urlscan.io logo urlscan.io
SecurityTrails logo

rosy.rlfpm.at Open in urlscan Pro
217.13.183.180  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://rosy.rlfpm.at/customer#!/stayActive/slX1aGLvqyTM2IarPjtU5alUzQno2gvLavMTy3FAmLZLsVz3rCn0fvLSW6sK4ILBhlVXxeInKK...
Effective URL: https://rosy.rlfpm.at/customer
Submission: On January 04 via manual from AT — Scanned from AT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 27 HTTP transactions. The main IP is 217.13.183.180, located in Vienna, Austria and belongs to R-IT-AS, AT. The main domain is rosy.rlfpm.at.
TLS certificate: Issued by Entrust Certification Authority - L1K on August 3rd 2023. Valid for: a year.
This is the only time rosy.rlfpm.at was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
20 217.13.183.180 24864 (R-IT-AS)
2 142.250.185.99 15169 (GOOGLE)
2 172.217.18.8 15169 (GOOGLE)
2 142.250.184.202 15169 (GOOGLE)
1 216.239.34.36 15169 (GOOGLE)
27 5
20    217.13.183.180 (Vienna, Austria)

ASN24864 (R-IT-AS, AT)
PTR: api.rl.co.at
rosy.rlfpm.at
2    142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net
www.gstatic.com
2    172.217.18.8 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f8.1e100.net
www.googletagmanager.com
2    142.250.184.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f10.1e100.net
firebaseinstallations.googleapis.com
1    216.239.34.36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
20 rlfpm.at
rosy.rlfpm.at
2 MB
2 googleapis.com
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 373
678 B
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
116 KB
2 gstatic.com
www.gstatic.com
14 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 1695
253 B
27 5
Domain Requested by
20 rosy.rlfpm.at rosy.rlfpm.at
2 firebaseinstallations.googleapis.com www.gstatic.com
2 www.googletagmanager.com www.gstatic.com
www.googletagmanager.com
2 www.gstatic.com rosy.rlfpm.at
1 region1.google-analytics.com www.googletagmanager.com
27 5

This site contains links to these domains. Also see Links.

Domain
www.raiffeisen-leasing.at
www.raiffeisen.at
Subject Issuer Validity Valid
rosy.rlfpm.at
Entrust Certification Authority - L1K		 2023-08-03 -
2024-08-23		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://rosy.rlfpm.at/customer
Frame ID: 837D3F9F6C2D1BCD10125FCCDF875AF6
Requests: 24 HTTP requests in this frame

Frame: https://rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/deferredjs/26F509AAA87BC72B6AD4DC8DBC14A420/14.cache.js
Frame ID: 02601BFD88217CB28E3581E438ABD91C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Belegabwicklungsportal

Detected technologies

Overall confidence: 100%
Detected patterns
  • /firebasejs/([\d.]+)/firebase
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • vaadinBootstrap\.js(?:\?v=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

27
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

1893 kB
Transfer

3511 kB
Size

16
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request customer
rosy.rlfpm.at/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/customer
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
639466fe24fa170b315a473170a0c7f8215a199c7fa57ccb1f69b209b86606c8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-AT,de;q=0.9

