www.carlos-authtoken-response.testing.gext.co Open in urlscan Pro
34.236.113.150 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.carlos-authtoken-response.testing.gext.co/
Submission: On March 07 via automatic, source certstream-suspicious (March 7th 2023, 10:30:28 pm UTC) — Scanned from DE

Summary HTTP 107 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 7 domains to perform 107 HTTP transactions. The main IP is 34.236.113.150, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.carlos-authtoken-response.testing.gext.co.
TLS certificate: Issued by R3 on March 7th 2023. Valid for: 3 months.

This is the only time www.carlos-authtoken-response.testing.gext.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	34.236.113.150 34.236.113.150	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:dc:... 2a02:26f0:dc:388::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	151.101.192.176 151.101.192.176	54113 (FASTLY) (FASTLY)
5	2600:9000:225... 2600:9000:2251:1200:d:274d:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	35.188.42.15 35.188.42.15	15169 (GOOGLE) (GOOGLE)
30	2606:4700:440... 2606:4700:4400::ac40:91e2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	54.187.119.242 54.187.119.242	16509 (AMAZON-02) (AMAZON-02)
1	54.68.255.140 54.68.255.140	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223c:a000:1c:58a3:4780:93a1	16509 (AMAZON-02) (AMAZON-02)
2	3.213.11.165 3.213.11.165	14618 (AMAZON-AES) (AMAZON-AES)
1	34.205.162.149 34.205.162.149	14618 (AMAZON-AES) (AMAZON-AES)
1	52.48.40.73 52.48.40.73	16509 (AMAZON-02) (AMAZON-02)
107	13

29 34.236.113.150 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-113-150.compute-1.amazonaws.com

www.carlos-authtoken-response.testing.gext.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:dc:388::13b8 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.192.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2251:1200:d:274d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

apps.bazaarvoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.188.42.15 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 15.42.188.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2606:4700:4400::ac40:91e2 (United States)

ASN13335 (CLOUDFLARENET, US)

images.grove.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.68.255.140 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-68-255-140.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:a000:1c:58a3:4780:93a1 (United States)

ASN16509 (AMAZON-02, US)

analytics-static.ugc.bazaarvoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.213.11.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-11-165.compute-1.amazonaws.com

network-stg-a.bazaarvoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.205.162.149 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-205-162-149.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.40.73 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-40-73.eu-west-1.compute.amazonaws.com

stg.api.bazaarvoice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	stripe.com js.stripe.com — Cisco Umbrella Rank: 1051 q.stripe.com — Cisco Umbrella Rank: 6717 m.stripe.com — Cisco Umbrella Rank: 1056	179 KB
30	grove.co images.grove.co — Cisco Umbrella Rank: 174875	595 KB
29	gext.co www.carlos-authtoken-response.testing.gext.co	1 MB
9	bazaarvoice.com apps.bazaarvoice.com — Cisco Umbrella Rank: 3603 analytics-static.ugc.bazaarvoice.com — Cisco Umbrella Rank: 6642 network-stg-a.bazaarvoice.com — Cisco Umbrella Rank: 115466 stg.api.bazaarvoice.com — Cisco Umbrella Rank: 107180	80 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1159	17 KB
2	optimizely.com cdn.optimizely.com — Cisco Umbrella Rank: 742 logx.optimizely.com — Cisco Umbrella Rank: 1237	117 KB
1	sentry.io sentry.io — Cisco Umbrella Rank: 241	435 B
107	7

	Domain	Requested by
30	images.grove.co	www.carlos-authtoken-response.testing.gext.co
29	www.carlos-authtoken-response.testing.gext.co	www.carlos-authtoken-response.testing.gext.co
26	q.stripe.com	www.carlos-authtoken-response.testing.gext.co
6	js.stripe.com	www.carlos-authtoken-response.testing.gext.co js.stripe.com
5	apps.bazaarvoice.com	www.carlos-authtoken-response.testing.gext.co apps.bazaarvoice.com
2	network-stg-a.bazaarvoice.com	www.carlos-authtoken-response.testing.gext.co
2	m.stripe.network	js.stripe.com m.stripe.network
1	stg.api.bazaarvoice.com	www.carlos-authtoken-response.testing.gext.co
1	logx.optimizely.com	www.carlos-authtoken-response.testing.gext.co
1	analytics-static.ugc.bazaarvoice.com	apps.bazaarvoice.com
1	m.stripe.com	m.stripe.network
1	sentry.io	www.carlos-authtoken-response.testing.gext.co
1	cdn.optimizely.com	www.carlos-authtoken-response.testing.gext.co
107	13

This site contains links to these domains. Also see Links.

