cvcatcher.realestate.bnpparibas Open in urlscan Pro
91.134.116.244 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://realestate-bnpparibas.jobijoba.io/
Effective URL:
https://cvcatcher.realestate.bnpparibas/
Submission: On July 22 via automatic, source certstream-suspicious (July 22nd 2024, 1:02:23 pm UTC) — Scanned from FR

Summary HTTP 30 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 7 domains to perform 30 HTTP transactions. The main IP is 91.134.116.244, located in France and belongs to OVH, FR. The main domain is cvcatcher.realestate.bnpparibas.
TLS certificate: Issued by Entrust Certification Authority - L1K on October 19th 2023. Valid for: a year.

This is the only time cvcatcher.realestate.bnpparibas was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 27	91.134.116.244 91.134.116.244	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
1	20.74.48.56 20.74.48.56	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.239.36.46 18.239.36.46	16509 (AMAZON-02) (AMAZON-02)
1	65.9.68.209 65.9.68.209	16509 (AMAZON-02) (AMAZON-02)
30	5

27 91.134.116.244 (France) 1 redirects

ASN16276 (OVH, FR)

realestate-bnpparibas.jobijoba.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cvcatcher.realestate.bnpparibas	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.cvcatcher.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.74.48.56 (Paris, France)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

f.hellowork.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.36.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-36-46.ams58.r.cloudfront.net

tag.aticdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.68.209 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-68-209.fra56.r.cloudfront.net

logs1412.xiti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	realestate.bnpparibas cvcatcher.realestate.bnpparibas	1000 KB
4	cvcatcher.io api.cvcatcher.io	5 KB
1	xiti.com logs1412.xiti.com — Cisco Umbrella Rank: 85085	338 B
1	aticdn.net tag.aticdn.net — Cisco Umbrella Rank: 19638	25 KB
1	hellowork.com f.hellowork.com	986 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	72 KB
1	jobijoba.io 1 redirects realestate-bnpparibas.jobijoba.io	59 B
30	7

	Domain	Requested by
22	cvcatcher.realestate.bnpparibas	cvcatcher.realestate.bnpparibas
4	api.cvcatcher.io	cvcatcher.realestate.bnpparibas
1	logs1412.xiti.com	tag.aticdn.net
1	tag.aticdn.net	www.googletagmanager.com
1	f.hellowork.com	cvcatcher.realestate.bnpparibas
1	www.googletagmanager.com	cvcatcher.realestate.bnpparibas
1	realestate-bnpparibas.jobijoba.io	1 redirects
30	7

This site contains links to these domains. Also see Links.

Domain
realestate-bnpparibas.jobijoba.io
data-privacy.realestate.bnpparibas
www.realestate.bnpparibas.fr

Subject Issuer	Validity	Valid
cvcatcher.realestate.bnpparibas Entrust Certification Authority - L1K	`2023-10-19` - `2024-10-19`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.hellowork.com Gandi RSA Domain Validation Secure Server CA 3	`2024-04-22` - `2025-04-29`	a year	crt.sh
tag.aticdn.net Thawte RSA CA 2018	`2024-01-15` - `2025-01-23`	a year	crt.sh
*.cvcatcher.io Gandi RSA Domain Validation Secure Server CA 3	`2024-03-29` - `2025-04-06`	a year	crt.sh
*.xiti.com Thawte RSA CA 2018	`2024-04-18` - `2025-04-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cvcatcher.realestate.bnpparibas/
Frame ID: 980475CFD3FFAE567E6F0A1E54B4687C
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CV Catcher BNP Paribas Real Estate - Recrutement, Offres d'emploi, Dépôt de CV

Page URL History Show full URLs

https://realestate-bnpparibas.jobijoba.io/ HTTP 301
https://cvcatcher.realestate.bnpparibas/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

30
Requests

100 %
HTTPS

20 %
IPv6

7
Domains

7
Subdomains

5
IPs

3
Countries

1104 kB
Transfer

2836 kB
Size

4
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://realestate-bnpparibas.jobijoba.io/

Search URL Search Domain Scan URL

URL: https://data-privacy.realestate.bnpparibas/
Title: mes données personnelles

Search URL Search Domain Scan URL

URL: https://data-privacy.realestate.bnpparibas/fr/accueil
Title: Protection des données personnelles

