urlscan.io logo urlscan.io
SecurityTrails logo

ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com Open in urlscan Pro
2a05:d018:478:8a02:f988:c3d7:6b5c:d8dd  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ehs.noprod.ecare.engie.com/
Effective URL: https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
Submission: On July 01 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 22 HTTP transactions. The main IP is 2a05:d018:478:8a02:f988:c3d7:6b5c:d8dd, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 29th 2023. Valid for: a year.
This is the only time ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 18.245.60.113 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 3 2a05:d018:478... 16509 (AMAZON-02)
1 52.222.236.22 16509 (AMAZON-02)
3 2600:9000:235... 16509 (AMAZON-02)
22 5
14    18.245.60.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-113.fra60.r.cloudfront.net
ehs.noprod.ecare.engie.com
2    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a05:d018:478:8a02:f988:c3d7:6b5c:d8dd (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com
1    52.222.236.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-22.fra56.r.cloudfront.net
js-cdn.dynatrace.com
3    2600:9000:2359:9000:b:3a9f:1c80:21 (United States)

ASN16509 (AMAZON-02, US)
d2uqej7bo24sqa.cloudfront.net
Apex Domain
Subdomains		 Transfer
14 engie.com
ehs.noprod.ecare.engie.com
5 MB
3 cloudfront.net
d2uqej7bo24sqa.cloudfront.net
388 KB
3 amazoncognito.com
ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com
4 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83
781 B
1 dynatrace.com
js-cdn.dynatrace.com — Cisco Umbrella Rank: 4289
86 KB
22 5
Domain Requested by
14 ehs.noprod.ecare.engie.com ehs.noprod.ecare.engie.com
3 d2uqej7bo24sqa.cloudfront.net ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com
3 ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com 1 redirects ehs.noprod.ecare.engie.com
2 fonts.googleapis.com client
ehs.noprod.ecare.engie.com
1 js-cdn.dynatrace.com ehs.noprod.ecare.engie.com
22 5

This site contains no links.

Subject Issuer Validity Valid
noprod.ecare.engie.com
Amazon RSA 2048 M03		 2024-06-16 -
2025-07-14		 a year crt.sh
upload.video.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.auth.eu-west-1.amazoncognito.com
Amazon RSA 2048 M03		 2023-12-29 -
2025-01-26		 a year crt.sh
js-cdn.dynatrace.com
Amazon RSA 2048 M02		 2024-01-03 -
2025-01-31		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
Frame ID: 69BAB1692486DB4666343A0521F5BE13
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Signin

Page URL History Show full URLs

  1. https://ehs.noprod.ecare.engie.com/ Page URL
  2. https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fehs.noprod.ecare.engie.com%2Faut... HTTP 302
    https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

