urlscan.io logo urlscan.io
SecurityTrails logo

www.costsfirst.com Open in urlscan Pro
54.241.23.76  Public Scan

Go To Rescan Add Verdict Report
URL: http://www.costsfirst.com/
Submission: On December 06 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 30 HTTP transactions. The main IP is 54.241.23.76, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is www.costsfirst.com.
This is the only time www.costsfirst.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
23 54.241.23.76 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
30 5
Apex Domain
Subdomains		 Transfer
23 costsfirst.com
www.costsfirst.com
secure.costsfirst.com
1 MB
4 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 411
184 KB
1 gstatic.com
www.gstatic.com
20 KB
1 google.com
apis.google.com — Cisco Umbrella Rank: 110
7 KB
30 4
Domain Requested by
21 www.costsfirst.com www.costsfirst.com
4 maps.googleapis.com www.costsfirst.com
maps.googleapis.com
2 secure.costsfirst.com www.costsfirst.com
1 www.gstatic.com www.costsfirst.com
1 apis.google.com www.costsfirst.com
30 5

This site contains links to these domains. Also see Links.

Domain
www.firstam.com
myfirstam.com
itunes.apple.com
play.google.com
Subject Issuer Validity Valid
*.apis.google.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-07 -
2023-01-30		 3 months crt.sh
www.costsfirst.com
Go Daddy Secure Certificate Authority - G2		 2022-06-14 -
2023-07-16		 a year crt.sh
secure.costsfirst.com
Go Daddy Secure Certificate Authority - G2		 2022-08-07 -
2023-09-08		 a year crt.sh

This page contains 1 frames:

Primary Page: http://www.costsfirst.com/
Frame ID: 9D99B83155ED7D54585FE2F03FDF5E62
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

First American Title CostsFirst

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js

Page Statistics

30
Requests

30 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

1701 kB
Transfer

6425 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26
  • http://www.costsfirst.com/assets/images/icon-costfirst-v1-180.png HTTP 307
  • https://www.costsfirst.com/assets/images/icon-costfirst-v1-180.png

