urlscan.io logo urlscan.io
SecurityTrails logo

onboarding.getflex.com Open in urlscan Pro
13.225.63.63  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://getflex.app.link/
Effective URL: https://onboarding.getflex.com/
Submission: On September 09 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 23 IPs in 3 countries across 13 domains to perform 85 HTTP transactions. The main IP is 13.225.63.63, located in United States and belongs to AMAZON-02, US. The main domain is onboarding.getflex.com.
TLS certificate: Issued by Amazon on October 28th 2021. Valid for: a year.
This is the only time onboarding.getflex.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 2600:9000:23c... 16509 (AMAZON-02)
9 13.225.63.63 16509 (AMAZON-02)
2 31.170.103.99 209365 (BRUTALSYS...)
1 2600:9000:23c... 16509 (AMAZON-02)
10 151.101.128.176 54113 (FASTLY)
2 151.101.194.132 54113 (FASTLY)
2 2607:f8b0:400... 15169 (GOOGLE)
6 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
4 2600:9000:210... 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
18 54.187.159.182 16509 (AMAZON-02)
2 13.225.214.118 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 35.166.5.181 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2600:1f18:24e... 14618 (AMAZON-AES)
4 52.42.70.170 16509 (AMAZON-02)
1 159.89.102.253 14061 (DIGITALOC...)
3 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... ()
85 23
2    2600:9000:23cb:9a00:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)
getflex.app.link
9    13.225.63.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-63.ewr53.r.cloudfront.net
onboarding.getflex.com
2    31.170.103.99 (Netherlands)

ASN209365 (BRUTALSYS BRUTALSYS IP SERVIC, ES)
api.bugfender.com
1    2600:9000:23cb:e800:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)
app.link
10    151.101.128.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
2    151.101.194.132 (United States)

ASN54113 (FASTLY, US)
api.lab.amplitude.com
2    2607:f8b0:4006:820::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
firebase.googleapis.com
6    2607:f8b0:4006:807::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com
firebaseremoteconfig.googleapis.com
4    2607:f8b0:4006:80b::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.googleapis.com
4    2600:9000:210b:d600:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)
api2.branch.io
1    2607:f8b0:4006:81d::2008 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2607:f8b0:4006:81f::200e (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
18    54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com
q.stripe.com
r.stripe.com
2    13.225.214.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-214-118.ewr50.r.cloudfront.net
m.stripe.network
2    2607:f8b0:4006:817::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2607:f8b0:4006:80a::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
maps.googleapis.com
2    35.166.5.181 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-166-5-181.us-west-2.compute.amazonaws.com
m.stripe.com
2    2607:f8b0:4006:81f::2003 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2600:1f18:24e6:b902:8915:24fe:2656:7e19 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rum.browser-intake-datadoghq.com
4    52.42.70.170 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-70-170.us-west-2.compute.amazonaws.com
api.amplitude.com
1    159.89.102.253 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
geolocation-db.com
3    2607:f8b0:4006:80f::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
firestore.googleapis.com
1    2607:f8b0:4006:806::200a (None, )

ASN- ()
firebaselogging-pa.googleapis.com
Apex Domain
Subdomains		 Transfer
30 stripe.com
js.stripe.com — Cisco Umbrella Rank: 2812
q.stripe.com — Cisco Umbrella Rank: 23470
m.stripe.com — Cisco Umbrella Rank: 2345
r.stripe.com — Cisco Umbrella Rank: 8845
294 KB
22 googleapis.com
firebase.googleapis.com — Cisco Umbrella Rank: 6429
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 374
www.googleapis.com — Cisco Umbrella Rank: 62
firebaseremoteconfig.googleapis.com — Cisco Umbrella Rank: 307
fonts.googleapis.com — Cisco Umbrella Rank: 120
maps.googleapis.com — Cisco Umbrella Rank: 646
firestore.googleapis.com — Cisco Umbrella Rank: 1486
firebaselogging-pa.googleapis.com
187 KB
9 getflex.com
onboarding.getflex.com
1 MB
6 amplitude.com
api.lab.amplitude.com — Cisco Umbrella Rank: 12339
api.amplitude.com — Cisco Umbrella Rank: 1719
629 B
4 branch.io
api2.branch.io — Cisco Umbrella Rank: 487
2 KB
3 app.link
getflex.app.link
app.link — Cisco Umbrella Rank: 2823
2 KB
2 gstatic.com
fonts.gstatic.com
30 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 3015
18 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 94
369 B
2 bugfender.com
api.bugfender.com — Cisco Umbrella Rank: 11376
263 B
1 geolocation-db.com
geolocation-db.com — Cisco Umbrella Rank: 28377
217 B
1 browser-intake-datadoghq.com
rum.browser-intake-datadoghq.com — Cisco Umbrella Rank: 5668
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 141
74 KB
85 13
Domain Requested by
14 r.stripe.com js.stripe.com
10 js.stripe.com onboarding.getflex.com
js.stripe.com
9 onboarding.getflex.com onboarding.getflex.com
4 api.amplitude.com onboarding.getflex.com
4 maps.googleapis.com onboarding.getflex.com
maps.googleapis.com
4 firebaseremoteconfig.googleapis.com onboarding.getflex.com
4 q.stripe.com onboarding.getflex.com
4 api2.branch.io onboarding.getflex.com
4 www.googleapis.com onboarding.getflex.com
3 firestore.googleapis.com onboarding.getflex.com
2 fonts.gstatic.com fonts.googleapis.com
2 m.stripe.com m.stripe.network
2 fonts.googleapis.com onboarding.getflex.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 www.google-analytics.com www.googletagmanager.com
2 firebaseinstallations.googleapis.com onboarding.getflex.com
2 firebase.googleapis.com onboarding.getflex.com
2 api.lab.amplitude.com onboarding.getflex.com
2 api.bugfender.com onboarding.getflex.com
2 getflex.app.link 2 redirects
1 firebaselogging-pa.googleapis.com onboarding.getflex.com
1 geolocation-db.com onboarding.getflex.com
1 rum.browser-intake-datadoghq.com onboarding.getflex.com
1 www.googletagmanager.com onboarding.getflex.com
1 app.link onboarding.getflex.com
85 25

This site contains no links.

Subject Issuer Validity Valid
onboarding.getflex.com
Amazon		 2021-10-28 -
2022-11-26		 a year crt.sh
api.bugfender.com
R3		 2022-07-23 -
2022-10-21		 3 months crt.sh
appipv4.link
Amazon		 2022-05-25 -
2023-06-23		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2022-08-31 -
2023-01-10		 4 months crt.sh
*.lab.amplitude.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-05-24 -
2023-06-25		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh
*.branch.io
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-27 -
2022-11-27		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-06 -
2022-12-07		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-11 -
2022-10-19		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh
*.browser-intake-datadoghq.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-21 -
2023-07-22		 a year crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2022-01-28 -
2023-02-28		 a year crt.sh
geolocation-db.com
R3		 2022-08-18 -
2022-11-16		 3 months crt.sh
edgecert.googleapis.com
GTS CA 1C3		 2022-08-22 -
2022-11-14		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://onboarding.getflex.com/
Frame ID: 694BB0A2E63FFC81A5CFB9D41BE11ABE
Requests: 45 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-31e97de540e089dc17052298cc0e1bbd.html
Frame ID: 6594099C9D77CE82347BD6B6DE70CC93
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 959E4A59BCEFB65A2238199AD28715B2
Requests: 5 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-095a0f8ed1bd34ea165680d623836e85.html
Frame ID: BB86EBB1E2937F9B948331BBD7B7D1D2
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Flex | Pay Rent on Your Own Schedule