Search URL Search Domain Scan URL

URL: https://www.realestate.bnpparibas.fr/mentions-legales
Title: Mentions légales

Search URL Search Domain Scan URL

URL: https://www.realestate.bnpparibas.fr/bnppre/fr/carrieres/postulez-p_1683508.html
Title: Revenir au site carrière de BNP Paribas Real Estate

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://realestate-bnpparibas.jobijoba.io/ HTTP 301
https://cvcatcher.realestate.bnpparibas/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cvcatcher.realestate.bnpparibas/
Redirect Chain

https://realestate-bnpparibas.jobijoba.io/
https://cvcatcher.realestate.bnpparibas/

3 KB
6 KB

90ms
23ms

Document
text/html

91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

a3b576b352230b89b3cda8212938ed608ea8cae14368da18cc8d41a77e942139

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
cache-control: no-cache
content-encoding: gzip
content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-type: text/html
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jul 2024 13:02:15 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
referrer-policy: no-referrer-when-downgrade
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-cache: MISS
x-content-type-options: nosniff
x-frame-options: DENY

Redirect headers

content-length: 0
location: https://cvcatcher.realestate.bnpparibas/

GET
H2 200 menu.css
cvcatcher.realestate.bnpparibas/css/ 4 KB
5 KB 24ms
21ms Stylesheet
text/css 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/css/menu.css

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

5e8b889a8b05b470454e06c6dffbb58c39828fa8694d8f0c3f433407d5bff44f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 388
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1219
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: text/css
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 bootstrap.css
cvcatcher.realestate.bnpparibas/css/ 108 KB
22 KB 41ms
38ms Stylesheet
text/css 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/css/bootstrap.css

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

7070cbb44c8fb16f42b20442c7bc45f367cf458577864b1bc43d397ae848af7c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 388
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 17956
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: text/css
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 main.css
cvcatcher.realestate.bnpparibas/build/ 35 KB
11 KB 54ms
52ms Stylesheet
text/css 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/main.css

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

4185bb8bcb99788c27f612e16c9249566a67976c2622cfe269833c1019ab4c4d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 388
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 6922
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: text/css
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 generic.css
cvcatcher.realestate.bnpparibas/ 290 B
4 KB 23ms
20ms Stylesheet
text/css 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/generic.css

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

88fd6e468cda858e171891a01409490b027ae578dd8aa3b6d8958440dcb10df6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 388
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 167
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: text/css
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 custom.css
cvcatcher.realestate.bnpparibas/assets/style/ 2 KB
5 KB 23ms
21ms Stylesheet
text/css 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/assets/style/custom.css

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

a401b94f5d316e0f284c886a59f2d2ce6d72fcec51f4fa74ffc9d84eb496dc50

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 388
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 854
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: text/css
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 brownie-consent-config.js Show response
cvcatcher.realestate.bnpparibas/ 31 B
4 KB 21ms
19ms Script
application/javascript 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/brownie-consent-config.js

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

790c0d9dbde996a7f34fe36a8cf5df56a8052f2fdcbc0d65cf0ff8bb400c24dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 388
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 51
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 logo.png
cvcatcher.realestate.bnpparibas/ 24 KB
28 KB 39ms
38ms Image
image/png 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cvcatcher.realestate.bnpparibas/logo.png?5.11.15

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

173255041f6335bf7fefb92e04d2751269258f7f301b6d46426eaf8d8bab4b6b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
date: Mon, 22 Jul 2024 12:55:47 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 24347
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: image/png
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 main.js Show response
cvcatcher.realestate.bnpparibas/build/ 924 KB
281 KB 56ms
55ms Script
application/javascript 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/main.js

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

d557029715cad15dd47745e5fcc45aaf259afd9df836ec20b8bf0fea06c7da08

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 282812
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 211 KB
72 KB 113ms
45ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NWZTHVL&l=dataLayerHW

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e375cc91fb1d2176125c0435672a3b5ef7eae18f7c7b38be688defc3f2eb65db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 13:02:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73610
x-xss-protection: 0
last-modified: Mon, 22 Jul 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 22 Jul 2024 13:02:15 GMT