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.costsfirst.com/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
b5c87abfd8c4aeded2187157cd4641a7ab518c666348bb83cfec2b26fc6ea2d3
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=1296000
Connection
Upgrade, Keep-Alive
Content-Encoding
gzip
Content-Length
1510
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Content-Type
text/html; charset=UTF-8
Date
Tue, 06 Dec 2022 21:53:45 GMT
ETag
"120a-5e95ae1318280-gzip"
Expires
Wed, 21 Dec 2022 21:53:45 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Fri, 23 Sep 2022 16:43:38 GMT
Server
Apache
Upgrade
h2,h2c
Vary
Accept-Encoding,User-Agent
X-XSS-Protection
1; mode=block
api.js
apis.google.com/js/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api.js
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3ad7ec445c350e3df6db55480ecea6e0307a0c6848efabfa53034f3c46f774bf
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 06 Dec 2022 21:53:45 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6892
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"c415cca8db9a84a4"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 06 Dec 2022 21:53:45 GMT
loader.js
www.gstatic.com/charts/ 		65 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/charts/loader.js
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
297577d52fce5df45a53b1d2e06469f65ee1dcf2e9bfbc8e2f45dbd06a0de8b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Tue, 06 Dec 2022 21:48:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
324
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19937
x-xss-protection
0
last-modified
Wed, 23 Jun 2021 18:41:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="gviz"
vary
Accept-Encoding, Origin
report-to
{"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type
text/javascript
cache-control
public, max-age=3600
access-control-allow-credentials
true
accept-ranges
bytes
expires
Tue, 06 Dec 2022 22:48:21 GMT
js
maps.googleapis.com/maps/api/ 		167 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyDQRldxrw-s0lEhwQN3f1G6jKxH_mLLHNE&libraries=places&libraries=places&language=en
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
742dbb6d93093b36ee3362219997731873acd7385fee79474ca0a4ce4ba2c1fc
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Tue, 06 Dec 2022 21:53:45 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
server-timing
gfet4t7; dur=28
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55766
x-xss-protection
0
expires
Tue, 06 Dec 2022 22:23:45 GMT
runtime.add76e852ba478c2.js
www.costsfirst.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.costsfirst.com/runtime.add76e852ba478c2.js
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
9985739d266965dab9a236a6ad55fe56ed91f6460a1e25aac15f107c314b5446
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.costsfirst.com/
Origin
http://www.costsfirst.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:45 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Connection
Keep-Alive
Content-Length
788
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 23 Sep 2022 16:43:34 GMT
Server
Apache
ETag
"5e4-5e95ae0f47980-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Expires
Thu, 05 Jan 2023 21:53:45 GMT
polyfills.8803e4f35b6d71d2.js
www.costsfirst.com/ 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.costsfirst.com/polyfills.8803e4f35b6d71d2.js
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
224f61e0e5cfa27f8e7abd12fde359378c913f2d8816794b72d7b8db084314e2
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.costsfirst.com/
Origin
http://www.costsfirst.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:45 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Connection
Upgrade, Keep-Alive
Content-Length
15276
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 23 Sep 2022 16:43:34 GMT
Server
Apache
ETag
"b135-5e95ae0f47980-gzip"
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Content-Type
application/javascript
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Thu, 05 Jan 2023 21:53:45 GMT
scripts.c48238ef8facb31a.js
www.costsfirst.com/ 		247 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.costsfirst.com/scripts.c48238ef8facb31a.js
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
3427660d37005fe57b08f08ac099d82dd01f91475f19a5663dbbf77323181109
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:46 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 23 Sep 2022 16:43:34 GMT