Page URL History Show full URLs

  1. http://getflex.app.link/ HTTP 307
    https://getflex.app.link/ HTTP 307
    https://onboarding.getflex.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

85
Requests

98 %
HTTPS

61 %
IPv6

13
Domains

25
Subdomains

23
IPs

3
Countries

2099 kB
Transfer

7067 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://getflex.app.link/ HTTP 307
    https://getflex.app.link/ HTTP 307
    https://onboarding.getflex.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

85 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
onboarding.getflex.com/
Redirect Chain
  • http://getflex.app.link/
  • https://getflex.app.link/
  • https://onboarding.getflex.com/
874 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-63.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8c5afe8a37e0ad2a14b51a221cffa4419bd57c48d6423f5192b09c98eba593cb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-KE+pZiThQGTcHCz39xi4nw==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=0, must-revalidate, public
content-length
874
content-security-policy
default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-KE+pZiThQGTcHCz39xi4nw==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
content-type
text/html
date
Fri, 09 Sep 2022 19:07:02 GMT
etag
"f6ba5a0a5d18eb03e3b1041877aea7de"
last-modified
Sat, 03 Sep 2022 01:41:09 GMT
referrer-policy
no-referrer-when-downgrade
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 a171b1283e1187a443aee626cb753630.cloudfront.net (CloudFront)
x-amz-cf-id
eblODWgHBvGAKoAr8SLIkmMkPMXA4cxO5NnoTo-tVDpfgAVqGTFREg==
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

date
Fri, 09 Sep 2022 19:07:01 GMT
last-modified
Fri, 09 Sep 2022 19:07:01 GMT
location
https://onboarding.getflex.com/
server
openresty
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 e82b8f8953c90f58ae3b2feee6b64b70.cloudfront.net (CloudFront)
x-amz-cf-id
2JR5iS9VftWGN30mcsqk7_dd0Gqzg6I3iiYT1POkSQgi-exBQsgnLQ==
x-amz-cf-pop
JFK50-P1
x-cache
Miss from cloudfront
2.e5ff0d80.chunk.css
onboarding.getflex.com/static/css/ 		6 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onboarding.getflex.com/static/css/2.e5ff0d80.chunk.css
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-63.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2c88756c75c185e89aa5df2dab6095649544b1a3982426e827eae23ac883fd2c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-DRRNhmnAXFIwQc5HftTvQg==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 03 Sep 2022 01:41:09 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"5501acb3693e89af1f42dacf110e7ed9"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
via
1.1 a171b1283e1187a443aee626cb753630.cloudfront.net (CloudFront)
cache-control
max-age=0, must-revalidate, public
content-security-policy
default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-DRRNhmnAXFIwQc5HftTvQg==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
x-amz-cf-id
xFnByHGkkYSQp_fqzENO4R1obURin-VP3mqv_BKs8ExBLAaL7DRjqg==
main.f99b7a00.chunk.css
onboarding.getflex.com/static/css/ 		478 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onboarding.getflex.com/static/css/main.f99b7a00.chunk.css
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-63.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d5868549c0e4575277fec018851d811d8c02aa61265d77032916cc4a7bbfd892
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-opf79VOoC0POAaT9W45Mlg==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
via
1.1 a171b1283e1187a443aee626cb753630.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
478
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 03 Sep 2022 01:41:09 GMT
server
AmazonS3
x-frame-options
DENY
etag
"adc15c863765c329536cf9fffe0f2ac3"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
cache-control
max-age=0, must-revalidate, public
content-security-policy
default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-opf79VOoC0POAaT9W45Mlg==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
accept-ranges
bytes
x-amz-cf-id
fFV2m2rqu4vQ3Sx-ZfSlyt1qezdARV9-ZbHr5mzBRU6y4rTazcJEHQ==
runtime-main.032d85c7.js
onboarding.getflex.com/static/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onboarding.getflex.com/static/js/runtime-main.032d85c7.js
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-63.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a2f1bfd107b6f858f2d8132ab4d5ab03b976f4b87703f9b5368e8162257c56b6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-xluEBpX120Ssej8OgAGAtg==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 03 Sep 2022 01:41:09 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"6134a95eacb613d3a2c1fae54a72db8e"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
via
1.1 a171b1283e1187a443aee626cb753630.cloudfront.net (CloudFront)
cache-control
max-age=0, must-revalidate, public
content-security-policy
default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-xluEBpX120Ssej8OgAGAtg==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
x-amz-cf-id
2RVas0YlDvT1HtyYRBsMeHteC7o3bbmf8Bu9sXawjlU5sRVud8R-Dw==
2.1fa6e663.chunk.js
onboarding.getflex.com/static/js/ 		3 MB
990 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-63.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f1d67e91ac1ed29cf5c6e46e5a5f6b5129a2c692c53b3f0dd42196cf3bc28eaa
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-xZFXM8q5RTVPrRAVl7e/uQ==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 03 Sep 2022 01:41:09 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"626b6b05601362f5a5b85906b9878952"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
via
1.1 a171b1283e1187a443aee626cb753630.cloudfront.net (CloudFront)
cache-control
max-age=0, must-revalidate, public
content-security-policy
default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-xZFXM8q5RTVPrRAVl7e/uQ==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
x-amz-cf-id
Yu8UUz2Vh98uFGZG4MW9xezylvToNMcfdSrdx_C6vy9R2igrvjnYAg==
main.3b804627.chunk.js
onboarding.getflex.com/static/js/ 		814 KB
236 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onboarding.getflex.com/static/js/main.3b804627.chunk.js
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-63.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a8fc1da221a6754152a24a1892b8f688d0beed6d13b6810b0983fdc936372818
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-8RrjnlcSlNmkk+NGNBkqkw==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 03 Sep 2022 01:41:09 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"861eda04f279112d6c00686563fd965b"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
via
1.1 a171b1283e1187a443aee626cb753630.cloudfront.net (CloudFront)
cache-control
max-age=0, must-revalidate, public
content-security-policy
default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-8RrjnlcSlNmkk+NGNBkqkw==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
x-amz-cf-id
UZ5WZn4Z0zkUJK-zVYi3lilAxDq7cMLtyg8tiKdxt7_eFbBfXBKwtg==
device-status
api.bugfender.com/app/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.bugfender.com/app/device-status
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
31.170.103.99 , Netherlands, ASN209365 (BRUTALSYS BRUTALSYS IP SERVIC, ES),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-app-token,x-user-agent
Access-Control-Request-Method
POST
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
Content-Type, X-App-Token, X-User-Agent
access-control-allow-methods
POST
access-control-allow-origin
https://onboarding.getflex.com
date
Fri, 09 Sep 2022 19:07:02 GMT
server
envoy
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-envoy-upstream-service-time
3
_r
app.link/ 		91 B
590 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.link/_r?sdk=web2.58.0&branch_key=key_live_dpGrjMykr9I9yE5z8qLijlidwunrt5R2&callback=branch_callback__0
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:e800:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
42ab54ea6c0c5d5df91caf1c75806182918477bf449e9fe917fc6983f434fabb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
via
1.1 e82b8f8953c90f58ae3b2feee6b64b70.cloudfront.net (CloudFront)
x-content-type-options
nosniff
server
openresty
x-amz-cf-pop
JFK50-P1
etag
W/"5b-7zcmEglEzLLJq6O+kDVcqHNfyGE"
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
content-length
91
x-amz-cf-id
L8eFq4A8ADKw0iJozVw-rcJ_JhP0am3BbZL-22-pn5j91ICR00pSQA==
device-status
api.bugfender.com/app/ 		145 B
263 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.bugfender.com/app/device-status
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
31.170.103.99 , Netherlands, ASN209365 (BRUTALSYS BRUTALSYS IP SERVIC, ES),
Reverse DNS
Software
envoy /
Resource Hash
17b083611391f015376396e3316cc8d5f931b956156f5453982f734626973c77