GET
H2 200 bnpp-rounded-v2.woff
cvcatcher.realestate.bnpparibas/assets/style/fonts/ 68 KB
72 KB 24ms
21ms Font
font/woff 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/assets/style/fonts/bnpp-rounded-v2.woff

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/assets/style/custom.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

717fdd39e4e842bd4940344fff430dd810979769e782c332c0227913ce091cca

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/assets/style/custom.css
Origin: https://cvcatcher.realestate.bnpparibas
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
date: Mon, 22 Jul 2024 12:55:47 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 69168
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: font/woff
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 config.json Show response
f.hellowork.com/cvcatcher/clients/bnp_realestate_cvcatcher/ 2 KB
986 B 260ms
35ms Fetch
application/json 20.74.48.56
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://f.hellowork.com/cvcatcher/clients/bnp_realestate_cvcatcher/config.json
Requested by: Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 20.74.48.56 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f94b8d95001a23b96a4b2a984fba4f1d330d574458fad0d280c38a280bc03d59

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 22 Jul 2024 13:02:15 GMT
content-encoding: br
last-modified: Wed, 17 Jul 2024 09:46:10 GMT
age: 443462
vary: Accept-Encoding
x-cache: MISS
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 763
x-cache-hits: 242

GET
H2 200 piano-analytics.js Show response
tag.aticdn.net/ 80 KB
25 KB 211ms
25ms Script
application/javascript 18.239.36.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.aticdn.net/piano-analytics.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NWZTHVL&l=dataLayerHW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-46.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 18a2f00d63a8da9719a5a407a65ac9d5e1f20d8c7540225930ef76338e115bff

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: UjV9MqLhEmN0Ra89tDJx6ZWpge1eBJov
content-encoding: gzip
via: 1.1 58b391c0bc32913049841b1b8cd9053a.cloudfront.net (CloudFront)
date: Mon, 22 Jul 2024 12:34:08 GMT
x-amz-cf-pop: AMS58-P2
age: 1688
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 20 Jun 2024 14:20:47 GMT
server: AmazonS3
etag: W/"83ce6e2b8d1fd52491770342eed44bf6"
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
x-amz-cf-id: pR-yIXort1gNfkX7XBAVdVE4am7rpaD6w3Machxt1yXBpGisqx8iAQ==

GET
H2 200 specific.json Show response
cvcatcher.realestate.bnpparibas/assets/media/fr/locales/ 549 B
5 KB 23ms
23ms Fetch
application/json 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/assets/media/fr/locales/specific.json

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

3367374925ae6dd3ded6b22d0f019546eb786d02eaef50ec8e9d94214a635db6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 411
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 56-cbb890d0639656c49144.chunk.js Show response
cvcatcher.realestate.bnpparibas/build/ 23 KB
12 KB 26ms
26ms Script
application/javascript 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/56-cbb890d0639656c49144.chunk.js

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

98a60a8da69935bd91150af3342581eff2be2574227841f9b698f8184a0c36e7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 8191
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 352-c1fce4c1c574d6020c97.chunk.css
cvcatcher.realestate.bnpparibas/build/ 12 KB
8 KB 22ms
22ms Stylesheet
text/css 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/352-c1fce4c1c574d6020c97.chunk.css

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

7e925169d6fb83cef84a045ca5968c733927ef21d1efed2370da0c34f70a41b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 3832
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: text/css
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 352-bb95a21cc018cba51c5c.chunk.js Show response
cvcatcher.realestate.bnpparibas/build/ 202 B
4 KB 20ms
20ms Script
application/javascript 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/352-bb95a21cc018cba51c5c.chunk.js

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

846e42ab2bd30ed785326ebc2d33a5eaf0d9a844d03709fdef3028dbd702ae0a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 171
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 969-245ec00d1bc919632fa2.chunk.css
cvcatcher.realestate.bnpparibas/build/ 19 KB
9 KB 21ms
20ms Stylesheet
text/css 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/969-245ec00d1bc919632fa2.chunk.css