Server
Apache
ETag
"3da36-5e95ae0f47980-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Expires
Thu, 05 Jan 2023 21:53:46 GMT
main.2eb3830ddf03f6c8.js
www.costsfirst.com/ 		5 MB
877 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.costsfirst.com/main.2eb3830ddf03f6c8.js
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
61311837c5f5aa732676c0e6c1244bf290a52977ec45b0e7296dc71a3ebea951
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.costsfirst.com/
Origin
http://www.costsfirst.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:46 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 23 Sep 2022 16:43:40 GMT
Server
Apache
ETag
"49bfe5-5e95ae1500700-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Expires
Thu, 05 Jan 2023 21:53:46 GMT
styles.1f330e67c35a1567.css
www.costsfirst.com/ 		278 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.costsfirst.com/styles.1f330e67c35a1567.css
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
b59a9e8c56aa6123fda3e7169fa6b373021bd7b2e7865a384239224cd6c45e9b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:46 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Connection
Upgrade, Keep-Alive
Content-Length
47399
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 23 Sep 2022 16:43:34 GMT
Server
Apache
ETag
"459c4-5e95ae0f47980-gzip"
Vary
Accept-Encoding,User-Agent
Upgrade
h2,h2c
Content-Type
text/css
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Thu, 05 Jan 2023 21:53:46 GMT
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDQRldxrw-s0lEhwQN3f1G6jKxH_mLLHNE&libraries=places&libraries=places&language=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Tue, 06 Dec 2022 21:53:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
http://www.costsfirst.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23
x-xss-protection
0
version.json
www.costsfirst.com/assets/prod/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.costsfirst.com/assets/prod/version.json?t=1670363628486
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Strict-Transport-Security max-age=4838400; includeSubdomains;
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
http://www.costsfirst.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Allow
POST,OPTIONS,HEAD,GET
Cache-Control
max-age=7200
Connection
Upgrade, Keep-Alive
Content-Length
0
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Content-Type
application/json
Date
Tue, 06 Dec 2022 21:53:49 GMT
Expires
Tue, 06 Dec 2022 23:53:49 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Strict-Transport-Security
max-age=4838400; includeSubdomains;
Upgrade
h2,h2c
Vary
User-Agent
X-XSS-Protection
1; mode=block
get-home-page-intro-data
secure.costsfirst.com/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://secure.costsfirst.com/api/get-home-page-intro-data
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=4838400; includeSubdomains;
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type
Access-Control-Request-Method
POST
Origin
http://www.costsfirst.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Access-Control-Allow-Headers
Origin, X-Requested-With, Accept, Authorization, Content-Type, Access-Control-Request-Method,Access-Control-Request-Headers, x-xsrf-token authorization,content-type
Access-Control-Allow-Methods
POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
0
Cache-Control
no-cache, private, max-age=1296000
Connection
Upgrade, close
Date
Tue, 06 Dec 2022 21:53:49 GMT
Expires
Wed, 21 Dec 2022 21:53:49 GMT
Server
Apache
Strict-Transport-Security
max-age=4838400; includeSubdomains;
Upgrade
h2,h2c
Vary
Access-Control-Request-Method,Access-Control-Request-Headers,User-Agent
X-XSS-Protection
1; mode=block
version.json
www.costsfirst.com/assets/prod/ 		0
0
get-home-page-intro-data
secure.costsfirst.com/api/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.costsfirst.com/api/get-home-page-intro-data
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/polyfills.8803e4f35b6d71d2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
fd9ff9a48827d370264119d694e3cdc98680ad04b2afb54e68551f802378811a
Security Headers
Name Value
Strict-Transport-Security max-age=4838400; includeSubdomains;
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
http://www.costsfirst.com/
accept-language
de-DE,de;q=0.9
Authorization
Basic c2VjdXJlY2Y6I3lnZiRhc0Bhc2QkITI1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
application/json