Request headers

X-App-Token
iTEEygs8EfvxARdhHGQD4cc4QtS9pdOn
X-User-Agent
bugfender-web/20210212 (v1.5.0-33f931b-lib)
Referer
https://onboarding.getflex.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Fri, 09 Sep 2022 19:07:04 GMT
content-encoding
gzip
server
envoy
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
Content-Length
x-envoy-upstream-service-time
2056
v3
js.stripe.com/ 		333 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
58b1b398b24664cd3ccf7f4709a3bfe1ef593dd27fa40cf9af4bf57511bc1d1b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
20
x-cache
HIT
content-length
83213
etag
"17417399acb7a25e5764f37a855eff61"
x-request-id
5792603a-2f8d-4934-8289-8e534483bbc5
x-served-by
cache-ewr18124-EWR
access-control-allow-origin
*
last-modified
Fri, 09 Sep 2022 19:04:49 GMT
server
Fastly
date
Fri, 09 Sep 2022 19:07:02 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
10
vardata
api.lab.amplitude.com/sdk/ 		77 B
221 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/vardata
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0ce3c1ac4c0ced5851af6786a714d384d4ec6ec71c8435aeb7e048f77f2667fa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

X-Amp-Exp-User
eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS40LjAiLCJkZXZpY2VfaWQiOiJXc0RLQndBaVBPRkNMLXJIOHRPc18zIiwidXNlcl9wcm9wZXJ0aWVzIjp7fX0
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-US,en;q=0.9
Authorization
Api-Key client-LYnQKPoH9VaTloPw5FcFhEOIf58MYoWy

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
x-amzn-trace-id
Root=1-631b8ed6-4bd4be913920528d299edb6d
x-served-by
cache-ewr18139-EWR
vary
Origin, Origin
x-cache
MISS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-allow-credentials
true
accept-ranges
bytes
x-timer
S1662750423.730860,VS0,VE91
content-length
89
x-cache-hits
0
vardata
api.lab.amplitude.com/sdk/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/vardata
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-amp-exp-user
Access-Control-Request-Method
GET
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
authorization,x-amp-exp-user
access-control-allow-methods
GET,POST,HEAD
access-control-allow-origin
https://onboarding.getflex.com
access-control-max-age
1800
date
Fri, 09 Sep 2022 19:07:02 GMT
vary
Origin
x-amzn-trace-id
Root=1-631b8ed6-3116fe6e00f855511654b258
x-cache
MISS
x-cache-hits
0
x-content-type-options
nosniff
x-served-by
cache-ewr18139-EWR
x-timer
S1662750423.662001,VS0,VE62
838e3500-ea76-4c18-8a5c-1803b5bf2c5d
https://onboarding.getflex.com/ 		94 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://onboarding.getflex.com/838e3500-ea76-4c18-8a5c-1803b5bf2c5d
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ae0eee5d1f18cb3f02a6b6cb599ca75da3598f052a01a27a3be74515043a0fab

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Length
96568
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:962928635842:web:1d894a40caf0315b48305b/ 		369 B
428 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:962928635842:web:1d894a40caf0315b48305b/webConfig
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b213afcd3bd8436fbd73562dbeac788d4f1edf8247f384567207e8437d19a2e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://onboarding.getflex.com/
x-goog-api-key
AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
vary
Origin, X-Origin, Referer
content-length
238
x-xss-protection
0
webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:962928635842:web:1d894a40caf0315b48305b/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebase.googleapis.com/v1alpha/projects/-/apps/1:962928635842:web:1d894a40caf0315b48305b/webConfig
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-api-key
Access-Control-Request-Method
GET
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://onboarding.getflex.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Fri, 09 Sep 2022 19:07:02 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/getflex-production/ 		625 B
510 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/getflex-production/installations
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b0eefde78d67d53fdca3445b498c4b157928c1db02178c783b19e9510ff65c82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://onboarding.getflex.com/
x-goog-api-key
AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
application/json

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
vary
Origin, X-Origin, Referer
content-length
487
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/getflex-production/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/getflex-production/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://onboarding.getflex.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Fri, 09 Sep 2022 19:07:02 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
signupNewUser
www.googleapis.com/identitytoolkit/v3/relyingparty/ 		1 KB
952 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
da248aa69a2692f8b15b912798e442ff36fab479e187842c9f40209c8fd0699d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://onboarding.getflex.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
X-Client-Version
Chrome/JsCore/8.2.9/FirebaseCore-web
Content-Type
application/json