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

a7a2a5f3b50ef5e7b481c2ee9fd529e3a1cacf80c2bd1922d7a5bed50dbede02

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 4541
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: text/css
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 969-13da67d7e4bca33b6f46.chunk.js Show response
cvcatcher.realestate.bnpparibas/build/ 778 KB
231 KB 37ms
36ms Script
application/javascript 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/969-13da67d7e4bca33b6f46.chunk.js

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

b517b8ac4d7f99b9a945ae81e3f4ac9b54d7e76ed9b114faad3d49170d75e6c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 232344
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 708-48f8635699424fb80645.chunk.js Show response
cvcatcher.realestate.bnpparibas/build/ 365 KB
119 KB 19ms
18ms Script
application/javascript 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/708-48f8635699424fb80645.chunk.js

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

09b931987d8494abc26f27a5441530336bdb2e100c7b0add53cedfc9191c920d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 117023
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 185-417cc2a5df4d35feaa4a.chunk.js Show response
cvcatcher.realestate.bnpparibas/build/ 20 KB
10 KB 35ms
34ms Script
application/javascript 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/185-417cc2a5df4d35feaa4a.chunk.js

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

732e05c2504a7db0a77bf96034fba9d79eac6d3f8731646ed6cbccada2ad5ed2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 5837
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 639-3716b94de466ce64ee1b.chunk.css
cvcatcher.realestate.bnpparibas/build/ 7 KB
6 KB 67ms
66ms Stylesheet
text/css 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/639-3716b94de466ce64ee1b.chunk.css

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

99f6308796a34d1962ba8b6f658d09e8f08301bca279643442a8d0491f2de13e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 1383
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: text/css
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 639-3b47625fd81bd4256323.chunk.js Show response
cvcatcher.realestate.bnpparibas/build/ 2 KB
5 KB 38ms
37ms Script
application/javascript 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/build/639-3b47625fd81bd4256323.chunk.js

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

8bf056c3022b5b1355bf70f09c6cc395ca3ccd9fb950c591f083c5cd1b6cd08e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 22 Jul 2024 12:55:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains
age: 387
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 812
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: application/javascript
vary: Accept-Encoding
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 1

GET
H2 200 web-cover.jpg
cvcatcher.realestate.bnpparibas/assets/media/fr/ 131 KB
136 KB 23ms
23ms Image
image/jpeg 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cvcatcher.realestate.bnpparibas/assets/media/fr/web-cover.jpg

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

45b8de22113ea03f3e4bc9fecbd7b4598041454347c9440cb9bf81c8f961e948

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
date: Mon, 22 Jul 2024 12:50:54 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
age: 681
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 134646
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: image/jpeg
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-cache-hits: 2

POST
H2 200 login Show response
api.cvcatcher.io/v2/security/ 328 B
3 KB 213ms
211ms Fetch
application/json 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cvcatcher.io/v2/security/login

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

a9ebace317dedc4086959f5c7eb52200e3ef174d9d332e9dbf624993651b1683

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
x-session-id: 9f005480-482a-11ef-bf4f-23e4749b8fd5
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'
date: Mon, 22 Jul 2024 13:02:17 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
age: 0
content-security-policy-report-only: default-src 'self' https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jobijoba.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jobijoba.com; img-src 'self' data: https://cdn.jobijoba.com https://cdn.redoc.ly/redoc/logo-mini.svg; font-src 'self' https://fonts.gstatic.com https://cdn.jobijoba.com; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly; report-to default
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 328
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=0, report-uri='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-frame-options: DENY
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/a/d/g"}],"include_subdomains":true}
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), window-placement=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'

OPTIONS
H2 204 login
api.cvcatcher.io/v2/security/ 0
0 413ms
20ms Preflight 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cvcatcher.io/v2/security/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-session-id
Access-Control-Request-Method: POST
Origin: https://cvcatcher.realestate.bnpparibas
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-session-id
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: *
age: 0
content-security-policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'
content-security-policy-report-only: default-src 'self' https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jobijoba.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jobijoba.com; img-src 'self' data: https://cdn.jobijoba.com https://cdn.redoc.ly/redoc/logo-mini.svg; font-src 'self' https://fonts.gstatic.com https://cdn.jobijoba.com; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly; report-to default
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jul 2024 13:02:16 GMT
expect-ct: max-age=0, report-uri='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), window-placement=(), vertical-scroll=()
referrer-policy: no-referrer-when-downgrade
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/a/d/g"}],"include_subdomains":true}
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding, Origin
x-cache: MISS
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 204 event
logs1412.xiti.com/ 0
338 B 402ms
30ms Ping
text/plain 65.9.68.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://logs1412.xiti.com/event?s=637104&idclient=lywzxzxo8q7n21x9