Response headers

Date
Tue, 06 Dec 2022 21:53:49 GMT
Strict-Transport-Security
max-age=4838400; includeSubdomains;
Server
Apache
Vary
Authorization,User-Agent
Upgrade
h2,h2c
Access-Control-Allow-Origin
*
Content-Type
application/json
Cache-Control
no-cache, private, max-age=7200
Connection
Upgrade, Keep-Alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Accept, Authorization, Content-Type, Access-Control-Request-Method,Access-Control-Request-Headers, x-xsrf-token
Content-Length
1621
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=100
Expires
Tue, 06 Dec 2022 23:53:49 GMT
cost-first-logo.png
www.costsfirst.com/assets/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/images/cost-first-logo.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
9d60e75e6450fef554579bc05862e45afb14d4fc60ac2ce034735164ce379821
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:48 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Last-Modified
Sat, 09 Apr 2022 13:31:18 GMT
Server
Apache
ETag
"bba-5dc38b9db7580"
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
3002
X-XSS-Protection
1; mode=block
Expires
Thu, 05 Jan 2023 21:53:48 GMT
img-app.png
www.costsfirst.com/assets/images/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/images/img-app.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
d10a7f4b5c917b9f211ce71aa6ee8b1b3db678e6e8f8a65d8fc7ebff44cc338b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:48 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Last-Modified
Sat, 09 Apr 2022 13:31:18 GMT
Server
Apache
ETag
"b60c-5dc38b9db7580"
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
46604
X-XSS-Protection
1; mode=block
Expires
Thu, 05 Jan 2023 21:53:48 GMT
btn-app-store2.png
www.costsfirst.com/assets/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/images/btn-app-store2.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
b2fa0cdef6244ccd3c44a8a1c8c41d988a8b9374f1f5cd6f4f74ecb7247c0087
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:48 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Last-Modified
Sat, 09 Apr 2022 13:31:18 GMT
Server
Apache
ETag
"9e0-5dc38b9db7580"
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
2528
X-XSS-Protection
1; mode=block
Expires
Thu, 05 Jan 2023 21:53:48 GMT
btn-google-play-large.png
www.costsfirst.com/assets/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/images/btn-google-play-large.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
72374d0d93d2ec27171bab6daba0f5a3c17e37e2d93d9d7055807fc28e04343f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:48 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Connection
Upgrade, Keep-Alive
Content-Length
3813
X-XSS-Protection
1; mode=block
Last-Modified
Sat, 09 Apr 2022 13:31:18 GMT
Server
Apache
ETag
"ee5-5dc38b9db7580"
Vary
User-Agent
Upgrade
h2,h2c
Content-Type
image/png
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Thu, 05 Jan 2023 21:53:48 GMT
btn-app-ipad.png
www.costsfirst.com/assets/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/images/btn-app-ipad.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
573f5fa84fb3e6b0639a96c65fec9873f121726fc4f29d2193016dc3a154e312
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:48 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Connection
Upgrade, Keep-Alive
Content-Length
2285
X-XSS-Protection
1; mode=block
Last-Modified
Sat, 09 Apr 2022 13:31:18 GMT
Server
Apache
ETag
"8ed-5dc38b9db7580"
Vary
User-Agent
Upgrade
h2,h2c
Content-Type
image/png
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Thu, 05 Jan 2023 21:53:48 GMT
img-moblie.png
www.costsfirst.com/assets/images/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/images/img-moblie.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
880de12290f10f463b5dcf23c20388bab0c23b863cf69f4e6b2004d37676d828
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:49 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Last-Modified
Sat, 09 Apr 2022 13:31:18 GMT
Server
Apache
ETag
"485f-5dc38b9db7580"
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
18527
X-XSS-Protection
1; mode=block
Expires
Thu, 05 Jan 2023 21:53:49 GMT
img-famliy.png
www.costsfirst.com/assets/images/ 		100 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/images/img-famliy.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
7f346538b420557233d4113b6e6f329afdae760c66aaed5b7575d42b2a36454b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:49 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Connection
Upgrade, Keep-Alive
Content-Length
102713
X-XSS-Protection
1; mode=block
Last-Modified
Sat, 09 Apr 2022 13:31:18 GMT
Server
Apache
ETag
"19139-5dc38b9db7580"
Vary
User-Agent
Upgrade
h2,h2c
Content-Type
image/png
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Thu, 05 Jan 2023 21:53:49 GMT
img-moblie-seller.png
www.costsfirst.com/assets/images/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/images/img-moblie-seller.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
f5f9c50aed4ec6e2f2d72f6ed1fa51a521fb9207cf5b1da73168a21ced718e75
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:49 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Last-Modified
Sat, 09 Apr 2022 13:31:18 GMT
Server
Apache
ETag
"40d0-5dc38b9db7580"
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
