webcompat.com Open in urlscan Pro
162.243.90.227 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://webcompat.com/issues/new
Submission: On July 14 via manual (July 14th 2017, 11:40:55 am UTC) from US

Summary HTTP 13 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 162.243.90.227, located in New York, United States and belongs to . The main domain is webcompat.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 5th 2017. Valid for: 3 months.

This is the only time webcompat.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	162.243.90.227 162.243.90.227	() ()
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
13	2

11 162.243.90.227 (New York, United States)

ASN- ()

webcompat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	webcompat.com webcompat.com	161 KB
2	google-analytics.com www.google-analytics.com	12 KB
13	2

	Domain	Requested by
11	webcompat.com	webcompat.com
2	www.google-analytics.com	webcompat.com
13	2

This site contains links to these domains. Also see Links.

Domain
twitter.com
github.com

Subject Issuer	Validity	Valid
webcompat.com Let's Encrypt Authority X3	`2017-06-05` - `2017-09-03`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G2	`2017-07-05` - `2017-09-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://webcompat.com/issues/new
Frame ID: 19500.1
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

173 kB
Transfer

497 kB
Size

4
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/webcompat/with_replies
Title: Follow on Twitter

Search URL Search Domain Scan URL

URL: https://github.com/webcompat/webcompat.com/
Title: See on Github

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request new Show response
webcompat.com/issues/ 13 KB
3 KB 508ms
116ms Document
text/html 162.243.90.227

General

Check archive.org

Show headers Download Go to

Full URL

https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

e07b3ed3a6cc56aef23eaa1fee2af28b9dde3db7c9169864b776b391cde3b95f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx/1.1.19
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security: max-age=31536000; includeSubDomains;
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK webcompat.min.css
webcompat.com/css/ 58 KB
11 KB 117ms
117ms Stylesheet
text/css 162.243.90.227

General

Check archive.org

Show headers Download Go to

Full URL

https://webcompat.com/css/webcompat.min.css?260ff71e8e2d94adbf9d6f579d5fa341

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

5c00f84a6c44229047c8e832c36b79fb4a75a784698832771792d51b8d5ad38d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webcompat.com/issues/new
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 11 Jul 2017 22:22:01 GMT
Server: nginx/1.1.19
X-Frame-Options: DENY
ETag: "1499811721.0-59339-2196838946"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Type: text/css; charset=utf-8
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Expires: Thu, 26 Oct 2017 15:40:48 GMT

GET
H/1.1 200
OK upload-loader.svg
webcompat.com/img/ 704 B
373 B 392ms
129ms Image
image/svg+xml 162.243.90.227

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webcompat.com/img/upload-loader.svg

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

ecba0e84326d3a4178df985c557487794f358ad4754f0a945da621eb64c0de7c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webcompat.com/issues/new
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 07 Feb 2017 20:21:52 GMT
Server: nginx/1.1.19
X-Frame-Options: DENY
ETag: "1486498912.0-704-2174491154"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Type: image/svg+xml
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Expires: Thu, 26 Oct 2017 15:40:48 GMT

GET
H/1.1 200
OK ga.js Show response
webcompat.com/js/vendor/ 152 B
161 B 207ms
90ms Script
application/javascript 162.243.90.227

General

Check archive.org

Show headers Download Go to

Full URL

https://webcompat.com/js/vendor/ga.js

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

3ec6c7fb2927ae9277fdb1a95733b2d90db4706da3778371ca92d6c0be4b6850

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webcompat.com/issues/new
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 12 Apr 2017 22:03:05 GMT
Server: nginx/1.1.19
X-Frame-Options: DENY
ETag: "1492034585.0-152-3934459803"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Type: application/javascript
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Expires: Thu, 26 Oct 2017 15:40:48 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ 29 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:806::200e
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:806::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

765010cbfccaf06cb5b9166023a22b655a10b37075c91e276a5550c5ecd855ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://webcompat.com/issues/new
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Jun 2017 00:25:39 GMT
server: Golfe2
age: 1443
date: Fri, 14 Jul 2017 11:16:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 12343
expires: Fri, 14 Jul 2017 13:16:41 GMT

GET
H/1.1 200
OK webcompat.min.js Show response
webcompat.com/js/ 370 KB
123 KB 359ms
216ms Script
application/javascript 162.243.90.227