Response headers

pragma
no-cache
date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
date,vary,vary,vary,content-encoding,server,content-length
cache-control
no-cache, no-store, max-age=0, must-revalidate
vary
Origin, X-Origin, Referer
content-length
927
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
signupNewUser
www.googleapis.com/identitytoolkit/v3/relyingparty/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-client-version
Access-Control-Request-Method
POST
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-client-version
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://onboarding.getflex.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Fri, 09 Sep 2022 19:07:02 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
open
api2.branch.io/v1/ 		273 B
633 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api2.branch.io/v1/open
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:d600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b58427544754191481ace4169669db734658d06e8a485c1849df08e9cba40196
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://onboarding.getflex.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
via
1.1 b2406c07406aaa3fa3e9edc1125ffcf8.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C3
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache
x-branch-request-id
c49a121b36bc4a4d83f3d205457b896b-2022090919
content-length
273
x-amz-cf-id
Z1rnhBMShpcWORwRMmOgePTSHwF8I6eA4pNPnXzpFsAl2KRmcdeTUA==
js
www.googletagmanager.com/gtag/ 		211 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-4E0VMTZM45
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
472d6122b36405812ae7d53af4374e0654af0125f6b8f80c682c9f45f47fc6bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:02 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
75059
x-xss-protection
0
expires
Fri, 09 Sep 2022 19:07:02 GMT
collect
www.google-analytics.com/g/ 		0
352 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-4E0VMTZM45&gtm=2oe970&_p=555824425&_fid=fHqChcPBz__eo05C_iYvmW&cid=1606535395.1662750423&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1662750422&sct=1&seg=0&dl=https%3A%2F%2Fonboarding.getflex.com%2F&dt=Flex%20%7C%20Pay%20Rent%20on%20Your%20Own%20Schedule&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.origin=firebase
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-4E0VMTZM45
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Sep 2022 19:07:02 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://onboarding.getflex.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
m-outer-31e97de540e089dc17052298cc0e1bbd.html
js.stripe.com/v3/ Frame 6594 		186 B
816 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-31e97de540e089dc17052298cc0e1bbd.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
47a1e6481ca2c1ab189e42b975f6c99f0b671f652ef1612ff40787c04b6804f5
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://onboarding.getflex.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1320
cache-control
max-age=31536000
content-encoding
br
content-length
114
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 09 Sep 2022 19:07:02 GMT
etag
"31e97de540e089dc17052298cc0e1bbd"
last-modified
Fri, 09 Sep 2022 18:43:30 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
256
x-content-type-options
nosniff
x-request-id
075250a4-1a35-4a82-ba8f-c59ce89209c4
x-served-by
cache-ewr18124-EWR
pageview
api2.branch.io/v1/ 		28 B
433 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api2.branch.io/v1/pageview
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:d600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://onboarding.getflex.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
via
1.1 b2406c07406aaa3fa3e9edc1125ffcf8.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C3
x-powered-by
Express
etag
W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
6cf36ae85a7b42fc8ae0278bd7e60a24-2022090919
content-length
28
x-amz-cf-id
PBkT_iNi-WMv-vU9eXhjkDfIS5aSLs1Mo99H7cxeEvCwoTBBkBflKA==
csp-report
q.stripe.com/ Frame 6594 		0
570 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
x-content-type-options
nosniff
x-envoy-upstream-service-time
3
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-length
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 6594 		0
570 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
x-content-type-options
nosniff
x-envoy-upstream-service-time
3
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-length
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
m-outer-84f2c9eff43d076b0aff57f80a26902c.js
js.stripe.com/v3/fingerprinted/js/ Frame 6594 		526 B
385 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-84f2c9eff43d076b0aff57f80a26902c.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-31e97de540e089dc17052298cc0e1bbd.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://js.stripe.com/v3/m-outer-31e97de540e089dc17052298cc0e1bbd.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
45
x-cache
HIT
content-length
256
etag
"d96c709017743c0759cf3853d1806ba5"
x-request-id
884b6dba-a7d8-43ef-810f-6ad1f554c80f
x-served-by
cache-ewr18124-EWR
access-control-allow-origin
*
last-modified
Fri, 09 Sep 2022 18:43:29 GMT
server
Fastly
date
Fri, 09 Sep 2022 19:07:02 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
69
inner.html
m.stripe.network/ Frame 959E 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-84f2c9eff43d076b0aff57f80a26902c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-118.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
age
89
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 09 Sep 2022 19:05:35 GMT
etag
"fc2e029628f163bb59adc6fa5a31161c"
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 cae77502d3847ca96378af9649c50cb4.cloudfront.net (CloudFront)
x-amz-cf-id
sSxBsZt10dyAY6ZXxMs1cHZCMf2u0w4WMzObTIfkVHqKEz4Rxm7V1A==
x-amz-cf-pop
EWR50-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
firebase:fetch
firebaseremoteconfig.googleapis.com/v1/projects/getflex-production/namespaces/ 		959 B
443 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseremoteconfig.googleapis.com/v1/projects/getflex-production/namespaces/firebase:fetch?key=AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bb3278dcabedf3874c62e4854ddc559fe9ddaadd6518643a0afc6b6a0e7c54bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://onboarding.getflex.com/
Content-Encoding
gzip
If-None-Match
*
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
etag
etag-getflex-production-firebase-fetch-46933260
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
etag,vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
vary
Origin, X-Origin, Referer
content-length
419
x-xss-protection
0
firebase:fetch
firebaseremoteconfig.googleapis.com/v1/projects/getflex-production/namespaces/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseremoteconfig.googleapis.com/v1/projects/getflex-production/namespaces/firebase:fetch?key=AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-encoding,content-type,if-none-match
Access-Control-Request-Method
POST
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
content-encoding,content-type,if-none-match
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://onboarding.getflex.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Fri, 09 Sep 2022 19:07:02 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
css
fonts.googleapis.com/ 		2 KB
1021 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Work+Sans%7CLexend
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0630b1990bc26ad1856f72eaed01793b23403d8656da7b11b23dff08e8a4666f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 09 Sep 2022 19:07:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 09 Sep 2022 19:07:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 09 Sep 2022 19:07:03 GMT
fonts.css
onboarding.getflex.com/fonts/ 		0
0
js
maps.googleapis.com/maps/api/ 		168 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyCTZ2eoxO0-PJAZmi4KyLBUTrgxLdEZAdg&libraries=places
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/main.3b804627.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
01346779aff5b7ad95a5861448ccfc1f053b647bf82ba90d280b55cd4d484020
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
server-timing
gfet4t7; dur=46
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56183
x-xss-protection
0
expires
Fri, 09 Sep 2022 19:37:03 GMT
controller-095a0f8ed1bd34ea165680d623836e85.html
js.stripe.com/v3/ Frame BB86 		297 B
764 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-095a0f8ed1bd34ea165680d623836e85.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
2f93be8e924858a0b096e6a0e2aee528e5c590802fd58d8b5bff13506291fa21
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://onboarding.getflex.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
57
cache-control
max-age=60
content-encoding
br
content-length
143
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Fri, 09 Sep 2022 19:07:03 GMT
etag
"095a0f8ed1bd34ea165680d623836e85"
last-modified
Fri, 09 Sep 2022 18:43:18 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
22
x-content-type-options
nosniff
x-request-id
8fbe331a-4095-4448-81e4-1f2e0bf9edad
x-served-by
cache-ewr18124-EWR
css2
fonts.googleapis.com/ 		1 KB
945 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Work+Sans
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7e61b98cfd48dd5fda2b67045ebc64812e2125be27b1b8f699672567ae2d9ed3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json
Referer
https://onboarding.getflex.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 09 Sep 2022 18:53:02 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 09 Sep 2022 19:07:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 09 Sep 2022 19:07:03 GMT
csp-report
q.stripe.com/ Frame 959E 		0
344 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Fri, 09 Sep 2022 19:07:03 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
3
x-robots-tag
none
content-length
0
x-content-type-options
nosniff
expires
0
csp-report
q.stripe.com/ Frame BB86 		0
571 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
x-content-type-options
nosniff
x-envoy-upstream-service-time
3
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-length
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
shared-1e510bafaab3860494b6bee4605bbfd2.js
js.stripe.com/v3/fingerprinted/js/ Frame BB86 		269 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-095a0f8ed1bd34ea165680d623836e85.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
42231a23615c02da144b7b3c6d86f3283b1d199d7254ce303807c6d5bc84730f
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://js.stripe.com/v3/controller-095a0f8ed1bd34ea165680d623836e85.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
8
x-cache
HIT
content-length
64901
etag
"ed916bb24f9b9c928f6c88bba10daab7"
x-request-id
870595e3-4379-4a55-8df0-d38448f25260
x-served-by
cache-ewr18124-EWR
access-control-allow-origin
*
last-modified
Fri, 09 Sep 2022 18:43:30 GMT
server
Fastly
date
Fri, 09 Sep 2022 19:07:03 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
5
controller-67d2fda88d4b10816c4b020955d89c3a.js
js.stripe.com/v3/fingerprinted/js/ Frame BB86 		381 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/controller-67d2fda88d4b10816c4b020955d89c3a.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-095a0f8ed1bd34ea165680d623836e85.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
cfd42ca44a1d3139a1e9034e267e44a1d431c4bddf21ddc0784dec62a27d0577
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://js.stripe.com/v3/controller-095a0f8ed1bd34ea165680d623836e85.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
4
x-cache
HIT
content-length
95424
etag
"dd836f2d260f7793a1f1a0608f7feca5"
x-request-id
385b42af-5e3e-49d1-aece-5ba023475d8c
x-served-by
cache-ewr18124-EWR
access-control-allow-origin
*
last-modified
Fri, 09 Sep 2022 18:43:27 GMT
server
Fastly
date
Fri, 09 Sep 2022 19:07:03 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
3
out-4.5.42.js
m.stripe.network/ Frame 959E 		86 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.42.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-118.ewr50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 17 Mar 2022 19:03:12 GMT
server
Cloudfront
age
96
date
Fri, 09 Sep 2022 19:05:27 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 cae77502d3847ca96378af9649c50cb4.cloudfront.net (CloudFront)
cache-control
max-age=300, public
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
_4ofqvhwGcS1Oqh3aZOB36RHtoBp9g5KKzlFbAhLKvMqEicMOpYaHQ==
etag
W/"21df7244385e5c0bdf32da01d0dad6c0"
fireperf:fetch
firebaseremoteconfig.googleapis.com/v1/projects/getflex-production/namespaces/ 		1 KB
470 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseremoteconfig.googleapis.com/v1/projects/getflex-production/namespaces/fireperf:fetch?key=AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
86fcdc433127469d36b2679cf4e49de3ccedd389a487e59632d7db28f61f77cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Referer
https://onboarding.getflex.com/
accept-language
en-US,en;q=0.9
Authorization
FIREBASE_INSTALLATIONS_AUTH eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBJZCI6IjE6OTYyOTI4NjM1ODQyOndlYjoxZDg5NGE0MGNhZjAzMTViNDgzMDViIiwiZXhwIjoxNjYzMzU1MjIyLCJmaWQiOiJmSHFDaGNQQnpfX2VvMDVDX2lZdm1XIiwicHJvamVjdE51bWJlciI6OTYyOTI4NjM1ODQyfQ.AB2LPV8wRQIgGYpQj8GUla1zy2yUvaxzvi79Lr5ELOrc3hMa1qpONeUCIQCIOUNoNwj307tE4OurbiWdQSzPX_DqpswQbqcZCX9VFw
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
etag
etag-getflex-production-fireperf-fetch--1223638431
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
etag,vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
vary
Origin, X-Origin, Referer
content-length
446
x-xss-protection
0
fireperf:fetch
firebaseremoteconfig.googleapis.com/v1/projects/getflex-production/namespaces/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseremoteconfig.googleapis.com/v1/projects/getflex-production/namespaces/fireperf:fetch?key=AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
POST
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
authorization
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://onboarding.getflex.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Fri, 09 Sep 2022 19:07:03 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
getAccountInfo
www.googleapis.com/identitytoolkit/v3/relyingparty/ 		258 B
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
747f429bdb12d005a7b9baa9da7b5dc010fcf8f2a9be78d80f77574ea2ec83e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://onboarding.getflex.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
X-Client-Version
Chrome/JsCore/8.2.9/FirebaseCore-web
Content-Type
application/json