Domain
community.grove.co
www.grove.co
grove.co
investors.grove.co
www.bcorporation.net
www.facebook.com
www.instagram.com
www.twitter.com
www.pinterest.com
www.tiktok.com
preferences.grove.co

Subject Issuer	Validity	Valid
carlos-authtoken-response.testing.gext.co R3	`2023-03-07` - `2023-06-05`	3 months	crt.sh
cdn.optimizely.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-30` - `2023-10-30`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2023-02-06` - `2023-05-13`	3 months	crt.sh
*.bazaarvoice.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-19` - `2023-05-20`	a year	crt.sh
sentry.io DigiCert TLS RSA SHA256 2020 CA1	`2022-06-03` - `2023-07-04`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-07` - `2023-06-06`	a year	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-14` - `2023-06-13`	4 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-08` - `2023-04-08`	3 months	crt.sh
analytics-static.ugc.bazaarvoice.com Amazon RSA 2048 M02	`2023-02-28` - `2023-10-04`	7 months	crt.sh
logx.optimizely.com Amazon RSA 2048 M01	`2023-02-27` - `2023-08-22`	6 months	crt.sh
*.api.bazaarvoice.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.carlos-authtoken-response.testing.gext.co/
Frame ID: EE107FC9ABF5420C8A542707A416B21B
Requests: 74 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: D914C166E490FAC11D8FC57D04AFCD1F
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: B1C3524BBFF41E504EA3156BA9CF442D
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fwww.carlos-authtoken-response.testing.gext.co&stripe_xdm_c=default670401&stripe_xdm_p=1
Frame ID: 1DAFC4113CE5FAC5CB8FB38B96C08B13
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cleaning & Beauty Products for Sustainable Homes | Grove CollaborativedropdowndropdownCart IconCertified B Corporation

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

Page Statistics

107
Requests

99 %
HTTPS

33 %
IPv6

7
Domains

13
Subdomains

13
IPs

3
Countries

2066 kB
Transfer

5567 kB
Size

9
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://community.grove.co/hc/en-us/categories/200113215-FAQ/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://www.grove.co/g/drew
Title: Shop Drew’s Favorites

Search URL Search Domain Scan URL

URL: https://www.grove.co/beyondplastic/
Title: Read About Beyond Plastic

Search URL Search Domain Scan URL

URL: https://www.grove.co/catalog/?category=grove-collaborative
Title: Explore Grove Co.

Search URL Search Domain Scan URL

URL: https://www.grove.co/g/peach/
Title: Meet Peach

Search URL Search Domain Scan URL

URL: https://www.grove.co/s/grove
Title: Read Our Standards

Search URL Search Domain Scan URL

URL: https://grove.co/contact/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://community.grove.co/hc/en-us/categories/200113215-FAQ
Title: FAQ

Search URL Search Domain Scan URL

URL: https://investors.grove.co/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.bcorporation.net/en-us/find-a-b-corp/company/grove-collaborative
Title: Certified B Corp

Search URL Search Domain Scan URL

URL: https://www.facebook.com/GroveCollab/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/grovecollaborative/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.twitter.com/grovecollab/
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/grovecollab/
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@grovecollaborative/
Title: TikTok

Search URL Search Domain Scan URL

URL: https://preferences.grove.co/dont_sell
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

107 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.carlos-authtoken-response.testing.gext.co/ 8 KB
3 KB 2170ms
1860ms Document
text/html 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

9387f1ed6fc11f86366eeb6df37267fe30ac93b722ad27b282de17c153cb6c87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
content-encoding: gzip
content-length: 2603
content-type: text/html; charset=utf-8
date: Tue, 07 Mar 2023 22:30:20 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Host, Referer, Accept-Encoding, Cookie, Origin
x-frame-options: SAMEORIGIN

GET
H2 200 ValueSerif-Bold-Web.woff2
www.carlos-authtoken-response.testing.gext.co/staticfiles/fonts/Value/ 44 KB
43 KB 521ms
518ms Font
font/woff2 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/staticfiles/fonts/Value/ValueSerif-Bold-Web.woff2

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

cb752f0006454f7f6ab2e97a9b484b4f581bc81942d437f7cc6e79406454f048

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/
Origin: https://www.carlos-authtoken-response.testing.gext.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://www.carlos-authtoken-response.testing.gext.co
cache-control: no-store