Response headers

Cache-Control
no-cache
Content-Encoding
gzip
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Content-Type
text/html;charset=utf-8
Date
Thu, 04 Jan 2024 14:18:48 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
firebase-app.js
www.gstatic.com/firebasejs/7.9.3/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/7.9.3/firebase-app.js
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/customer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
482a5d96a18dfbe08431514711721c3a5d4950f1ded0a8a5866865cc346906a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Wed, 03 Jan 2024 11:48:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
95394
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6125
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 23:45:49 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 02 Jan 2025 11:48:54 GMT
firebase-analytics.js
www.gstatic.com/firebasejs/7.9.3/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/7.9.3/firebase-analytics.js
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/customer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
fa2ea184748230c1466d5862c8b1f31811c3ea6a933db63575b46574c296af7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Mon, 01 Jan 2024 21:47:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
232271
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7779
x-xss-protection
0
last-modified
Fri, 28 Feb 2020 23:45:49 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 31 Dec 2024 21:47:37 GMT
vaadinBootstrap.js
rosy.rlfpm.at/VAADIN/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/VAADIN/vaadinBootstrap.js?v=8.14.3
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/customer
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
f9329b16d387e62c5da1b4d13bb0396d8de882519483fafb3a88795ec36c64d8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/customer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Fri, 03 Nov 2023 09:18:44 GMT
Content-Encoding
gzip
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
Cache-Control
max-age=3600
Content-Length
4038
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:48 GMT
styles.css
rosy.rlfpm.at/VAADIN/themes/rl/ 		206 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/vaadinBootstrap.js?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
3f4bf58a6d4a3e39cf9ed3f40fb6e724fe527d2b939aad4a24e2fb4c6b16cd02
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/customer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 06 Jul 2023 08:03:56 GMT
Content-Encoding
gzip
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
text/css;charset=utf-8
Transfer-Encoding
chunked
Cache-Control
max-age=3600
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:48 GMT
com.vaadin.v7.Vaadin7WidgetSet.nocache.js
rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/com.vaadin.v7.Vaadin7WidgetSet.nocache.js?1704377928928
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/vaadinBootstrap.js?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
0efb78e00ad332750cd5fc2b4ba21e41df8ce15943f0ae67841a5220800f4c2e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/customer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Fri, 03 Nov 2023 09:18:42 GMT
Content-Encoding
gzip
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
Cache-Control
public, max-age=0, must-revalidate
Content-Length
3239
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 14:18:49 GMT
customer
rosy.rlfpm.at/ 		13 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/customer?v-1704377928928
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/vaadinBootstrap.js?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
265d4ad459a06326e074995b5f30fd93cc249e0147755bab01f5d40460ff6688
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rosy.rlfpm.at/customer
accept-language
de-AT,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
application/json;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
13565
X-XSS-Protection
1; mode=block
Expires
0
loading-indicator.gif
rosy.rlfpm.at/VAADIN/themes/base/common/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/VAADIN/themes/base/common/img/loading-indicator.gif
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
37152c6b6d4c73b53b9e87de494fd9b61edf47c0820aa9bda839bac88923dbbc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 09 Nov 2023 14:10:34 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif;charset=utf-8
Cache-Control
max-age=3600
Content-Length
1781
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:49 GMT
26F509AAA87BC72B6AD4DC8DBC14A420.cache.js
rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/ 		2 MB
481 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/26F509AAA87BC72B6AD4DC8DBC14A420.cache.js
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/com.vaadin.v7.Vaadin7WidgetSet.nocache.js?1704377928928
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
474233209361147c8a7f96b0160ec90ea29f945a916c0d2c81835fdfe4a7e62f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/customer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Fri, 03 Nov 2023 09:18:42 GMT
Content-Encoding
gzip
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
Cache-Control
max-age=31536000
Content-Length
490938
X-XSS-Protection
1; mode=block
Expires
Sun, 21 Jan 2024 14:59:18 GMT
loading-indicator.gif
rosy.rlfpm.at/VAADIN/themes/rl/common/img/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/VAADIN/themes/rl/common/img/loading-indicator.gif
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
f8108128bdee3905d17f3a0530131258b40ff53cf07e80b39a1ca671efe19f9f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 06 Jul 2023 08:03:56 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif;charset=utf-8
Cache-Control
max-age=3600
Content-Length
6820
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:49 GMT
reconnect-spinner.gif
rosy.rlfpm.at/VAADIN/themes/base/common/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/VAADIN/themes/base/common/img/reconnect-spinner.gif
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
a0b47c58ac774daae8596c3359431439afd7a9195f7a54ca5ecbe71473ccd873
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 09 Nov 2023 14:10:34 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif;charset=utf-8
Cache-Control
max-age=3600
Content-Length
3223
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:49 GMT