22
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

5563 kB
Transfer

5799 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ehs.noprod.ecare.engie.com/ Page URL
  2. https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fehs.noprod.ecare.engie.com%2Fauthentication&response_type=code&client_id=66omgt4gg4g8p387q32aarlam5&identity_provider=Okta&scope=email%20openid%20profile&state=h0td64JXzhNtZMipFKTH2d5HAqYJMb8J&code_challenge=BnqgrWe3Q0jFrQlovNkxoWKm9Bc-hlppIESTRQ1tsek&code_challenge_method=S256 HTTP 302
    https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ehs.noprod.ecare.engie.com/ 		90 KB
91 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
46afd4e428a05d6293f365369b052f101fac687f4414f77a46a1f49e5053725c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
content-length
92180
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
content-type
text/html
date
Mon, 01 Jul 2024 03:08:22 GMT
etag
"655ede9cb46b9668fa686957225e4b13"
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubDomains; preload
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
x-amz-cf-id
fmHCueY8F9rkm7tPmD8ykDnHs_bJ248D1rZ08eYM78fb_uHdANhfCg==
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-amz-version-id
1jGPMxaxFAuxuoVogP2133b7xmtKIv.A
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		591 B
781 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Material+Icons&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1b4d62246577dee6135cfa6bd090e515f18ee1b8525fa8c704a03365c231c61e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Jul 2024 03:08:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 03:08:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jul 2024 03:08:21 GMT
styles.e868f776bf93fb81.css
ehs.noprod.ecare.engie.com/ 		120 KB
122 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/styles.e868f776bf93fb81.css
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3a49da9d91ce4b4221a67c0c7444c41ec75bac4a7c9333a472eb4f5d9c03a016
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:22 GMT
x-amz-version-id
XYqJSofcGFDBMtm52YdGnirF3U4wiBaN
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
123091
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"7142250d67a4b34050e63099ca2fa6e0"
x-frame-options
DENY
content-type
text/css
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
o3kmoGAe4EplFqelsRCZcqYR1d9jWAs6vRmq_5msj2dApYRhoZfDVw==
runtime.b04c1ca3192007dd.js
ehs.noprod.ecare.engie.com/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/runtime.b04c1ca3192007dd.js
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8a2eeae78c75e5b5e5f30ad45681b838bce2cc0eb6481c8e75c82b95e45200f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Origin
https://ehs.noprod.ecare.engie.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:22 GMT
x-amz-version-id
lTOh4MTW4M0gMZkWC70vsDQt7ecYrka5
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
3148
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"cb51f578e529b2656f1bb5d86d0fe6aa"
x-frame-options
DENY
content-type
text/javascript
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
ZoVn-UwJQq8ZuWkb5eBcQGShXBDVDCBrXndD1PGoB9sszBNGn_c7KA==
polyfills.cb2a275602873f5c.js
ehs.noprod.ecare.engie.com/ 		60 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/polyfills.cb2a275602873f5c.js
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
adcac622f39cce61954da436917390588e018adb165eed24398205bd02371ef4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Origin
https://ehs.noprod.ecare.engie.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:22 GMT
x-amz-version-id
idzQ0OFoFiwzzo_IiTnJSUoEpW81xDAO
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
61594
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"b2a605601f8c20e6cd678d9cdfa60701"
x-frame-options
DENY
content-type
text/javascript
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
PDqyGJ9R_IpySCLVp7M-KVMrOLz7bVjgXlzw0ptf_-tFu1F7ma0A-Q==
scripts.d36c18cd45055dfd.js
ehs.noprod.ecare.engie.com/ 		164 KB
166 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/scripts.d36c18cd45055dfd.js
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bfe483138aa745afd7d8a8f18fc332ef32ca55332c2da9798c2fbd8f9c9cbf10
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:22 GMT
x-amz-version-id
0MPk_o60FvXG3KhK8Z.Vt2zaHKbhuKC2
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
168084
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"89fb658307531bfbedbdeacbb7b2cad0"
x-frame-options
DENY
content-type
text/javascript
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
prdFyD7T-MqfZVMS1xutNyxa0BUZLPYY6t-VF0aI6leHdUHzSf-5EQ==
main.24710407431e63cf.js
ehs.noprod.ecare.engie.com/ 		3 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/main.24710407431e63cf.js
