m1fdU4puFdPO_Dy4VMkKuQzFEUbUSWkvHXIoA
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
617
last-modified
Thu, 08 Dec 2022 14:43:00 GMT
server
UploadServer
etag
"f469fb54f541e81c1e27398608696ed8"
x-goog-generation
1670510580943645
x-goog-hash
crc32c=nk5Shw==, md5=9Gn7VPVB6BweJzmGCGlu2A==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
617
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:13 GMT
graphql
graphql.usercentrics.eu/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://graphql.usercentrics.eu/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:7903:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
access-control-allow-origin,content-type,x-request-id
Access-Control-Request-Method
POST
Origin
https://hello.friday.de
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers
access-control-allow-origin,content-type,x-request-id
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 12 Dec 2022 16:33:46 GMT
vary
Access-Control-Request-Headers
via
1.1 google
x-powered-by
Express
1
consent-api.service.consent.usercentrics.eu/consent/uw/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://consent-api.service.consent.usercentrics.eu/consent/uw/1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:656b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
access-control-allow-origin,content-type,x-request-id
Access-Control-Request-Method
POST
Origin
https://hello.friday.de
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-headers
access-control-allow-origin,content-type,x-request-id
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Mon, 12 Dec 2022 16:33:46 GMT
server
Google Frontend
vary
Origin, Access-Control-Request-Headers
via
1.1 google
x-cloud-trace-context
f71a2b09317b717e60dd86d2b55652b5
graphql
graphql.usercentrics.eu/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://graphql.usercentrics.eu/graphql
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/salesFunnelbundle.440216.js?e5a25b62403872bac018
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:7903:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/ Express
Resource Hash
e545e81aa2906f74262acd9640d2376518a822ebaab25ec5ca6dba18b95f0f4b

Request headers

Access-Control-Allow-Origin
*
Accept
application/json
Referer
https://hello.friday.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
X-Request-ID
29b036bc-9539-417b-88fa-45c83fb2517b
content-type
application/json

Response headers

date
Mon, 12 Dec 2022 16:33:46 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
Express
etag
W/"80e-118JVhoTDY6Xgch396wcI0bAXCQ"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
1
consent-api.service.consent.usercentrics.eu/consent/uw/ 		0
14 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://consent-api.service.consent.usercentrics.eu/consent/uw/1
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/salesFunnelbundle.440216.js?e5a25b62403872bac018
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:656b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Allow-Origin
*
Accept
application/json
Referer
https://hello.friday.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
X-Request-ID
4aea49a3-20ab-4013-80a0-89b92ccf807e
content-type
application/json