16592
X-XSS-Protection
1; mode=block
Expires
Thu, 05 Jan 2023 21:53:49 GMT
img-banner.fc25042fcc114bb9.jpg
www.costsfirst.com/assets/prod/ 		110 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/prod/img-banner.fc25042fcc114bb9.jpg
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/styles.1f330e67c35a1567.css
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
ff60e8035c45015c7e002c1d5fd00965a68009bf2d4cd1509edf08fc0f48a5bf
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/styles.1f330e67c35a1567.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:48 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Last-Modified
Fri, 23 Sep 2022 16:43:34 GMT
Server
Apache
ETag
"1b6d1-5e95ae0f47980"
Vary
User-Agent
Content-Type
image/jpeg
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
112337
X-XSS-Protection
1; mode=block
Expires
Thu, 05 Jan 2023 21:53:48 GMT
img-bg-app.68173fbc509b51bd.png
www.costsfirst.com/assets/prod/ 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/prod/img-bg-app.68173fbc509b51bd.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/styles.1f330e67c35a1567.css
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
78c5b155bba90cdd737c4c4e5b4aebb71dfbf1b1e7b4da59096a2405b66801b2
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/styles.1f330e67c35a1567.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:49 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 23 Sep 2022 16:43:34 GMT
Server
Apache
ETag
"c85e-5e95ae0f47980"
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
51294
X-XSS-Protection
1; mode=block
Expires
Thu, 05 Jan 2023 21:53:49 GMT
img-footer.ce7f380212f51532.png
www.costsfirst.com/assets/prod/ 		88 B
684 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.costsfirst.com/assets/prod/img-footer.ce7f380212f51532.png
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/styles.1f330e67c35a1567.css
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
fa3effcb7833a7e1ff96ead8f3c5f40f4aaa3d73aa49972d2e9f541244d48095
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/styles.1f330e67c35a1567.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:48 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Content-Type-Options
nosniff
Last-Modified
Fri, 23 Sep 2022 16:43:34 GMT
Server
Apache
ETag
"58-5e95ae0f47980"
Vary
User-Agent
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
88
X-XSS-Protection
1; mode=block
Expires
Thu, 05 Jan 2023 21:53:48 GMT
TK3iWkUHHAIjg752GT8G.0eeb65d2a405b987.woff2
www.costsfirst.com/assets/prod/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://www.costsfirst.com/assets/prod/TK3iWkUHHAIjg752GT8G.0eeb65d2a405b987.woff2
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/styles.1f330e67c35a1567.css
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
9facc976353ff7ab7cbb7345853c0f7d0c1bbce3733934b53790b93833dbae4c
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.costsfirst.com/styles.1f330e67c35a1567.css
Origin
http://www.costsfirst.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:48 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Last-Modified
Fri, 23 Sep 2022 16:43:34 GMT
Server
Apache
ETag
"7bbc-5e95ae0f47980"
Vary
User-Agent
Cache-Control
max-age=7200
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
31676
X-XSS-Protection
1; mode=block
Expires
Tue, 06 Dec 2022 23:53:48 GMT
fontawesome-webfont.e9955780856cf8aa.woff2
www.costsfirst.com/assets/prod/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://www.costsfirst.com/assets/prod/fontawesome-webfont.e9955780856cf8aa.woff2?v=4.7.0
Requested by
Host: www.costsfirst.com
URL: http://www.costsfirst.com/styles.1f330e67c35a1567.css
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.costsfirst.com/styles.1f330e67c35a1567.css
Origin
http://www.costsfirst.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:48 GMT
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Last-Modified
Fri, 23 Sep 2022 16:43:34 GMT
Server
Apache
ETag
"12d68-5e95ae0f47980"
Vary
User-Agent
Cache-Control
max-age=7200
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
77160
X-XSS-Protection
1; mode=block
Expires
Tue, 06 Dec 2022 23:53:48 GMT
icon-costfirst-v1-180.png
www.costsfirst.com/assets/images/
Redirect Chain
  • http://www.costsfirst.com/assets/images/icon-costfirst-v1-180.png
  • https://www.costsfirst.com/assets/images/icon-costfirst-v1-180.png
6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.costsfirst.com/assets/images/icon-costfirst-v1-180.png
Protocol
HTTP/1.1
Server
54.241.23.76 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-241-23-76.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
79ecdd739e083b748071fada42e39d2f1dff55d623000b7a5c44d1638147eaf4
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Strict-Transport-Security max-age=4838400; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Tue, 06 Dec 2022 21:53:51 GMT
Strict-Transport-Security
max-age=4838400; includeSubdomains;
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
Connection
Upgrade, Keep-Alive
Content-Length
5929
X-XSS-Protection
1; mode=block
Last-Modified
Sat, 09 Apr 2022 13:31:18 GMT
Server
Apache
ETag
"1729-5dc38b9db7580"
Vary
User-Agent
Upgrade
h2,h2c
Content-Type
image/png
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Thu, 05 Jan 2023 21:53:51 GMT