warning-close.png
rosy.rlfpm.at/VAADIN/themes/rl/common/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/VAADIN/themes/rl/common/img/warning-close.png
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
26a0cd8319faa36a0a79eaefcc1ce068c0f8723988cc8a643855fba4f783ab95
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 06 Jul 2023 08:03:56 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/png;charset=utf-8
Cache-Control
max-age=3600
Content-Length
1161
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:49 GMT
bg.png
rosy.rlfpm.at/VAADIN/themes/reindeer/textfield/img/ 		124 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/VAADIN/themes/reindeer/textfield/img/bg.png
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
b10527d9805ffce7f3d1696de6dcb58515e51b62410e0fcf40841ed5733dd982
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 09 Nov 2023 14:10:34 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/png;charset=utf-8
Cache-Control
max-age=3600
Content-Length
124
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:49 GMT
left.png
rosy.rlfpm.at/VAADIN/themes/reindeer/button/img/ 		390 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/VAADIN/themes/reindeer/button/img/left.png
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
ec30d62af93c5ef45505bc4ecf04033190e891b7bae9bfc5b1a6d1116064cfd5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 09 Nov 2023 14:10:34 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/png;charset=utf-8
Cache-Control
max-age=3600
Content-Length
390
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:49 GMT
right.png
rosy.rlfpm.at/VAADIN/themes/reindeer/button/img/ 		919 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/VAADIN/themes/reindeer/button/img/right.png
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
1ebabd6a7f7a00211543f93a0a18aa37cfd578724c7668905c2f75057f0cea1c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 09 Nov 2023 14:10:34 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/png;charset=utf-8
Cache-Control
max-age=3600
Content-Length
919
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:49 GMT
js
www.googletagmanager.com/gtag/ 		112 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?l=dataLayer
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/firebasejs/7.9.3/firebase-analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.8 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
3742a1aabaf51e798740301c38e42f362c5edbc6cfcf2d3c12efd4317b35af1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 14:18:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44210
x-xss-protection
0
last-modified
Thu, 04 Jan 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 04 Jan 2024 14:18:49 GMT
startseite_beleg.jpg
rosy.rlfpm.at/VAADIN/themes/rl/panel/img/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/VAADIN/themes/rl/panel/img/startseite_beleg.jpg
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
5412b85dfc8ee3201adfefd583a947a48e14e877147234a8cb09f5ce1f838da2
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 06 Jul 2023 08:03:56 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg;charset=utf-8
Cache-Control
max-age=3600
Content-Length
1106265
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:49 GMT
fontawesome-webfont.woff
rosy.rlfpm.at/VAADIN/themes/base/fonts/ 		82 KB
83 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/VAADIN/themes/base/fonts/fontawesome-webfont.woff
Requested by
Host: rosy.rlfpm.at
URL: https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
166549b15319fdc7b73e0392fe7c03ec7cd885f9ef3a9a0873f4ef73716aa75f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rosy.rlfpm.at/VAADIN/themes/rl/styles.css?v=8.14.3
Origin
https://rosy.rlfpm.at
accept-language
de-AT,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Thu, 09 Nov 2023 14:10:34 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-font-woff;charset=utf-8
Cache-Control
max-age=3600
Content-Length
83588
X-XSS-Protection
1; mode=block
Expires
Thu, 04 Jan 2024 15:18:49 GMT
14.cache.js
rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/deferredjs/26F509AAA87BC72B6AD4DC8DBC14A420/ Frame 0260 		33 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/deferredjs/26F509AAA87BC72B6AD4DC8DBC14A420/14.cache.js
Requested by
Host:
URL: com.vaadin.v7.Vaadin7WidgetSet-0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
b51000b51447cc4aba59ac159a07cbc0e93da4fe871bb50060349fafabf27d0f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/customer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Fri, 03 Nov 2023 09:18:42 GMT
Content-Encoding
gzip
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
Cache-Control
max-age=31536000
Content-Length
11958
X-XSS-Protection
1; mode=block
Expires
Sun, 21 Jan 2024 14:59:18 GMT
RLLogo_de.png
rosy.rlfpm.at/customer/APP/connector/0/34/source/ 		22 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/customer/APP/connector/0/34/source/RLLogo_de.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
a4ce268e47a519c2632a1c84ce753b3b1cc843cb591de03c8d38cf45efac3057
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/customer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/png;charset=utf-8
Cache-Control
max-age=86400
Content-Disposition
filename="RLLogo%5fde.png"; filename*=utf-8''RLLogo%5fde.png
Content-Length
22999
X-XSS-Protection
1; mode=block
Expires
Fri, 05 Jan 2024 14:18:49 GMT
mail_icon_64px.png
rosy.rlfpm.at/customer/APP/connector/0/35/source/ 		993 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rosy.rlfpm.at/customer/APP/connector/0/35/source/mail_icon_64px.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
15948531360ef3d23e823ce9203af2b8560aa29574fa5bb1a23b6887ac5e5a29
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/customer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma
cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
image/png;charset=utf-8
Cache-Control
max-age=86400
Content-Disposition
filename="mail%5ficon%5f64px.png"; filename*=utf-8''mail%5ficon%5f64px.png
Content-Length
993
X-XSS-Protection
1; mode=block
Expires
Fri, 05 Jan 2024 14:18:49 GMT
/
rosy.rlfpm.at/customer/UIDL/ 		137 B
340 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/customer/UIDL/?v-uiId=0
Requested by
Host:
URL: com.vaadin.v7.Vaadin7WidgetSet-0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
ec3b34a7f953fe6083fb08fcd2197360e64324b93f5a12d85bbe02eb0061db1d