Requested by

Host: tag.aticdn.net
URL: https://tag.aticdn.net/piano-analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.68.209 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-68-209.fra56.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 22 Jul 2024 13:02:16 GMT
strict-transport-security: max-age=15768000
via: 1.1 980059f199bdd603b925d049efedf130.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
access-control-max-age: 600
x-cache: Miss from cloudfront
access-control-allow-origin: https://cvcatcher.realestate.bnpparibas
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-id: E1R9X3ZAy5s_WLHueNuOSjPdk2SQTHwe2RuMiaX2Yqb80BPUbzMARw==

GET
H2 200 favicon.ico
cvcatcher.realestate.bnpparibas/ 15 KB
19 KB 22ms
21ms Other
image/vnd.microsoft.icon 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cvcatcher.realestate.bnpparibas/favicon.ico

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9f9411f8bc4ceb0cf2cf3c5663b51a4d9480453c4d5e2928892cf68ac6fd0bc8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://cvcatcher.realestate.bnpparibas/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://*.googletagmanager.com https://*.google-analytics.com https://www.youtube.com https://*.hotjar.com https://*.licdn.com https://*.fontawesome.com https://app-bundle-staging.cvcatcher.io https://*.privacy-center.org https://*.vimeo.com https://*.trustpilot.com https://*.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://*.jobijoba.com https://*.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://*.google.com https://*.google.fr https://*.google-analytics.com https://*.xiti.com https://*.gstatic.com https://*.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://*.fontawesome.com https://*.cvcatcher.io https://*.jobijoba.com https://*.typekit.net; connect-src 'self' https://vimeo.com https://*.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://*.doubleclick.net https://*.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://*.privacy-center.org https://*.fontawesome.com https://*.hotjar.com https://*.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://*.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://*.vimeo.com https://*.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
date: Mon, 22 Jul 2024 13:02:16 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
age: 0
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 15086
reporting-endpoints: csp-endpoint-enforce="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce", csp-endpoint-report-only="https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
report-to: {"group":"csp-endpoint-enforce","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce"}],"group":"csp-endpoint-report-only","max_age":86400,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly"}]}
content-type: image/vnd.microsoft.icon
cache-control: no-cache
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=*, battery=(), camera=(self), cross-origin-isolated=(self), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(self), hid=(self), idle-detection=(), interest-cohort=(), serial=(), sync-script=*, trust-token-redemption=(), window-management=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'

OPTIONS
H2 204 logger
api.cvcatcher.io/v2/ 0
0 18ms
18ms Preflight 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cvcatcher.io/v2/logger

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-language,x-session-id,x-session-key
Access-Control-Request-Method: POST
Origin: https://cvcatcher.realestate.bnpparibas
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type,x-language,x-session-id,x-session-key
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,HEAD,OPTIONS
access-control-allow-origin: *
age: 0
content-security-policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'
content-security-policy-report-only: default-src 'self' https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jobijoba.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jobijoba.com; img-src 'self' data: https://cdn.jobijoba.com https://cdn.redoc.ly/redoc/logo-mini.svg; font-src 'self' https://fonts.gstatic.com https://cdn.jobijoba.com; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly; report-to default
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
cross-origin-resource-policy: cross-origin
date: Mon, 22 Jul 2024 13:02:17 GMT
expect-ct: max-age=0, report-uri='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), window-placement=(), vertical-scroll=()
referrer-policy: no-referrer-when-downgrade
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/a/d/g"}],"include_subdomains":true}
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding, Origin
x-cache: MISS
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 200 logger Show response
api.cvcatcher.io/v2/ 24 B
2 KB 45ms
44ms Fetch
application/json 91.134.116.244
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cvcatcher.io/v2/logger