Redirect headers

Location
https://www.costsfirst.com/assets/images/icon-costfirst-v1-180.png
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
common.js
maps.googleapis.com/maps-api-v3/api/js/51/2/ 		249 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/51/2/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDQRldxrw-s0lEhwQN3f1G6jKxH_mLLHNE&libraries=places&libraries=places&language=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
32a21f5208395435a2607c4980b663c15b20d0ecb57647193fccedf6fe2772cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Tue, 06 Dec 2022 21:46:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
439
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69758
x-xss-protection
0
last-modified
Mon, 28 Nov 2022 22:32:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 06 Dec 2023 21:46:31 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/51/2/ 		166 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/51/2/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDQRldxrw-s0lEhwQN3f1G6jKxH_mLLHNE&libraries=places&libraries=places&language=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ab0897fa86882119e4c205194b220af856781975b3485fd97df8ffda72835f0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://www.costsfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Tue, 06 Dec 2022 19:25:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
8924
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62746
x-xss-protection
0
last-modified
Mon, 28 Nov 2022 22:32:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 06 Dec 2023 19:25:06 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.costsfirst.com
URL
https://www.costsfirst.com/assets/prod/version.json?t=1670363628486

Verdicts & Comments Add Verdict or Comment

311 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange string| WEB_FULL_URL object| gapi object| ___jsl object| google object| module$contents$mapsapi$overlay$overlayView_OverlayView object| webpackChunkmy_app function| Zone function| __zone_symbol__Promise function| __zone_symbol__ZoneAwarePromise function| __zone_symbol__fetch function| __zone_symbol__legacyPatch function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched object| activeproject object| activeprojectid string| temp_mode number| valueNew function| dateMDYFormat function| dateMDYFormatSlace function| dateYMDFormat function| deleteButton function| getFinalValue function| loadcolorpicker function| readImage function| callCommonFunctionForTags object| arr_balance undefined| result function| getOwnerCarry function| pmt function| drawOCChart function| autoLogIn function| downloadURI object| _tax_Proration_State_Arr object| _tax_Proration_State_City_Arr object| _tax_Proration_State_Utah_Arr object| _tax_Proration_State_Oregon_Arr object| _michigan_counties_Arr object| _illinois_counties_Arr_105 object| _illinois_counties_Arr_600 object| _illinois_counties_Arr_110 function| getAmountFHA function| getAmountConventional function| getAdjustedVA function| getAdjustedUSDA function| getDiscountAmount function| getDiscountPer function| getOriginationFee function| getPreMonthTax function| useAnnualTaxforPrepaid function| getRealEstateTaxes function| getMonthlyInsurance function| getHomeOwnerInsurance function| getAdjustmentTaxInt function| getDailyInterest function| getFhaMipFinance function| getVaFundingFinance function| getUsdaMipFinance function| getAnnualAdjustment function| sumOfAdjustment function| getMonthlyRateMMI function| getTotalPrepaidItems function| getTotalMonthlyPayment function| getTotalInvestment function| getCostTypeTotal function| getTotalCostRate function| getDated function| getBuyerEstimatedTax function| getIllinoisEstimatedTaxProration function| get2ndTd function| monthlyPaymentChanged function| numberFormat function| removeCommas function| getSellerAmountFHA function| getSellerAmountVA function| getSellerAmountCONV function| getSellerAmountUSDA function| getSellerCostTypeTotal function| getSellerTotalCostRate function| getSellerListSellAgt function| getSellerListSellAgtValues function| getSellerListSellTeired function| getIllinoisCommission function| getSellerExistingBalanceCalculation function| getSellerDiscountAmount function| getSellerEstimatedTax function| getSellerSumSSC function| getSellerListSellAgtPer function| StrInArray function| StrToUpper function| getGrossCommissionsVal function| getExiceTax_not_in_use function| getNetfirstAmountFHA function| getNetfirstCostTypeTotal function| getNetfirstTotalCostRate function| getNetfirstListSellAgt function| getNetfirstListSellAgtValues function| getNetfirstListSellAgtPer function| getNetfirstExistingBalanceCalculation function| getNetfirstDiscountAmount function| getNetfirstDiscountPer function| getNetfirstEstimatedTax function| getNetfirstSumSSC function| getTransferTax function| getTransferTaxForSanFrancisco function| getNetfirstGrossCommissionsVal function| getRefAmountConventional function| getRefAdjustedVA function| getRefAdjustedUSDA function| getRefDiscountAmount function| getRefOriginationFee function| getRefPreMonthTax function| getRefRealEstateTaxes function| getRefMonthlyInsurance function| getRefHomeOwnerInsurance function| getRefAdjustmentTaxInt function| getRefDailyInterest function| getRefAmountFHA function| getRefFhaMipFinance function| getRefVaFundingFinance function| getRefUsdaMipFinance function| getRefAnnualAdjustment function| getRefSumOfAdjustment function| getRefMonthlyRateMMI function| getRefTotalPrepaidItems function| getRefTotalMonthlyPayment function| getRefTotalInvestment function| getRefCostTypeTotal function| getRefTotalCostRate function| getRefExistingBalanceCalculation function| getRefEstimatedTax function| getActualAnnualTax function| getActualAnnualIns function| getDiscountYearChng function| getTotalPayoff function| drawGraph function| drawSellerEstimateGraph object| __zone_symbol__loadfalse function| $ function| jQuery object| jQuery110206220046004377042 object| $c object| $win function| Shapetext function| Imageshape function| Box2 function| clear function| mainDraw function| myMove function| contextmenu function| myDown function| removeElement function| delobj function| myUp function| previewsave function| save function| imgsave function| preview function| invalidate function| getMouse function| newobject function| addMultipleText function| init2 function| loadobject function| clearArray function| addText function| addRect function| valchange function| myDblClick function| moveShapes function| setTextControl function| addCustomImg function| setMode object| __zone_symbol__keypressfalse object| __zone_symbol__contextmenufalse function| SearchIndex function| Bloodhound object| regeneratorRuntime function| Color function| Chart object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse object| __zone_symbol__scrollfalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