Response headers

pragma
no-cache
date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
date,vary,vary,vary,content-encoding,server,content-length
cache-control
no-cache, no-store, max-age=0, must-revalidate
vary
Origin, X-Origin, Referer
content-length
202
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
getAccountInfo
www.googleapis.com/identitytoolkit/v3/relyingparty/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.googleapis.com/identitytoolkit/v3/relyingparty/getAccountInfo?key=AIzaSyDuKr7tEW-0ZxuaI-UqgdvdcB_YHBlGkkQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-client-version
Access-Control-Request-Method
POST
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-client-version
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://onboarding.getflex.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Fri, 09 Sep 2022 19:07:03 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
1489-8b86da401d493fc7478fbafda5019691.js
js.stripe.com/v3/fingerprinted/js/ Frame BB86 		231 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/1489-8b86da401d493fc7478fbafda5019691.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-67d2fda88d4b10816c4b020955d89c3a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
369b0ad32cb6966ef124ab33c4187f851c987e29d5c21d7d3aa47a140ab18429
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://js.stripe.com/v3/controller-095a0f8ed1bd34ea165680d623836e85.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
13
x-cache
HIT
content-length
47921
etag
"ab675b71d19378124fcdf3c0f6dad353"
x-request-id
b5599c4a-0fc5-472e-ba87-874d8fdc27c6
x-served-by
cache-ewr18124-EWR
access-control-allow-origin
*
last-modified
Fri, 19 Aug 2022 19:21:16 GMT
server
Fastly
date
Fri, 09 Sep 2022 19:07:03 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
9
phone-numbers-lib-a9439e8df0edd984b461e0e2c51c5227.js
js.stripe.com/v3/fingerprinted/js/ Frame BB86 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-a9439e8df0edd984b461e0e2c51c5227.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/controller-67d2fda88d4b10816c4b020955d89c3a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
7a15a7c250eb25e8a28fa5e020fc15d656966115577ba4f51c19274149a48e56
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://js.stripe.com/v3/controller-095a0f8ed1bd34ea165680d623836e85.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
35
x-cache
HIT
content-length
770
etag
"f1717e2e478c68d16ccd7b37768700be"
x-request-id
12712e68-6f88-4e9c-a57f-7e3e7226a272
x-served-by
cache-ewr18124-EWR
access-control-allow-origin
*
last-modified
Fri, 02 Sep 2022 18:36:32 GMT
server
Fastly
date
Fri, 09 Sep 2022 19:07:03 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
17
.deploy_status_henson.json
js.stripe.com/v3/ Frame BB86 		474 B
613 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/.deploy_status_henson.json
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
7d76c26b22613f1fa8dd31853adbf1dc86800d4aee8b4fee3c4c1145be39a99d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Accept
application/json
Referer
https://js.stripe.com/v3/controller-095a0f8ed1bd34ea165680d623836e85.html
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
br
vary
Accept-Encoding
age
20
x-cache
HIT
content-length
303
x-request-id
6b3c4431-4c5f-47db-8061-1657ff617d1b
x-served-by
cache-ewr18123-EWR
access-control-allow-origin
*
last-modified
Fri, 09 Sep 2022 19:04:51 GMT
server
Fastly
etag
"768f9760b52b3d7a9448ab8fb0fbd06c"
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-type
application/json
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
3
6
m.stripe.com/ Frame 959E 		156 B
523 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.166.5.181 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-166-5-181.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
da5b6ad5506a9f5a7498d621fdd7509a36728277f075c9f476fce9f88f4da138
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2
fonts.gstatic.com/s/worksans/v18/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/worksans/v18/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Work+Sans%7CLexend
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c46b18a1ccba221be436881e1649ef1bfd1e656184fcd535e84bc77c77e8e5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://onboarding.getflex.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 06 Sep 2022 21:05:52 GMT
x-content-type-options
nosniff
age
252071
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17912
x-xss-protection
0
last-modified
Tue, 23 Aug 2022 17:55:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Sep 2023 21:05:52 GMT
wlptgwvFAVdoq2_F94zlCfv0bz1WCzsWzLdneg.woff2
fonts.gstatic.com/s/lexend/v17/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lexend/v17/wlptgwvFAVdoq2_F94zlCfv0bz1WCzsWzLdneg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Work+Sans%7CLexend
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c752cf03fc65cd47a8e5559d1a96847770a5c7c34baada82a3dc4df7733f1e7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://onboarding.getflex.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 16:02:40 GMT
x-content-type-options
nosniff
age
183863
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12296
x-xss-protection
0
last-modified
Tue, 30 Aug 2022 17:13:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 07 Sep 2023 16:02:40 GMT
rum
rum.browser-intake-datadoghq.com/api/v2/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.11.2%2Cenv%3Aproduction%2Cservice%3Aproduction-flex-consumer-web-app%2Cversion%3A2.1.843&dd-api-key=pub81e29f28978a41d453a4b638a4266041&dd-evp-origin-version=4.11.2&dd-evp-origin=browser&dd-request-id=32257afa-d5df-4493-82ba-05beec4a5398&batch_time=1662750423292
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:8915:24fe:2656:7e19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://onboarding.getflex.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
/
api.amplitude.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.amplitude.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.42.70.170 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-42-70-170.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Access-Control-Request-Headers
cross-origin-resource-policy
Access-Control-Request-Method
POST
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
cross-origin-resource-policy
access-control-allow-methods
GET, POST
access-control-allow-origin
*
content-length
0
date
Fri, 09 Sep 2022 19:07:03 GMT
strict-transport-security
max-age=15768000
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
vary
Origin, X-Origin, Referer
content-length
23
x-xss-protection
0
/
api.amplitude.com/ 		7 B
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.amplitude.com/
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.42.70.170 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-42-70-170.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://onboarding.getflex.com/
Cross-Origin-Resource-Policy
cross-origin
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 09 Sep 2022 19:07:03 GMT
trace-id
Root=1-631b8ed7-7084acc525494e543f2a001e
content-length
7
strict-transport-security
max-age=15768000
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
RebrandDisRegular.e07bcbc1.otf
onboarding.getflex.com/static/media/ 		146 KB
83 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://onboarding.getflex.com/static/media/RebrandDisRegular.e07bcbc1.otf
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/css/main.f99b7a00.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-63.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1bb57776aab60e8cfadd623d91f2dd7fe6dc989f847e22608e51da29439db43b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-oLV6iZmO3ZOYUgXVVoMMaw==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onboarding.getflex.com/static/css/main.f99b7a00.chunk.css
Origin
https://onboarding.getflex.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 03 Sep 2022 01:41:09 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"12fd04ff7ddb4ddf3523ac327385bd11"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
font/ttf
via
1.1 a171b1283e1187a443aee626cb753630.cloudfront.net (CloudFront)
cache-control
max-age=0, must-revalidate, public
content-security-policy
default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-oLV6iZmO3ZOYUgXVVoMMaw==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
x-amz-cf-id
gTmOH6oBfotvzuDq-bK8He35hIVB_-FhnlEoxKSE8A3kU9x-OIkxKg==
RebrandDisMedium.bc71e75c.otf
onboarding.getflex.com/static/media/ 		153 KB
86 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://onboarding.getflex.com/static/media/RebrandDisMedium.bc71e75c.otf
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/css/main.f99b7a00.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-63.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
757b9dd93294c41c5bfa4bff9d8705cd4ad1b98ce02104033bcb240bcbee03a1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-tjUAmXPoSdmICTqEmtjM8A==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onboarding.getflex.com/static/css/main.f99b7a00.chunk.css
Origin
https://onboarding.getflex.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 03 Sep 2022 01:41:09 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"4d20c168fe02957de3632f86b92230dd"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
font/ttf
via
1.1 a171b1283e1187a443aee626cb753630.cloudfront.net (CloudFront)
cache-control
max-age=0, must-revalidate, public
content-security-policy
default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-tjUAmXPoSdmICTqEmtjM8A==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
x-amz-cf-id
s2EWMjAct6hGk919Why5uX6f0B3xPjHxJDssNB8KMcagu3MgQ17_Rg==
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:03 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
profile
api2.branch.io/v1/ 		142 B
571 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api2.branch.io/v1/profile
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:d600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
ae86405bb86e06766521785226806906ee9c744315d41e0dc3c53e78e95e16f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://onboarding.getflex.com/auth
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
via
1.1 b2406c07406aaa3fa3e9edc1125ffcf8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C3
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
4e7771f7f3914f62b50cbde6cd8067a3-2022090919
content-length
142
etag
W/"8e-KcAQ4kNS78UCqTgoniyW/3r2Fmg"
x-amz-cf-id
OWayiAjsAzftgSwZ_AG9xCq44fwaMVuO9lkKOl-uXQFgHdyZ8-pkuA==
/
geolocation-db.com/json/ 		181 B
217 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation-db.com/json/
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.89.102.253 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
35e560ee0ece3e78935b202db14e24c47a9d613f7fd6100eefeb27a70e3470ea