General

Check archive.org

Show headers Download Go to

Full URL

https://webcompat.com/js/webcompat.min.js?5e86688d56399ed79b688ae81b9620d0

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

00888ec0746b29e8655d4dded5a9fd034b1e1d3f1ba5f08458af5f404d42c515

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webcompat.com/issues/new
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 11 Jul 2017 22:21:59 GMT
Server: nginx/1.1.19
X-Frame-Options: DENY
ETag: "1499811719.0-379049-1316428106"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Type: application/javascript
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Expires: Thu, 26 Oct 2017 15:40:48 GMT

GET
H/1.1 200
OK webcompat.woff
webcompat.com/font/webcompat/ 4 KB
4 KB 139ms
89ms Font
application/octet-stream 162.243.90.227

General

Check archive.org

Show headers Download Go to

Full URL

https://webcompat.com/font/webcompat/webcompat.woff?ccpilb

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

b46a76d4a775dec7ae703ef06cba4d47d76c0d588cef20aafe89387c190ba209

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer: https://webcompat.com/css/webcompat.min.css?260ff71e8e2d94adbf9d6f579d5fa341
Origin: https://webcompat.com

Response headers

Date: Fri, 14 Jul 2017 11:40:48 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 07 Feb 2017 20:21:52 GMT
Server: nginx/1.1.19
ETag: "1486498912.0-4384-1699093880"
X-Frame-Options: DENY
Connection: keep-alive
Content-Type: application/octet-stream
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Length: 4384
X-XSS-Protection: 1; mode=block
Expires: Thu, 26 Oct 2017 15:40:48 GMT

GET
H/1.1 200
OK contribute.svg
webcompat.com/img/ 739 B
362 B 274ms
107ms Image
image/svg+xml 162.243.90.227

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webcompat.com/img/contribute.svg

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

3018f18d0fda8ca6ceb57fea075d87515a226d92ac4ea083005a456adacb2279

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webcompat.com/css/webcompat.min.css?260ff71e8e2d94adbf9d6f579d5fa341
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Mar 2017 21:29:22 GMT
Server: nginx/1.1.19
X-Frame-Options: DENY
ETag: "1490909362.0-739-913512744"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Type: image/svg+xml
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Expires: Thu, 26 Oct 2017 15:40:49 GMT

GET
H/1.1 200
OK loader.gif
webcompat.com/img/ 17 KB
17 KB 360ms
191ms Image
image/gif 162.243.90.227

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webcompat.com/img/loader.gif

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

e55044686081644f81866dda4cc387c68cc645d905b75f83deabf66a37fe20d6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webcompat.com/css/webcompat.min.css?260ff71e8e2d94adbf9d6f579d5fa341
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:49 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Oct 2015 02:00:51 GMT
Server: nginx/1.1.19
ETag: "1444960851.0-17132-3534362438"
X-Frame-Options: DENY
Connection: keep-alive
Content-Type: image/gif
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Length: 17132
X-XSS-Protection: 1; mode=block
Expires: Thu, 26 Oct 2017 15:40:49 GMT

GET
H/1.1 200
OK twitter.svg
webcompat.com/img/ 1 KB
781 B 161ms
89ms Image
image/svg+xml 162.243.90.227

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webcompat.com/img/twitter.svg

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

14795f20e7ecb36863e680fa931e2b5de53fbd4bb9df6f295b9a49d1cbace76b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webcompat.com/css/webcompat.min.css?260ff71e8e2d94adbf9d6f579d5fa341
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Mar 2017 21:29:22 GMT
Server: nginx/1.1.19
X-Frame-Options: DENY
ETag: "1490909362.0-1425-3968866300"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Type: image/svg+xml
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Expires: Thu, 26 Oct 2017 15:40:48 GMT

GET
H/1.1 200
OK github-logo.svg
webcompat.com/img/ 2 KB
838 B 127ms
91ms Image
image/svg+xml 162.243.90.227

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webcompat.com/img/github-logo.svg

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

197fd3f11a772947facf0a45fe20937d1bd595e84d288fb135b845fa99e6faf8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webcompat.com/css/webcompat.min.css?260ff71e8e2d94adbf9d6f579d5fa341
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:48 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Mar 2017 21:29:22 GMT
Server: nginx/1.1.19
X-Frame-Options: DENY
ETag: "1490909362.0-1644-1301092682"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Type: image/svg+xml
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Expires: Thu, 26 Oct 2017 15:40:48 GMT