Requested by

Host: cvcatcher.realestate.bnpparibas
URL: https://cvcatcher.realestate.bnpparibas/build/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.134.116.244 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

dc69da1b7d963296cb85b0e7e67bb2743b5a4c7710974eedc2bf6864d3aeb335

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

x-session-key: null
Referer: https://cvcatcher.realestate.bnpparibas/
x-language: fr
x-session-id: 9f005480-482a-11ef-bf4f-23e4749b8fd5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwYXlsb2FkTG9jYXRpb24iOiJjdmNhdGNoZXItYXBpLTMxYmUzMDlkLWUyMjktNDQxNi04MDY1LThmODViMmE5YzA3NiIsImlhdCI6MTcyMTY1MzMzNywiZXhwIjoxNzIxNjU1MTM3fQ.6XLLjKT9WNdEHEXAckh2Krk49djqqu0vQ2bgQ_9Et_s
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'
date: Mon, 22 Jul 2024 13:02:17 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
age: 0
content-security-policy-report-only: default-src 'self' https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jobijoba.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jobijoba.com; img-src 'self' data: https://cdn.jobijoba.com https://cdn.redoc.ly/redoc/logo-mini.svg; font-src 'self' https://fonts.gstatic.com https://cdn.jobijoba.com; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/reportOnly; report-to default
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 24
cross-origin-embedder-policy-report-only: require-corp; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=0, report-uri='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'
x-frame-options: DENY
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/a/d/g"}],"include_subdomains":true}
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), window-placement=(), vertical-scroll=()
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to='https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/ct/reportOnly'

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cvcatcher.realestate.bnpparibas/	1970-01-21 07:43:01	Name: pa_privacy Value: %22exempt%22
cvcatcher.realestate.bnpparibas/	1970-01-21 07:43:01	Name: _pcid Value: %7B%22browserId%22%3A%22lywzxzxo8q7n21x9%22%2C%22_t%22%3A%22melevhrh%7Clywzy0fh%22%7D
cvcatcher.realestate.bnpparibas/	1970-01-21 07:43:01	Name: _pctx Value: %7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAE0RXSwH18yBbKKigA3ABYxKAH1QBPAO4AvWQAYAZpRABfIA
cvcatcher.realestate.bnpparibas/	1970-01-20 22:14:13	Name: pa_page_type Value: Home