Request headers

Accept
application/json, text/plain, */*
Referer
https://onboarding.getflex.com/auth
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html; charset=UTF-8
RebrandDisBold.b98fe006.otf
onboarding.getflex.com/static/media/ 		155 KB
87 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://onboarding.getflex.com/static/media/RebrandDisBold.b98fe006.otf
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/css/main.f99b7a00.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-63.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c9e35994c8b8b6d1695b9eab6562297caf7149f3260d0a02b4279d5addf20451
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-iak69L/mYrm44KLndij+ug==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onboarding.getflex.com/static/css/main.f99b7a00.chunk.css
Origin
https://onboarding.getflex.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 03 Sep 2022 01:41:09 GMT
server
AmazonS3
x-frame-options
DENY
etag
W/"56bcd1fc2cd0abfa8eb6dacf9300f676"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
font/ttf
via
1.1 a171b1283e1187a443aee626cb753630.cloudfront.net (CloudFront)
cache-control
max-age=0, must-revalidate, public
content-security-policy
default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-iak69L/mYrm44KLndij+ug==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
x-amz-cf-id
swCsJGh6iEFLrKKiqfHo3gZu_ARiCWrKpOZLZJgse1oE4lU7iQ8ROg==
channel
firestore.googleapis.com/google.firestore.v1.Firestore/Listen/ 		54 B
551 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://firestore.googleapis.com/google.firestore.v1.Firestore/Listen/channel?database=projects%2Fgetflex-production%2Fdatabases%2F(default)&VER=8&RID=34382&CVER=22&X-HTTP-Session-Id=gsessionid&%24httpHeaders=X-Goog-Api-Client%3Agl-js%2F%20fire%2F8.2.9%0D%0AContent-Type%3Atext%2Fplain%0D%0AAuthorization%3ABearer%20eyJhbGciOiJSUzI1NiIsImtpZCI6ImVkNmJjOWRhMWFmMjM2ZjhlYTU2YTVkNjIyMzQwMWZmNGUwODdmMTEiLCJ0eXAiOiJKV1QifQ.eyJwcm92aWRlcl9pZCI6ImFub255bW91cyIsImlzcyI6Imh0dHBzOi8vc2VjdXJldG9rZW4uZ29vZ2xlLmNvbS9nZXRmbGV4LXByb2R1Y3Rpb24iLCJhdWQiOiJnZXRmbGV4LXByb2R1Y3Rpb24iLCJhdXRoX3RpbWUiOjE2NjI3NTA0MjMsInVzZXJfaWQiOiJxV1BoUXcyYUZUU2tiM2lXcDNuZEE5aEZtUkgzIiwic3ViIjoicVdQaFF3MmFGVFNrYjNpV3AzbmRBOWhGbVJIMyIsImlhdCI6MTY2Mjc1MDQyMywiZXhwIjoxNjYyNzU0MDIzLCJmaXJlYmFzZSI6eyJpZGVudGl0aWVzIjp7fSwic2lnbl9pbl9wcm92aWRlciI6ImFub255bW91cyJ9fQ.S__ADxX3fnpfrrH6UZ8Ti1dlRDlo9a2AmyoQRNorlk9sJWbNwBUOAvcCvH0x0K3ZwLau1dqBd1frl9hRQKm0pNslztkdPZDbjxzri8xC0MkcW3hTz5SRVz8HC8MjZ2A9v9aKhWU0R-9PNt-1opxAlSgmxtPVF7g2R57P1G94Ub9iQ51VrAf_BQz_enUyPBi2POZLoroQ-CjmJ4W6vS3Aj1zARxr2uDxz08cTK-ILU0j6hBguwTvTiohPOzz88Q_bDv3lwFkrkpJbIah75lXkMt5ozCEvHilvmvEtv0wB3wSioVK1ElWd9KKM1OE8epFSZMGpTbJtzd7ZtUhDYlcdMw%0D%0A&zx=3jzaaavgffas&t=1
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6c3dbf30251b682f466b955baf6eb0a635c0af897fff6bcbb8091b790b379f21
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://onboarding.getflex.com/auth
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-client-wire-protocol
h2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
71
x-xss-protection
0
server
ESF
x-frame-options
SAMEORIGIN
vary
origin
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
x-client-wire-protocol,x-http-session-id
cache-control
private
access-control-allow-credentials
true
x-http-session-id
e4P8UIqqXN4SYVkH3WIL5Td_obBC_0-r41BAyWhLZLM
standard
api2.branch.io/v2/event/ 		2 B
357 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api2.branch.io/v2/event/standard
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:d600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://onboarding.getflex.com/auth
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
via
1.1 b2406c07406aaa3fa3e9edc1125ffcf8.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C3
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
fa1b62fc-508f-4587-bbd8-fd5ede85913e-2022090919
content-length
2
x-amz-cf-id
2rFZLex7JPZVxv47Y4oIMXELFETlkzYX72DlGgkWepcxxdqxYc5Akw==
channel
firestore.googleapis.com/google.firestore.v1.Firestore/Listen/ 		13 KB
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://firestore.googleapis.com/google.firestore.v1.Firestore/Listen/channel?database=projects%2Fgetflex-production%2Fdatabases%2F(default)&gsessionid=e4P8UIqqXN4SYVkH3WIL5Td_obBC_0-r41BAyWhLZLM&VER=8&RID=rpc&SID=FiZLeFsfsNCDj4BZs6oMzQ&CI=0&AID=0&TYPE=xmlhttp&zx=r14i8hyod5yu&t=1
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://onboarding.getflex.com
cache-control
private, max-age=0
access-control-allow-credentials
true
vary
Referer, origin
x-xss-protection
0
/
api.amplitude.com/ 		7 B
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.amplitude.com/
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.42.70.170 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-42-70-170.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://onboarding.getflex.com/auth
Cross-Origin-Resource-Policy
cross-origin
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 09 Sep 2022 19:07:03 GMT
trace-id
Root=1-631b8ed7-3bfbec023174e1f42029848e
content-length
7
strict-transport-security
max-age=15768000
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
/
api.amplitude.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.amplitude.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.42.70.170 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-42-70-170.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Access-Control-Request-Headers
cross-origin-resource-policy
Access-Control-Request-Method
POST
Origin
https://onboarding.getflex.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
cross-origin-resource-policy
access-control-allow-methods
GET, POST
access-control-allow-origin
*
content-length
0
date
Fri, 09 Sep 2022 19:07:03 GMT
strict-transport-security
max-age=15768000
channel
firestore.googleapis.com/google.firestore.v1.Firestore/Listen/ 		10 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://firestore.googleapis.com/google.firestore.v1.Firestore/Listen/channel?database=projects%2Fgetflex-production%2Fdatabases%2F(default)&VER=8&gsessionid=e4P8UIqqXN4SYVkH3WIL5Td_obBC_0-r41BAyWhLZLM&SID=FiZLeFsfsNCDj4BZs6oMzQ&RID=34383&AID=4&zx=msy4z7n2awe6&t=1