Request headers

Referer
https://rosy.rlfpm.at/customer
accept-language
de-AT,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

Content-Type
application/json;charset=UTF-8
Pragma
no-cache
Date
Thu, 04 Jan 2024 14:18:48 GMT
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
137
Expires
0
installations
firebaseinstallations.googleapis.com/v1/projects/modas-itfc-1050/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/modas-itfc-1050/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f10.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://rosy.rlfpm.at
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://rosy.rlfpm.at
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 04 Jan 2024 14:18:49 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/modas-itfc-1050/ 		625 B
678 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/modas-itfc-1050/installations
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/firebasejs/7.9.3/firebase-analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f10.1e100.net
Software
ESF /
Resource Hash
e6720ea146cb343bc15d4e31f235ed7d650d715aa72520ff1b27277ed2173e4e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://rosy.rlfpm.at/
x-goog-api-key
AIzaSyDvo8pCAUEVv4wPCRnd2LIf1TlmhwZ1KsM
accept-language
de-AT,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Thu, 04 Jan 2024 14:18:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://rosy.rlfpm.at
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
488
x-xss-protection
0
2.cache.js
rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/deferredjs/26F509AAA87BC72B6AD4DC8DBC14A420/ Frame 0260 		199 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/deferredjs/26F509AAA87BC72B6AD4DC8DBC14A420/2.cache.js
Requested by
Host:
URL: com.vaadin.v7.Vaadin7WidgetSet-0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.13.183.180 Vienna, Austria, ASN24864 (R-IT-AS, AT),
Reverse DNS
api.rl.co.at
Software
/
Resource Hash
f38cc0c6cb6a098ca1deae0ac11df807e4620d01c757f1d56943d29cb57bbc7d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/customer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
X-Content-Type-Options
nosniff
Date
Thu, 04 Jan 2024 14:18:48 GMT
Last-Modified
Fri, 03 Nov 2023 09:18:42 GMT
Content-Encoding
gzip
X-DNS-Prefetch-Control
off
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
Cache-Control
max-age=31536000
Content-Length
189
X-XSS-Protection
1; mode=block
Expires
Sun, 21 Jan 2024 14:59:18 GMT
js
www.googletagmanager.com/gtag/ 		198 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-W3EZTJ1L5B&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.8 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s22-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
5df70eede0d75f27266e20a75d5b34405066f205dc01b9d0c125ea994a0709f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Thu, 04 Jan 2024 14:18:49 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
74186
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 04 Jan 2024 14:18:49 GMT
collect
region1.google-analytics.com/g/ 		0
253 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-W3EZTJ1L5B&gtm=45je3bt0v874758649&_p=1704377929552&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&_fid=f-e5vTnmG6C2tiV_D8j4oS&cid=1368775229.1704377930&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704377929&sct=1&seg=0&dl=https%3A%2F%2Frosy.rlfpm.at%2Fcustomer&dt=Belegabwicklungsportal&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.origin=firebase&tfd=1134
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-W3EZTJ1L5B&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://rosy.rlfpm.at/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 04 Jan 2024 14:18:49 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://rosy.rlfpm.at
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture object| firebase object| vaadin function| com_vaadin_v7_Vaadin7WidgetSet object| __gwt_activeModules function| __gwt_getMetaProperty function| __gwt_isKnownPropertyValue object| __gwt_stylesLoaded object| dataLayer function| gtag object| google_tag_manager object| google_tag_data object| gaGlobal