Response headers

date
Mon, 12 Dec 2022 16:33:46 GMT
via
1.1 google
server
Google Frontend
vary
Origin
content-type
text/html
access-control-allow-origin
*
x-cloud-trace-context
b503d709d0ffdb88731367521af3e839
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
PrivacyButton-dd027d0f.js
app.usercentrics.eu/browser-ui/3.13.0/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/PrivacyButton-dd027d0f.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
f3d541bb8ac4f2634c8bc045e37ade096d7b03e2f67c54fe7f8bb81a8d7d4dc9
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:14 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352052
x-guploader-uploadid
ADPycduuRxd4T0mpI4_8EoIeIepzWD_uK6hFe9tcWKvb9pvAW9AwweJut-cDUIguU51-pl_-6L7VO9lwXsICyhgZW4rwcmM9FUyh
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2449
last-modified
Thu, 08 Dec 2022 14:42:59 GMT
server
UploadServer
etag
"c3134e5748a5fff510ad76ea6c4d3fe0"
x-goog-generation
1670510579160342
x-goog-hash
crc32c=eepWag==, md5=wxNOV0il//UQrXbqbE0/4A==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
2449
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:14 GMT
index-fa6213d0.js
app.usercentrics.eu/browser-ui/3.13.0/ 		2 KB
848 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/index-fa6213d0.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
66cd29ef29866c5792a98210ab052fa47865d90c7ffc602ed5fc24bb4a7e8527
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:14 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352052
x-guploader-uploadid
ADPycds7Q2bpIor1nn8I59XgAYQsxbU5B5A5lSQcl2pWGivp2k1JC_SkoLHMBovuvar-7RKJsV9G-mhj4pKFAsi5vw7iD8ZUW3Lg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
809
last-modified
Thu, 08 Dec 2022 14:43:05 GMT
server
UploadServer
etag
"0a75630af83cf00534794a411928077f"
x-goog-generation
1670510585793241
x-goog-hash
crc32c=alY2/A==, md5=CnVjCvg88AU0eUpBGSgHfw==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
809
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:14 GMT
uct
uct.service.usercentrics.eu/ 		35 B
278 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uct.service.usercentrics.eu/uct?v=1&sid=vXRFwEMn3&t=1&abv=&r=https%3A%2F%2Fhello.friday.de%2Fquote%2FselectPrecondition&cb=1670862826395
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.108.180 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
180.108.95.34.bc.googleusercontent.com
Software
Google Frontend / Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:33:46 GMT
via
1.1 google
strict-transport-security
max-age=7776000
server
Google Frontend
x-powered-by
Express
content-type
image/gif
x-cloud-trace-context
54afd4eb2855436fe6f22c1b895cf00e
cache-control
no-store
function-execution-id
a5wlyp4br5bk
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
index-6fdd8801.js
app.usercentrics.eu/browser-ui/3.13.0/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/index-6fdd8801.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ca8e502562eaf908f1c0ec39e776e01963efaa9a31318d162974ef8a4c866e9c
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://hello.friday.de/
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:14 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352052
x-guploader-uploadid
ADPycduJMewLkwgUA92-WTywVQQdnykbI8LvlSCPKswHeSfkBeLlB8lIUphJ71iPEnAG_3qORuxCMCn8PjgF8ziwqnfty_-BykHO
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2042
last-modified
Thu, 08 Dec 2022 14:43:04 GMT
server
UploadServer
etag
"0fecf239a4c8424bbfbfabb81a8f67a8"
x-goog-generation
1670510584779945
x-goog-hash
crc32c=XUAoFw==, md5=D+zyOaTIQku/v6u4Go9nqA==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
2042
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:14 GMT
SaveButton-2fb9c2d7.js
app.usercentrics.eu/browser-ui/3.13.0/ 		1 KB
626 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/SaveButton-2fb9c2d7.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ec805c4c3a12fc1c783d23fd645371d7628ffcfbd43994033fc6db9282ee8d57
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://app.usercentrics.eu/browser-ui/3.13.0/index-6fdd8801.js
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:14 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352052
x-guploader-uploadid
ADPycdtiFjoh2IGPcgeLwN4Hqq-OE_kR6XwijWGld84utH1iMaZJxrD93OM4dimnRrWkLNPivIDm6Efsyr8Q5HCI3zrkaZ8qWFaD
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
587
last-modified
Thu, 08 Dec 2022 14:42:59 GMT
server
UploadServer
etag
"f08e3317e89dff42170da50d3f75c8a1"
x-goog-generation
1670510579559086