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9a44615e0f2889426ee45325e9a10c3bed39f7445aac673fc5f790047f60213b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Origin
https://ehs.noprod.ecare.engie.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:22 GMT
x-amz-version-id
qt9xTc.CvYda9LaTp.WS0KaIWVJ3Hcuy
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
3433302
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"48de7dbdba2ecb5fb736c8326951f11c"
x-frame-options
DENY
content-type
text/javascript
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
Flj17aZBevCb5xMG-BCmUC9qQd3oit2aWqN5QeZrND60ZqhZWj3SSQ==
Lato-Regular.a06a19cb2e730e36.ttf
ehs.noprod.ecare.engie.com/ 		593 KB
596 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/Lato-Regular.a06a19cb2e730e36.ttf
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Origin
https://ehs.noprod.ecare.engie.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:22 GMT
x-amz-version-id
GkP_.EoVk0ryLYqs3KOdI0oauRWQ748o
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
607720
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"6d4e78225df0cfd5fe1bf3e8547fefe4"
x-frame-options
DENY
content-type
font/ttf
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
FjRi_eS-pnLTMYXQ9q-Vo0nCnRi5ly6zoT9sI_4R613G8r_aN76iZQ==
styles.e868f776bf93fb81.css
ehs.noprod.ecare.engie.com/ 		120 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/styles.e868f776bf93fb81.css
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3a49da9d91ce4b4221a67c0c7444c41ec75bac4a7c9333a472eb4f5d9c03a016
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:22 GMT
x-amz-version-id
XYqJSofcGFDBMtm52YdGnirF3U4wiBaN
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
123091
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"7142250d67a4b34050e63099ca2fa6e0"
x-frame-options
DENY
content-type
text/css
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
o3kmoGAe4EplFqelsRCZcqYR1d9jWAs6vRmq_5msj2dApYRhoZfDVw==
css
fonts.googleapis.com/ 		591 B
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Material+Icons&display=swap
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/styles.e868f776bf93fb81.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1b4d62246577dee6135cfa6bd090e515f18ee1b8525fa8c704a03365c231c61e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 03:08:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jul 2024 03:08:21 GMT
config.json
ehs.noprod.ecare.engie.com/ 		3 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/config.json
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/polyfills.cb2a275602873f5c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:23 GMT
x-amz-version-id
XcL6JWIIDd5L8imLq_C6xxLsq.OWoD4S
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
2654
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:32 GMT
server
AmazonS3
etag
"15d8133a01e9f1cded56941fe66bd004"
x-frame-options
DENY
content-type
application/json
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
XNDMxs3zpEfR0w4-ow6BBx9Jzst38apLiLMXb_mE0WkSG6qFagMm8w==
favicon.ico
ehs.noprod.ecare.engie.com/assets/images/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/assets/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:23 GMT
x-amz-version-id
UygyDz_b8lwGV39q93.FW99JsmomMkdM
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
1150
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"056806756d2e5dea525eb7c833302cd2"
x-frame-options
DENY
content-type
image/vnd.microsoft.icon
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
pJAIRijihiIcNIH98QgJLsQOMPm_SxVB4OC1MbNb_g_uARUsd6wkrA==
Primary Request error
ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/
Redirect Chain
  • https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fehs.noprod.ecare.engie.com%2Fauthentication&response_type=code&client_id=66omgt4gg4g...
  • https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/main.24710407431e63cf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:478:8a02:f988:c3d7:6b5c:d8dd Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
eb6fb7ca50b4eb8f3919ccce1375d88227dcf2bb4ca9b447de589158874137c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://ehs.noprod.ecare.engie.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-language
en-US
content-type
text/html;charset=UTF-8
date
Mon, 01 Jul 2024 03:08:23 GMT
expires
0
pragma
no-cache
server
Server
strict-transport-security
max-age=31536000 ; includeSubDomains
x-amz-cognito-request-id
d8b094ec-dd2b-4ad4-b72f-2194655c44c1
x-content-type-options
nosniff nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Mon, 01 Jul 2024 03:08:23 GMT
expires
0
location
https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
pragma
no-cache
server
Server
strict-transport-security
max-age=31536000 ; includeSubDomains
x-amz-cognito-request-id
d16f5711-cdc6-4083-81b6-30d8fff97b96
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