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
06a403fa19b0e23e9e2ef3f493a6a55f68607c5566298f3e0ed7a08dbf11ad82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://onboarding.getflex.com/auth
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 09 Sep 2022 19:07:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://onboarding.getflex.com
vary
origin
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30
x-xss-protection
0
6
m.stripe.com/ Frame 959E 		156 B
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.166.5.181 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-166-5-181.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
da5b6ad5506a9f5a7498d621fdd7509a36728277f075c9f476fce9f88f4da138
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 09 Sep 2022 19:07:07 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-4E0VMTZM45&gtm=2oe970&_p=555824425&_fid=fHqChcPBz__eo05C_iYvmW&cid=1606535395.1662750423&ul=en-us&sr=1600x1200&_z=ccd.v9B&sid=1662750422&sct=1&seg=0&dl=https%3A%2F%2Fonboarding.getflex.com%2Fauth&dt=Flex%20%7C%20Pay%20Rent%20on%20Your%20Own%20Schedule&_s=2
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-4E0VMTZM45
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://onboarding.getflex.com/auth
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 09 Sep 2022 19:07:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://onboarding.getflex.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
log
firebaselogging-pa.googleapis.com/v1/firelog/legacy/ 		123 B
535 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaselogging-pa.googleapis.com/v1/firelog/legacy/log?key=AIzaSyCx80ru6-RXeTi3GvqkFsMVyMf-vpgIoVw
Requested by
Host: onboarding.getflex.com
URL: https://onboarding.getflex.com/static/js/2.1fa6e663.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200a -, , ASN (),
Reverse DNS
Software
ESF /
Resource Hash
b99f88e652026d4d811f3eeba9411584440f3d735a3d79ea76cbefd25eb595a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://onboarding.getflex.com/auth
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 09 Sep 2022 19:07:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server
ESF
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://onboarding.getflex.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
vary
Origin, X-Origin, Referer
content-length
120
x-xss-protection
0
trusted-types-checker-b31b0d3b211d1247a37e6120682932ed.js
js.stripe.com/v3/fingerprinted/js/ 		174 B
293 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-b31b0d3b211d1247a37e6120682932ed.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
79db4d79a6e53e3aa9b5703a1156cc9accef42d4d3d31b5019d2eabf216fa751
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
age
23
x-cache
HIT
content-length
119
etag
"5cbd8f0579eb735eea933bbd78b29553"
x-request-id
ba840a12-3690-49e7-8c79-8ee2bdb1a108
x-served-by
cache-ewr18124-EWR
access-control-allow-origin
*
last-modified
Tue, 23 Aug 2022 21:34:38 GMT
server
Fastly
date
Fri, 09 Sep 2022 19:07:08 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
via
1.1 varnish
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
5
0
r.stripe.com/ Frame BB86 		0
127 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-1e510bafaab3860494b6bee4605bbfd2.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
date
Fri, 09 Sep 2022 19:07:08 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
common.js
maps.googleapis.com/maps-api-v3/api/js/50/4/ 		246 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/50/4/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyCTZ2eoxO0-PJAZmi4KyLBUTrgxLdEZAdg&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2e55c51defa94f20db1378a8d65c502c3045d3b7c88310b158d290f7c17cb262
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 06:56:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
43829
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69197
x-xss-protection
0
last-modified
Tue, 06 Sep 2022 21:59:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 09 Sep 2023 06:56:39 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/50/4/ 		158 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/50/4/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyCTZ2eoxO0-PJAZmi4KyLBUTrgxLdEZAdg&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0a531bb0596671678ea331785cc6fd24fcebdcb3f7696977774282a7748cd31c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://onboarding.getflex.com/auth
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 09 Sep 2022 08:18:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
38901
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
59598
x-xss-protection
0
last-modified
Tue, 06 Sep 2022 21:59:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 09 Sep 2023 08:18:47 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
onboarding.getflex.com
URL
https://onboarding.getflex.com/fonts/fonts.css

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackJsonpweb-app object| branch object| regeneratorRuntime function| _ function| setImmediate function| clearImmediate object| DD_LOGS object| analyticsConnectorInstances object| DD_RUM object| dataLayer function| gtag object| webpackChunkstripe_js_v3 function| Stripe object| google_tag_manager function| onYouTubeIframeAPIReady object| google_tag_data object| gaGlobal object| google object| module$exports$mapsapi$util$event object| module$contents$mapsapi$overlay$overlayView_OverlayView

8 Cookies

Domain/Path Name / Value
.app.link/ Name: _s
Value: qUbSS8QPx02gWwd81X4Rqs0NaK0BlSwW4F7WV3ir6Uoag7MIPIlLhk7aNrq7m8zp
.getflex.com/ Name: _ga
Value: GA1.1.1606535395.1662750423
m.stripe.com/ Name: m
Value: 1291e990-be9b-485b-8c88-742b4688db0eae6bb0
.onboarding.getflex.com/ Name: __stripe_mid
Value: 640f7ad3-d4f7-440a-b4d3-7f61ae4d3188f2e634
.onboarding.getflex.com/ Name: __stripe_sid
Value: 142412ee-2ec2-4e98-aad9-fdaf8b2a4452864ddd
.getflex.com/ Name: amp_ed24d6
Value: WsDKBwAiPOFCL-rH8tOs_3...1gchqbti8.1gchqbul6.3.0.3
.getflex.com/ Name: _ga_4E0VMTZM45
Value: GS1.1.1662750422.1.1.1662750424.0.0.0
onboarding.getflex.com/ Name: _dd_s
Value: rum=2&id=d6d2c543-0c34-48a7-990e-5101d3ccd01a&created=1662750422585&expire=1662751322593&logs=1