GET
S 200 collect
www.google-analytics.com/r/ 35 B
53 B 14ms
13ms Image
image/gif 2a00:1450:4001:806::200e
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j56&a=351701332&t=pageview&_s=1&dl=https%3A%2F%2Fwebcompat.com%2Fissues%2Fnew&ul=en-us&de=UTF-8&dt=New%20Issue%20%7C%20webcompat.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABI~&jid=1380324775&gjid=1933822045&cid=730610280.1500032444&tid=UA-49507820-1&_gid=642894731.1500032444&_r=1&z=2054561422

Requested by

Host: webcompat.com
URL: https://webcompat.com/issues/new

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:806::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://webcompat.com/issues/new
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Jul 2017 11:40:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="39,38,37,36,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK valid.svg
webcompat.com/img/ 727 B
468 B 89ms
89ms Image
image/svg+xml 162.243.90.227

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webcompat.com/img/valid.svg

Requested by

Host: webcompat.com
URL: https://webcompat.com/js/webcompat.min.js?5e86688d56399ed79b688ae81b9620d0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.243.90.227 New York, United States, ASN (),

Reverse DNS

Software

nginx/1.1.19 /

Resource Hash

325663c5d8318a32e7919c87ac7607ac96017b8ecfcc476fc7409bf4b02c3eb4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webcompat.com/css/webcompat.min.css?260ff71e8e2d94adbf9d6f579d5fa341
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 14 Jul 2017 11:40:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 16 Oct 2015 02:00:51 GMT
Server: nginx/1.1.19
X-Frame-Options: DENY
ETag: "1444960851.0-727-3146716921"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Type: image/svg+xml
Cache-Control: public, max-age=9000000
Content-Security-Policy: default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Expires: Thu, 26 Oct 2017 15:40:49 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.webcompat.com/	2017-07-14 11:41:44	Name: _gat Value: 1
.webcompat.com/	2017-07-15 11:40:44	Name: _gid Value: GA1.2.642894731.1500032444
.webcompat.com/	2019-07-14 11:40:44	Name: _ga Value: GA1.2.730610280.1500032444
webcompat.com/	1970-01-01 00:00:00	Name: session Value: eyJjc3JmX3Rva2VuIjp7IiBiIjoiTVRNNFpqUTNOMk13TjJZNFlqTmtNbVUyWkRGa01qazFNRGN4WWpsbE56TmhZekppWW1SaFlnPT0ifX0.DEo_QA.tTQaqdh4KiUJ6PTDEP5xQcbkiiw

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self'; img-src 'self' https://www.google-analytics.com https://*.githubusercontent.com data:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://api.github.com; style-src 'self' 'unsafe-inline'; report-uri /csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

webcompat.com
www.google-analytics.com
162.243.90.227
2a00:1450:4001:806::200e
00888ec0746b29e8655d4dded5a9fd034b1e1d3f1ba5f08458af5f404d42c515
14795f20e7ecb36863e680fa931e2b5de53fbd4bb9df6f295b9a49d1cbace76b
197fd3f11a772947facf0a45fe20937d1bd595e84d288fb135b845fa99e6faf8
3018f18d0fda8ca6ceb57fea075d87515a226d92ac4ea083005a456adacb2279
325663c5d8318a32e7919c87ac7607ac96017b8ecfcc476fc7409bf4b02c3eb4
3ec6c7fb2927ae9277fdb1a95733b2d90db4706da3778371ca92d6c0be4b6850
5c00f84a6c44229047c8e832c36b79fb4a75a784698832771792d51b8d5ad38d
765010cbfccaf06cb5b9166023a22b655a10b37075c91e276a5550c5ecd855ba
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
b46a76d4a775dec7ae703ef06cba4d47d76c0d588cef20aafe89387c190ba209
e07b3ed3a6cc56aef23eaa1fee2af28b9dde3db7c9169864b776b391cde3b95f
e55044686081644f81866dda4cc387c68cc645d905b75f83deabf66a37fe20d6
ecba0e84326d3a4178df985c557487794f358ad4754f0a945da621eb64c0de7c

webcompat.com Open in urlscan Pro 162.243.90.227 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

13 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

173 kBTransfer

497 kBSize

4 Cookies

2 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

4 Cookies

Security Headers

Indicators

webcompat.com Open in urlscan Pro
162.243.90.227 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

173 kB
Transfer

497 kB
Size

4
Cookies

13 HTTP transactions
0 data transactions