baee610b81e2c81e_complete.js
js-cdn.dynatrace.com/jstag/16c6bc5bd3b/bf69112zcx/ 		226 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-cdn.dynatrace.com/jstag/16c6bc5bd3b/bf69112zcx/baee610b81e2c81e_complete.js
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/main.24710407431e63cf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-22.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Origin
https://ehs.noprod.ecare.engie.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:23 GMT
content-encoding
gzip
via
1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
x-cache
Miss from cloudfront
x-oneagent-js-injection
true
server-timing
dtRpid;desc="-1832821474", dtSInfo;desc="0"
traffic-source
UNKNOWN
dynatrace-response-id
AUPXGUVF9LKJ
dynatrace-response-source
Cluster
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
timing-allow-origin
*
x-amz-cf-id
cOqD_s68oqnJ3Ywm6TaGOwsB6oPcqvGO4FzGsXO08RCHHHoeiHCZzA==
expires
Mon, 01 Jul 2024 04:08:23 GMT
en-GB.json
ehs.noprod.ecare.engie.com/assets/i18n/ 		89 KB
91 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/assets/i18n/en-GB.json?v=1719803302842
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/polyfills.cb2a275602873f5c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://ehs.noprod.ecare.engie.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:23 GMT
x-amz-version-id
gjSvbMOeWTWJ7T1g250A4Lf3xJGyfJXk
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
91590
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"b5c465f07992b5ca28b9dc007d630149"
x-frame-options
DENY
content-type
application/json
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
n6klbh3k2cBe6Q4CyrRPu-S9V70VjqAL4wOemuxHKw4WoA3McisIyw==
468.866e0ac59792ed18.js
ehs.noprod.ecare.engie.com/ 		29 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/468.866e0ac59792ed18.js
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/runtime.b04c1ca3192007dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Origin
https://ehs.noprod.ecare.engie.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:23 GMT
x-amz-version-id
TtMink9I5i5Bu.wxK0dROkD2G3kYwxE7
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
30197
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"19e2ce99f1b2ee6ff5dafd5cbaaa3683"
x-frame-options
DENY
content-type
text/javascript
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
1wTERYN2aoLx5qH1RK4aHkdQ13I1omfQk7Y0VxlBDbuQqRSDpT08xA==
common.e001811cff54cdb6.js
ehs.noprod.ecare.engie.com/ 		6 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/common.e001811cff54cdb6.js
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/runtime.b04c1ca3192007dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Origin
https://ehs.noprod.ecare.engie.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:24 GMT
x-amz-version-id
8xmROMy0bjxqsrd1lJnxKU4GNsd8esIj
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
6581
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"98673700e836e913600ff5c7c57aa239"
x-frame-options
DENY
content-type
text/javascript
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
uni3JTcEB-4aQRnAfQI3a8YYbM7o4Qzs3kbO8kcz0TQTMFfDmlFtlQ==
300.bc9303cf5b81e6dc.js
ehs.noprod.ecare.engie.com/ 		549 KB
551 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ehs.noprod.ecare.engie.com/300.bc9303cf5b81e6dc.js
Requested by
Host: ehs.noprod.ecare.engie.com
URL: https://ehs.noprod.ecare.engie.com/runtime.b04c1ca3192007dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-113.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ehs.noprod.ecare.engie.com/
Origin
https://ehs.noprod.ecare.engie.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 03:08:24 GMT
x-amz-version-id
XVlxtihFYbKFq_c6EVujoxQNRkUj7Mab
via
1.1 bd96095bb3c15c742ab4d72d1fecba6c.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P5
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
562340
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Jun 2024 12:17:29 GMT
server
AmazonS3
etag
"3ad9058d4ab389fde4227abc2aec5e0b"
x-frame-options
DENY
content-type
text/javascript
permissions-policy
geolocation=(); midi=(); notifications=(); push=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); speaker=(self ); vibrate=(); fullscreen=(self ); payment=()
accept-ranges
bytes
x-amz-cf-id
cCkDfBGE9fEjQpuV4j1uaOOUXVgmYBJYUZW-b2LAcZR8jUuYYz5U4w==
bootstrap.min.css
d2uqej7bo24sqa.cloudfront.net/20230404192231/css/ 		118 KB
119 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2uqej7bo24sqa.cloudfront.net/20230404192231/css/bootstrap.min.css
Requested by
Host: ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com
URL: https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:9000:b:3a9f:1c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b9462c3d8fc4e698687d6fa7efdd3123606f6e235a179e7cb12cdb38f8ed7978