0 Cookies

2 Console Messages

Source Level URL
Text
javascript error URL: http://www.costsfirst.com/
Message:
Access to XMLHttpRequest at 'https://www.costsfirst.com/assets/prod/version.json?t=1670363628486' from origin 'http://www.costsfirst.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.costsfirst.com/assets/prod/version.json?t=1670363628486
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com;
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apis.google.com
maps.googleapis.com
secure.costsfirst.com
www.costsfirst.com
www.gstatic.com
www.costsfirst.com
2a00:1450:4001:803::2003
2a00:1450:4001:82f::200e
2a00:1450:4001:831::200a
54.241.23.76
224f61e0e5cfa27f8e7abd12fde359378c913f2d8816794b72d7b8db084314e2
297577d52fce5df45a53b1d2e06469f65ee1dcf2e9bfbc8e2f45dbd06a0de8b4
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
32a21f5208395435a2607c4980b663c15b20d0ecb57647193fccedf6fe2772cb
3427660d37005fe57b08f08ac099d82dd01f91475f19a5663dbbf77323181109
3ad7ec445c350e3df6db55480ecea6e0307a0c6848efabfa53034f3c46f774bf
573f5fa84fb3e6b0639a96c65fec9873f121726fc4f29d2193016dc3a154e312
61311837c5f5aa732676c0e6c1244bf290a52977ec45b0e7296dc71a3ebea951
72374d0d93d2ec27171bab6daba0f5a3c17e37e2d93d9d7055807fc28e04343f
742dbb6d93093b36ee3362219997731873acd7385fee79474ca0a4ce4ba2c1fc
78c5b155bba90cdd737c4c4e5b4aebb71dfbf1b1e7b4da59096a2405b66801b2
79ecdd739e083b748071fada42e39d2f1dff55d623000b7a5c44d1638147eaf4
7f346538b420557233d4113b6e6f329afdae760c66aaed5b7575d42b2a36454b
880de12290f10f463b5dcf23c20388bab0c23b863cf69f4e6b2004d37676d828
9985739d266965dab9a236a6ad55fe56ed91f6460a1e25aac15f107c314b5446
9d60e75e6450fef554579bc05862e45afb14d4fc60ac2ce034735164ce379821
9facc976353ff7ab7cbb7345853c0f7d0c1bbce3733934b53790b93833dbae4c
ab0897fa86882119e4c205194b220af856781975b3485fd97df8ffda72835f0e
b2fa0cdef6244ccd3c44a8a1c8c41d988a8b9374f1f5cd6f4f74ecb7247c0087
b59a9e8c56aa6123fda3e7169fa6b373021bd7b2e7865a384239224cd6c45e9b
b5c87abfd8c4aeded2187157cd4641a7ab518c666348bb83cfec2b26fc6ea2d3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d10a7f4b5c917b9f211ce71aa6ee8b1b3db678e6e8f8a65d8fc7ebff44cc338b
f5f9c50aed4ec6e2f2d72f6ed1fa51a521fb9207cf5b1da73168a21ced718e75
fa3effcb7833a7e1ff96ead8f3c5f40f4aaa3d73aa49972d2e9f541244d48095
fd9ff9a48827d370264119d694e3cdc98680ad04b2afb54e68551f802378811a
ff60e8035c45015c7e002c1d5fd00965a68009bf2d4cd1509edf08fc0f48a5bf