x-goog-hash
crc32c=1PK6nw==, md5=8I4zF+id/0IXDaUNP3XIoQ==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
587
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:14 GMT
VirtualServiceItem-96a2351d.js
app.usercentrics.eu/browser-ui/3.13.0/ 		154 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/VirtualServiceItem-96a2351d.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
d1d23c47422a7c372db15ecf3e645c5bde29964b3ca9ef12dc7fe588e5e8cdc0
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://app.usercentrics.eu/browser-ui/3.13.0/index-6fdd8801.js
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:14 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352052
x-guploader-uploadid
ADPycdvm8fgAcigLGz1KFD8EXfSrUwL8En9uzbtx9-0lUXNdjqyZ1wSGfiFGgZciXmLu5bLwXHJWDv3HJG05r8lPJmYlYPhMMz7L
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48017
last-modified
Thu, 08 Dec 2022 14:43:02 GMT
server
UploadServer
etag
"f5cd3ad74a02d1e4b89194fb6201ad50"
x-goog-generation
1670510582073069
x-goog-hash
crc32c=8Nd44Q==, md5=9c0610oC0eS4kZT7YgGtUA==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
48017
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:14 GMT
DefaultTabs-fea85eb5.js
app.usercentrics.eu/browser-ui/3.13.0/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.usercentrics.eu/browser-ui/3.13.0/DefaultTabs-fea85eb5.js
Requested by
Host: hello.friday.de
URL: https://hello.friday.de/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
33987e55a9e69177cc2244d5fbc0db8b7665cf629edf1bf49313ae8c3e979b48
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://app.usercentrics.eu/browser-ui/3.13.0/index-6fdd8801.js
Origin
https://hello.friday.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Thu, 08 Dec 2022 14:46:14 GMT
content-encoding
gzip
strict-transport-security
max-age=7776000
age
352052
x-guploader-uploadid
ADPycdvA4mTU3eAd4gjhIK6965cllWJN3yxqteDs9vlY31pT3KVrLquQEIGj5PCiLk0Wvpq31b_jTcG2h8mKlcs9PenvyCY8RALd
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1686
last-modified
Thu, 08 Dec 2022 14:42:58 GMT
server
UploadServer
etag
"2d72701750af7a6cda2a9b13713f69b4"
x-goog-generation
1670510578141087
x-goog-hash
crc32c=6nHqNw==, md5=LXJwF1CvemzaKpsTcT9ptA==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000, no-transform
x-goog-stored-content-length
1686
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 08 Dec 2023 14:46:14 GMT
f960549b-32b3-41e5-8781-0c0173f53866_cookie.svg
images.prismic.io/friday-landing/ 		11 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.prismic.io/friday-landing/f960549b-32b3-41e5-8781-0c0173f53866_cookie.svg?auto=compress,format
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:8e::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
imgix /
Resource Hash
110cd1edd0814a1a72ebceaaa7f5432a98ee6f0f1d16763c54909aee00074483
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:33:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2876093
x-cache
HIT, HIT
x-imgix-id
6a68248d0c73c448ea969f7db563fb16b3c1fd5c
cross-origin-resource-policy
cross-origin
content-length
5506
x-served-by
cache-sjc10053-SJC, cache-hhn-etou8220030-HHN
x-imgix-render-farm
01.584
last-modified
Tue, 18 Feb 2020 12:55:59 GMT
server
imgix
vary
Accept-Encoding, Accept, User-Agent
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=315360000
accept-ranges
bytes
common.js
maps.googleapis.com/maps-api-v3/api/js/51/3/intl/de_ALL/ 		249 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/51/3/intl/de_ALL/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBU_5g9Tqp4yGEn3duzmlf5NdPT919F0qM&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 20:12:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
418904
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69805
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 18:55:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 07 Dec 2023 20:12:06 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/51/3/intl/de_ALL/ 		166 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/51/3/intl/de_ALL/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBU_5g9Tqp4yGEn3duzmlf5NdPT919F0qM&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hello.friday.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 20:12:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
418904
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62770
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 18:55:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 07 Dec 2023 20:12:06 GMT