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
h7lKIBvcKG9oC98YpafHKKozaxUoZGCH
date
Sun, 30 Jun 2024 23:25:02 GMT
via
1.1 50d1552804e5c5074606d2b5a0eb8ef8.cloudfront.net (CloudFront)
last-modified
Tue, 04 Apr 2023 19:23:22 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
13402
x-amz-server-side-encryption
AES256
etag
"5d5deb4b681ac224054b99f39c9b2a0d"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
121154
x-amz-cf-id
p6YDqVR-hqbFEJIx5vuyP7ngEVrbXTeYnP_oVUKsyibVYZsS22oZYA==
cognito-login.css
d2uqej7bo24sqa.cloudfront.net/20230404192231/css/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2uqej7bo24sqa.cloudfront.net/20230404192231/css/cognito-login.css
Requested by
Host: ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com
URL: https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:9000:b:3a9f:1c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7ae177fecdbc4dae81c93de1debd1442369e283b671dc1ecdfc1939e22d7b4b9

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
GAkZSJ6MTrgEu9NcfJt8eM8EIauwEbES
date
Sun, 30 Jun 2024 07:17:35 GMT
via
1.1 50d1552804e5c5074606d2b5a0eb8ef8.cloudfront.net (CloudFront)
last-modified
Tue, 04 Apr 2023 19:23:22 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
71448
x-amz-server-side-encryption
AES256
etag
"278e305ee19c693f0f40a9b3d45232d2"
x-cache
Hit from cloudfront
content-type
text/css
accept-ranges
bytes
content-length
6189
x-amz-cf-id
GuagiOZruKjPOjimKNZ_DQxrv83QBEu4F8QgLWdutN8WAjCsh_8aHQ==
amazon-cognito-advanced-security-data.min.js
d2uqej7bo24sqa.cloudfront.net/20230404192231/js/ 		262 KB
263 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2uqej7bo24sqa.cloudfront.net/20230404192231/js/amazon-cognito-advanced-security-data.min.js
Requested by
Host: ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com
URL: https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2359:9000:b:3a9f:1c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
621362b5b7b6513a58acef7fe9fe717093d1186a25b4a429c20e09e2a54c9ace

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
FHvQB._r2C8QX8sWT1IztysfIPPJn6OQ
date
Sun, 30 Jun 2024 05:10:53 GMT
via
1.1 50d1552804e5c5074606d2b5a0eb8ef8.cloudfront.net (CloudFront)
last-modified
Tue, 04 Apr 2023 19:23:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P10
age
79075
x-amz-server-side-encryption
AES256
etag
"4814db152a90cc13f0b45d636896ca99"
x-cache
Hit from cloudfront
content-type
application/x-javascript
accept-ranges
bytes
content-length
268377
x-amz-cf-id
g9NN_qsJvmcPfsXOmtt3oWObWDPQUIchzju4v8FMZ2UUKUetglYXVg==
favicon.ico
ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/ 		63 B
383 B 		Other
General
Check archive.org
Download Go to
Full URL
https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:478:8a02:f988:c3d7:6b5c:d8dd Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
361c7bc50422d52c1ed23f478b77e6ef2554bd2f2c032fd7c7c04e81f268026a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 03:08:23 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
server
Server
x-amz-cognito-request-id
2c5bc3dd-e9f3-442f-b904-d2cd8b75252d
x-frame-options
DENY
content-type
application/json;charset=UTF-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
63
x-xss-protection
1; mode=block
expires
0

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage boolean| __fwcimLoaded object| AWSCognitoContextData object| _crypto function| setImmediate function| clearImmediate object| AmazonCognitoAdvancedSecurityData function| Zepto function| $ function| getAdvancedSecurityData function| getUrlParameter function| onSubmit function| onSubmitLoginForm object| fwcim

6 Cookies

Domain/Path Name / Value
ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/ Name: XSRF-TOKEN
Value: 8cd68612-8930-472e-8c34-330346dc572a
.engie.com/ Name: dtCookie
Value: v_4_srv_-2D86_sn_NTE11UECVRDL54JHGUPP2FRDOJEQ8BIA
.engie.com/ Name: rxVisitor
Value: 1719803303438PB646C3N63FV06ICQR8UFSM0BSICE00V
.engie.com/ Name: dtSa
Value: -
.engie.com/ Name: rxvt
Value: 1719805103466|1719803303442
.engie.com/ Name: dtPC
Value: -86$203303430_838h-vRSRBRJLHKHWPKGHRADGKFGPHFEKHPNJQ-0e0

3 Console Messages

Source Level URL
Text
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
network error URL: https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/error?error=redirect_mismatch&client_id=66omgt4gg4g8p387q32aarlam5
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://ecare-monitoring-app-noprod.auth.eu-west-1.amazoncognito.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; font-src 'self' fonts.gstatic.com; worker-src 'self' 'unsafe-inline' blob:; img-src 'self' blob: data: api.mapbox.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.oktacdn.com; script-src 'self' 'unsafe-inline' ecare-monitoring-a0a32.firebaseio.com *.hotjar.com s-usc1c-nss-363.firebaseio.com www.gstatic.com js-cdn.dynatrace.com www.googletagmanager.com cdn.jsdelivr.net consent.cookiebot.com consentcdn.cookiebot.com; frame-src signin-preview.digital.engie.com signin-pprod.digital.engie.com signin.digital.engie.com consentcdn.cookiebot.com s-usc1c-nss-363.firebaseio.com;connect-src 'self' *.googleapis.com wss://*.firebaseio.com *.bf.dynatrace.com *.ecare.engie.com www.google-analytics.com consentcdn.cookiebot.com *.amazonaws.com *.amazoncognito.com; manifest-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block