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'conversion-measurement'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'focus-without-user-activation'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'sync-script'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'trust-token-redemption'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com https://cdn.jobijoba.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.googleapis.com https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://.googletagmanager.com https://.google-analytics.com https://www.youtube.com https://.hotjar.com https://.licdn.com https://.fontawesome.com https://app-bundle-staging.cvcatcher.io https://.privacy-center.org https://.vimeo.com https://.trustpilot.com https://.aticdn.net; style-src 'self' 'unsafe-inline' https://f.hellowork.com https://f-preprod.hellowork.com https://app-bundle.cvcatcher.io https://fonts.googleapis.com https://app-bundle-staging.cvcatcher.io https://cdn.jsdelivr.net https://.jobijoba.com https://.typekit.net https://www.gstatic.com; img-src 'self' data: https://cdn.jobijoba.com https://f.hellowork.com https://f-preprod.hellowork.com https://i.hellowork.com https://i-preprod.hellowork.com https://api.maptiler.com https://.google.com https://.google.fr https://.google-analytics.com https://.xiti.com https://.gstatic.com https://.googletagmanager.com; font-src 'self' data: https://f.hellowork.com https://f-preprod.hellowork.com https://fonts.gstatic.com https://.fontawesome.com https://.cvcatcher.io https://.jobijoba.com https://.typekit.net; connect-src 'self' https://vimeo.com https://.analytics.google.com https://logs1412.xiti.com https://f.hellowork.com https://f-preprod.hellowork.com https://cvcatcher-api.jobijoba.io https://api.cvcatcher.io https://.doubleclick.net https://.google-analytics.com https://cvcatcher-api-staging.jobijoba.io https://.privacy-center.org https://.fontawesome.com https://.hotjar.com https://.jquery.com; media-src 'self' https://f.hellowork.com https://f-preprod.hellowork.com data: https://.infomaniak.com; object-src 'none'; frame-src https://www.youtube-nocookie.com https://.vimeo.com https://.hotjar.com/ https://*.trustpilot.com https://www.googletagmanager.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://78f25b7dadea0cc0ac9ad5cdabdf9c77.report-uri.com/r/d/csp/enforce; report-to csp-endpoint-enforce
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.cvcatcher.io
cvcatcher.realestate.bnpparibas
f.hellowork.com
logs1412.xiti.com
realestate-bnpparibas.jobijoba.io
tag.aticdn.net
www.googletagmanager.com
18.239.36.46
20.74.48.56
2a00:1450:4001:81d::2008
65.9.68.209
91.134.116.244
09b931987d8494abc26f27a5441530336bdb2e100c7b0add53cedfc9191c920d
173255041f6335bf7fefb92e04d2751269258f7f301b6d46426eaf8d8bab4b6b
18a2f00d63a8da9719a5a407a65ac9d5e1f20d8c7540225930ef76338e115bff
3367374925ae6dd3ded6b22d0f019546eb786d02eaef50ec8e9d94214a635db6
4185bb8bcb99788c27f612e16c9249566a67976c2622cfe269833c1019ab4c4d
45b8de22113ea03f3e4bc9fecbd7b4598041454347c9440cb9bf81c8f961e948
5e8b889a8b05b470454e06c6dffbb58c39828fa8694d8f0c3f433407d5bff44f
7070cbb44c8fb16f42b20442c7bc45f367cf458577864b1bc43d397ae848af7c
717fdd39e4e842bd4940344fff430dd810979769e782c332c0227913ce091cca
732e05c2504a7db0a77bf96034fba9d79eac6d3f8731646ed6cbccada2ad5ed2
790c0d9dbde996a7f34fe36a8cf5df56a8052f2fdcbc0d65cf0ff8bb400c24dc
7e925169d6fb83cef84a045ca5968c733927ef21d1efed2370da0c34f70a41b4
846e42ab2bd30ed785326ebc2d33a5eaf0d9a844d03709fdef3028dbd702ae0a
88fd6e468cda858e171891a01409490b027ae578dd8aa3b6d8958440dcb10df6
8bf056c3022b5b1355bf70f09c6cc395ca3ccd9fb950c591f083c5cd1b6cd08e
98a60a8da69935bd91150af3342581eff2be2574227841f9b698f8184a0c36e7
99f6308796a34d1962ba8b6f658d09e8f08301bca279643442a8d0491f2de13e
9f9411f8bc4ceb0cf2cf3c5663b51a4d9480453c4d5e2928892cf68ac6fd0bc8
a3b576b352230b89b3cda8212938ed608ea8cae14368da18cc8d41a77e942139
a401b94f5d316e0f284c886a59f2d2ce6d72fcec51f4fa74ffc9d84eb496dc50
a7a2a5f3b50ef5e7b481c2ee9fd529e3a1cacf80c2bd1922d7a5bed50dbede02
a9ebace317dedc4086959f5c7eb52200e3ef174d9d332e9dbf624993651b1683
b517b8ac4d7f99b9a945ae81e3f4ac9b54d7e76ed9b114faad3d49170d75e6c8
d557029715cad15dd47745e5fcc45aaf259afd9df836ec20b8bf0fea06c7da08
dc69da1b7d963296cb85b0e7e67bb2743b5a4c7710974eedc2bf6864d3aeb335
e375cc91fb1d2176125c0435672a3b5ef7eae18f7c7b38be688defc3f2eb65db
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f94b8d95001a23b96a4b2a984fba4f1d330d574458fad0d280c38a280bc03d59

cvcatcher.realestate.bnpparibas Open in urlscan Pro 91.134.116.244 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

100 %HTTPS

20 %IPv6

7 Domains

7 Subdomains

5 IPs

3 Countries

1104 kBTransfer

2836 kBSize

4 Cookies

5 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cvcatcher.realestate.bnpparibas Open in urlscan Pro
91.134.116.244 Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

100 %
HTTPS

20 %
IPv6

7
Domains

7
Subdomains

5
IPs

3
Countries

1104 kB
Transfer

2836 kB
Size

4
Cookies

30 HTTP transactions
0 data transactions