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange object| fridayConfig object| webpackChunkfrd_frontends function| setImmediate function| clearImmediate object| regeneratorRuntime object| __SENTRY__ object| dataLayer object| userCentrics function| showBloomreachAlert object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| google object| module$contents$mapsapi$overlay$overlayView_OverlayView function| __import__ boolean| UC_UI_IS_RENDERED function| dynamicImportPolyfill object| urlParameters object| date string| expireDate object| date7 string| expireDate7 string| utmhref undefined| source undefined| medium undefined| content object| UC_UI

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de data:; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kasko.io https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday.de; img-src 'self' 'unsafe-inline' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.prismic.io https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.gstatic.com https://*.googlesyndication.com https://*.google.de https://*.usercentrics.eu https://*.doubleclick.net https://*.spoteffects.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.remintrex.com https://*.maxusperformance.de https://*.essenceperformancenetwork.com https://*.financeads.net https://*.outbrain.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.pso-empfehlen.net https://*.friday-empfehlen.de https://*.kasko.io https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://vni907.dynatrace-managed.com:9999/jstag/managed/1219ce38-5c1e-4b5f-9a26-2cf622dd99aa/c8038d5f7020050c_complete.js https://*.exponea.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com; base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; form-action 'self'; manifest-src 'self'; media-src 'self' https://*.gstatic.com; report-uri https://sentry.forfriday.de/api/13/security/?sentry_key=391f84707b914a32b395d8befb2ce5ba&sentry_environment=production
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.usercentrics.eu
app.usercentrics.eu
consent-api.service.consent.usercentrics.eu
graphql.usercentrics.eu
gtm-server.friday.de
hello.friday.de
images.prismic.io
maps.googleapis.com
uct.service.usercentrics.eu
13.32.99.105
2600:1901:0:5987::
2600:1901:0:656b::
2600:1901:0:7903::
2600:1901:0:c07c::
2a00:1450:4001:801::200a
2a04:4e42:8e::720
34.95.108.180
52.49.94.7
009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741
0344d6a6292431917a2b282b2c32b20fb5af43c4f2be2910b3d8d8e47f426f27
110cd1edd0814a1a72ebceaaa7f5432a98ee6f0f1d16763c54909aee00074483
112f05d9a926b4846f9325f21f6851a8fd3baecafb76be4e0a49265a3cf91da1
1ad1674f9081543f70e29f94fae3c5f9653586f42ecd7cb4b7c601b5afa0669b
1d57267209e3d410e51605017d756787bb0d23ea7c2a0eaab8b492510c65c3bc
2502f43b8512803dac791b817ed8150ba25016e6aca745e7e502ca22438046c7
28d967ee9f4817230c9e4684f4e7831848e20ff45afb7432d57c25f7a32cf1aa
2ad164580c0e9292854fc25a482abfa5bc8f16fe6c66a38ce196aef1a567e471
30d683a02f6cf308b058a170a7fbaecd66b54445c666f4030a89daf60c367567
3341257973327fd15fc7912a9b92c022122306a25c7ac70826be0cb14fb2c706
33987e55a9e69177cc2244d5fbc0db8b7665cf629edf1bf49313ae8c3e979b48
43023061a506aa31987f6a256e4b42561c2fba643dcbba8e17124cb070d0a4da
66cd29ef29866c5792a98210ab052fa47865d90c7ffc602ed5fc24bb4a7e8527
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
70fdf46ec720c9235e60fe600dd444bd55a7422894d37763364fe4cde32d0d14
82236d69f8bcb4314c201f3f463d995d06fbffb8f23dd6ab9fb52cb645d9490a
8563f915516318c564b1a4b4d4005778294178cfac736d0ed7dd5afa86d4cd50
903ad5c839c0f1202c762b27af62e387903e6e5946c5b88b2852a0c578d3b1ff
95439d4595cfc44a65e70d544aaec5635dfa66d28c22913e2306c006085d6526
9898e407c518b4017e7317294f5d9991a8d6760ab76cacd279a80c870a202f18
a4c55e16579c0d9be4117094b58089d7af0f7379fc86ed677f2e85c31e5eee51
bba70da1e951234a4011fe85867fd6f098f718679b6f705497d5fafa89467b7a
c97238c3c1826119a2375a234401dea3631ad1ac29973bdf94bba87f0bcc80dc
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca8e502562eaf908f1c0ec39e776e01963efaa9a31318d162974ef8a4c866e9c
d09dd002cdf8c4c75e79eae2a6dbc0b7570a49d0fcc38f9ae9184f3f69a8376d
d1d23c47422a7c372db15ecf3e645c5bde29964b3ca9ef12dc7fe588e5e8cdc0
d68bc54f396861ad589919bb25517802af7ac7e8758d2141f6853926d07c5fd5
dc8343dae24291634bf1aec40cb6794f860bc2b1d28f0ab683854cced24619a0
e1e2838d72c3c267345fa419ecba66f968fefc1f0928a8dc3da1d6df5078278c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e545e81aa2906f74262acd9640d2376518a822ebaab25ec5ca6dba18b95f0f4b
e9007130e03ed730801cea9e8f70175288cb441c97e84b94e34f50d3c542a562
ec805c4c3a12fc1c783d23fd645371d7628ffcfbd43994033fc6db9282ee8d57
f3d541bb8ac4f2634c8bc045e37ade096d7b03e2f67c54fe7f8bb81a8d7d4dc9