16 Cookies

Domain/Path Name / Value
rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet/deferredjs/26F509AAA87BC72B6AD4DC8DBC14A420 Name: SameSite
Value: Lax
rosy.rlfpm.at/VAADIN/widgetsets/com.vaadin.v7.Vaadin7WidgetSet Name: SameSite
Value: Lax
rosy.rlfpm.at/VAADIN/themes/reindeer/textfield/img Name: SameSite
Value: Lax
rosy.rlfpm.at/customer/APP/connector/0/35/source Name: SameSite
Value: Lax
rosy.rlfpm.at/customer/APP/connector/0/34/source Name: SameSite
Value: Lax
rosy.rlfpm.at/VAADIN/themes/reindeer/button/img Name: SameSite
Value: Lax
rosy.rlfpm.at/VAADIN/themes/base/common/img Name: SameSite
Value: Lax
rosy.rlfpm.at/VAADIN/themes/rl/common/img Name: SameSite
Value: Lax
rosy.rlfpm.at/VAADIN/themes/rl/panel/img Name: SameSite
Value: Lax
rosy.rlfpm.at/VAADIN/themes/base/fonts Name: SameSite
Value: Lax
rosy.rlfpm.at/VAADIN/themes/rl Name: SameSite
Value: Lax
rosy.rlfpm.at/VAADIN Name: SameSite
Value: Lax
rosy.rlfpm.at/ Name: SameSite
Value: Lax
rosy.rlfpm.at/ Name: JSESSIONID
Value: 1104bcd1-489b-4d63-ad82-a599622cfb1e
.rlfpm.at/ Name: _ga_W3EZTJ1L5B
Value: GS1.1.1704377929.1.0.1704377929.0.0.0
.rlfpm.at/ Name: _ga
Value: GA1.1.1368775229.1704377930

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://firebaseinstallations.googleapis.com; style-src 'self' 'unsafe-inline' https://rosy.rlfpm.at/ localhost 127.0.0.1 maxcdn.bootstrapcdn.com; child-src 'self' https://www.google.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://region1.google-analytics.com; font-src 'self' maxcdn.bootstrapcdn.com; img-src 'self' data: http://*; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

firebaseinstallations.googleapis.com
region1.google-analytics.com
rosy.rlfpm.at
www.googletagmanager.com
www.gstatic.com
142.250.184.202
142.250.185.99
172.217.18.8
216.239.34.36
217.13.183.180
0efb78e00ad332750cd5fc2b4ba21e41df8ce15943f0ae67841a5220800f4c2e
15948531360ef3d23e823ce9203af2b8560aa29574fa5bb1a23b6887ac5e5a29
166549b15319fdc7b73e0392fe7c03ec7cd885f9ef3a9a0873f4ef73716aa75f
1ebabd6a7f7a00211543f93a0a18aa37cfd578724c7668905c2f75057f0cea1c
265d4ad459a06326e074995b5f30fd93cc249e0147755bab01f5d40460ff6688
26a0cd8319faa36a0a79eaefcc1ce068c0f8723988cc8a643855fba4f783ab95
37152c6b6d4c73b53b9e87de494fd9b61edf47c0820aa9bda839bac88923dbbc
3742a1aabaf51e798740301c38e42f362c5edbc6cfcf2d3c12efd4317b35af1e
3f4bf58a6d4a3e39cf9ed3f40fb6e724fe527d2b939aad4a24e2fb4c6b16cd02
474233209361147c8a7f96b0160ec90ea29f945a916c0d2c81835fdfe4a7e62f
482a5d96a18dfbe08431514711721c3a5d4950f1ded0a8a5866865cc346906a2
5412b85dfc8ee3201adfefd583a947a48e14e877147234a8cb09f5ce1f838da2
5df70eede0d75f27266e20a75d5b34405066f205dc01b9d0c125ea994a0709f9
639466fe24fa170b315a473170a0c7f8215a199c7fa57ccb1f69b209b86606c8
a0b47c58ac774daae8596c3359431439afd7a9195f7a54ca5ecbe71473ccd873
a4ce268e47a519c2632a1c84ce753b3b1cc843cb591de03c8d38cf45efac3057
b10527d9805ffce7f3d1696de6dcb58515e51b62410e0fcf40841ed5733dd982
b51000b51447cc4aba59ac159a07cbc0e93da4fe871bb50060349fafabf27d0f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6720ea146cb343bc15d4e31f235ed7d650d715aa72520ff1b27277ed2173e4e
ec30d62af93c5ef45505bc4ecf04033190e891b7bae9bfc5b1a6d1116064cfd5
ec3b34a7f953fe6083fb08fcd2197360e64324b93f5a12d85bbe02eb0061db1d
f38cc0c6cb6a098ca1deae0ac11df807e4620d01c757f1d56943d29cb57bbc7d
f8108128bdee3905d17f3a0530131258b40ff53cf07e80b39a1ca671efe19f9f
f9329b16d387e62c5da1b4d13bb0396d8de882519483fafb3a88795ec36c64d8
fa2ea184748230c1466d5862c8b1f31811c3ea6a933db63575b46574c296af7e