2 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security error URL: https://onboarding.getflex.com/
Message:
Refused to apply style from 'https://onboarding.getflex.com/fonts/fonts.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com/ *.googleapis.com/ https://api.bugfender.com/ https://api2.branch.io *.getflex.services/ *.getflex.com/ https://geolocation-db.com/json/ https://api.amplitude.com/ https://logs.browser-intake-datadoghq.com/ https://rum.browser-intake-datadoghq.com/ https://api.lab.amplitude.com/ https://api.iterable.com/; script-src 'self' 'nonce-KE+pZiThQGTcHCz39xi4nw==' 'unsafe-eval' https://js.stripe.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/gtag/ https://m.stripe.network/ https://cdn.plaid.com/ https://app.link/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.google.com/; frame-src 'self' https://js.stripe.com/ https://www.google.com/recaptcha/ https://getflex-development.firebaseapp.com/ https://getflex-production.firebaseapp.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.plaid.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://q.stripe.com https://www.google-analytics.com/ *.airtable.com/ data:; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.amplitude.com
api.bugfender.com
api.lab.amplitude.com
api2.branch.io
app.link
firebase.googleapis.com
firebaseinstallations.googleapis.com
firebaselogging-pa.googleapis.com
firebaseremoteconfig.googleapis.com
firestore.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
geolocation-db.com
getflex.app.link
js.stripe.com
m.stripe.com
m.stripe.network
maps.googleapis.com
onboarding.getflex.com
q.stripe.com
r.stripe.com
rum.browser-intake-datadoghq.com
www.google-analytics.com
www.googleapis.com
www.googletagmanager.com
onboarding.getflex.com
13.225.214.118
13.225.63.63
151.101.128.176
151.101.194.132
159.89.102.253
2600:1f18:24e6:b902:8915:24fe:2656:7e19
2600:9000:210b:d600:11:f728:3040:93a1
2600:9000:23cb:9a00:19:9934:6a80:93a1
2600:9000:23cb:e800:19:9934:6a80:93a1
2607:f8b0:4006:806::200a
2607:f8b0:4006:807::200a
2607:f8b0:4006:80a::200a
2607:f8b0:4006:80b::200a
2607:f8b0:4006:80f::200a
2607:f8b0:4006:817::200a
2607:f8b0:4006:81d::2008
2607:f8b0:4006:81f::2003
2607:f8b0:4006:81f::200e
2607:f8b0:4006:820::200a
31.170.103.99
35.166.5.181
52.42.70.170
54.187.159.182
01346779aff5b7ad95a5861448ccfc1f053b647bf82ba90d280b55cd4d484020
0630b1990bc26ad1856f72eaed01793b23403d8656da7b11b23dff08e8a4666f
06a403fa19b0e23e9e2ef3f493a6a55f68607c5566298f3e0ed7a08dbf11ad82
0a531bb0596671678ea331785cc6fd24fcebdcb3f7696977774282a7748cd31c
0ce3c1ac4c0ced5851af6786a714d384d4ec6ec71c8435aeb7e048f77f2667fa
17b083611391f015376396e3316cc8d5f931b956156f5453982f734626973c77
1bb57776aab60e8cfadd623d91f2dd7fe6dc989f847e22608e51da29439db43b
2c88756c75c185e89aa5df2dab6095649544b1a3982426e827eae23ac883fd2c
2e55c51defa94f20db1378a8d65c502c3045d3b7c88310b158d290f7c17cb262
2f93be8e924858a0b096e6a0e2aee528e5c590802fd58d8b5bff13506291fa21
35e560ee0ece3e78935b202db14e24c47a9d613f7fd6100eefeb27a70e3470ea
369b0ad32cb6966ef124ab33c4187f851c987e29d5c21d7d3aa47a140ab18429
3c46b18a1ccba221be436881e1649ef1bfd1e656184fcd535e84bc77c77e8e5d
42231a23615c02da144b7b3c6d86f3283b1d199d7254ce303807c6d5bc84730f
42ab54ea6c0c5d5df91caf1c75806182918477bf449e9fe917fc6983f434fabb
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
472d6122b36405812ae7d53af4374e0654af0125f6b8f80c682c9f45f47fc6bf
47a1e6481ca2c1ab189e42b975f6c99f0b671f652ef1612ff40787c04b6804f5
58b1b398b24664cd3ccf7f4709a3bfe1ef593dd27fa40cf9af4bf57511bc1d1b
6c3dbf30251b682f466b955baf6eb0a635c0af897fff6bcbb8091b790b379f21
747f429bdb12d005a7b9baa9da7b5dc010fcf8f2a9be78d80f77574ea2ec83e6
757b9dd93294c41c5bfa4bff9d8705cd4ad1b98ce02104033bcb240bcbee03a1
79db4d79a6e53e3aa9b5703a1156cc9accef42d4d3d31b5019d2eabf216fa751
7a15a7c250eb25e8a28fa5e020fc15d656966115577ba4f51c19274149a48e56
7d76c26b22613f1fa8dd31853adbf1dc86800d4aee8b4fee3c4c1145be39a99d
7e61b98cfd48dd5fda2b67045ebc64812e2125be27b1b8f699672567ae2d9ed3
86fcdc433127469d36b2679cf4e49de3ccedd389a487e59632d7db28f61f77cc
8c5afe8a37e0ad2a14b51a221cffa4419bd57c48d6423f5192b09c98eba593cb
a2f1bfd107b6f858f2d8132ab4d5ab03b976f4b87703f9b5368e8162257c56b6
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a8fc1da221a6754152a24a1892b8f688d0beed6d13b6810b0983fdc936372818
ae0eee5d1f18cb3f02a6b6cb599ca75da3598f052a01a27a3be74515043a0fab
ae86405bb86e06766521785226806906ee9c744315d41e0dc3c53e78e95e16f5
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b0eefde78d67d53fdca3445b498c4b157928c1db02178c783b19e9510ff65c82
b213afcd3bd8436fbd73562dbeac788d4f1edf8247f384567207e8437d19a2e2
b58427544754191481ace4169669db734658d06e8a485c1849df08e9cba40196
b99f88e652026d4d811f3eeba9411584440f3d735a3d79ea76cbefd25eb595a1
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bb3278dcabedf3874c62e4854ddc559fe9ddaadd6518643a0afc6b6a0e7c54bc
c752cf03fc65cd47a8e5559d1a96847770a5c7c34baada82a3dc4df7733f1e7a
c9e35994c8b8b6d1695b9eab6562297caf7149f3260d0a02b4279d5addf20451
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cfd42ca44a1d3139a1e9034e267e44a1d431c4bddf21ddc0784dec62a27d0577
d5868549c0e4575277fec018851d811d8c02aa61265d77032916cc4a7bbfd892
da248aa69a2692f8b15b912798e442ff36fab479e187842c9f40209c8fd0699d
da5b6ad5506a9f5a7498d621fdd7509a36728277f075c9f476fce9f88f4da138
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1d67e91ac1ed29cf5c6e46e5a5f6b5129a2c692c53b3f0dd42196cf3bc28eaa
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083