GET
H2 200 ValueSans-Regular-Pro.woff2
www.carlos-authtoken-response.testing.gext.co/staticfiles/fonts/Value/ 54 KB
54 KB 421ms
418ms Font
font/woff2 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/staticfiles/fonts/Value/ValueSans-Regular-Pro.woff2

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

7ae5bd80ab0764a259c799a3e873407c273505750104eef0b340fecf2d35e854

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/
Origin: https://www.carlos-authtoken-response.testing.gext.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://www.carlos-authtoken-response.testing.gext.co
cache-control: no-store

GET
H2 200 ValueSans-Medium-Pro.woff2
www.carlos-authtoken-response.testing.gext.co/staticfiles/fonts/Value/ 55 KB
56 KB 129ms
126ms Font
font/woff2 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/staticfiles/fonts/Value/ValueSans-Medium-Pro.woff2

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

2c43a3daee35ba5940322e0fb528761ee6f51f43bee17d1a0988cd36b6d312d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/
Origin: https://www.carlos-authtoken-response.testing.gext.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://www.carlos-authtoken-response.testing.gext.co
cache-control: no-store

GET
H2 200 assets.216a09c63345dc5d02ad.js Show response
www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/ 20 KB
7 KB 332ms
329ms Script
application/javascript 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/assets.216a09c63345dc5d02ad.js

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

10815d26cb7ca83d7879cb6e30eb2138ac60a7a1464563773a20090fa2eeedd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: no-store

GET
H2 200 vendor.a7f30180b84617931d04.js Show response
www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/ 1 MB
309 KB 333ms
331ms Script
application/javascript 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

3b70e77e335a33a9cf75023b05ba98e9533ee3944bca4941e86a506bc38c56a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: no-store

GET
H2 200 ads.220e06fdd6106adce661.js Show response
www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/ 73 B
336 B 329ms
326ms Script
application/javascript 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/ads.220e06fdd6106adce661.js

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

e373f18dbf8437a3aac6b247664cdfb9b0044e25f6c6dfc03d240c57a52d417d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: no-store

GET
H2 200 main.c920c1d3166b0f179015.js Show response
www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/ 1 MB
284 KB 326ms
324ms Script
application/javascript 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/main.c920c1d3166b0f179015.js

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

c1e844569bd6125c1081581c7e2f877dc729fb6ba5e5f6736d0d37dc5b72b334

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: no-store

GET
H2 200 main.e035ec9ab93818ac2347.css
www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/ 549 KB
80 KB 519ms
517ms Stylesheet
text/css 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/main.e035ec9ab93818ac2347.css

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

65d730ff2ac52b5c05ac920c7f89859960b92f72fab700d6a78cfff63f9e9523

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: no-store

GET
H2 200 312229649.js Show response
cdn.optimizely.com/js/ 389 KB
117 KB 224ms
136ms Script
text/javascript 2a02:26f0:dc:388::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/312229649.js

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:388::13b8 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

cd7680d5391505ce96d6eaa98e7afd1f1f4716d3bef18113ace104f5da03983d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-amz-meta-pci_enabled: True
x-amz-version-id: KEoG8I1.GFvtDi50y2NYdTJC0tElCCB9
content-encoding: gzip
date: Tue, 07 Mar 2023 22:30:20 GMT
strict-transport-security: max-age=15768000
x-amz-request-id: H6QCMYPTMET71MSV
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 19503
x-amz-replication-status: COMPLETED
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=17, origin; dur=100, cdn;desc="AkamaiION";dur=0,rtt;desc="16";dur=0,cdnip;desc="2a02:26f0:dc:388::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0, ak_p; desc="466174_1750271006_7101720_11702_1133_16_0";dur=1
content-length: 118499
x-amz-id-2: 6KgpdqlGKSlcfvG3HAVQgO5AzdeTxG9pum5RG3NuLh9vx+/b2CAzsZEneWwc4F3O3ixlLUBbJFg=
last-modified: Fri, 03 Mar 2023 00:46:21 GMT
server: AmazonS3
etag: "b239563000d53a95fe8aa432581d87ef"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 v3 Show response
js.stripe.com/ 439 KB
118 KB 45ms
9ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

3491a46d0db7015d9f9d0f4f43db792c94fdf4d9cd44bcb2702f15ffeae34f56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 07 Mar 2023 22:30:20 GMT
via: 1.1 varnish
age: 3
x-cache: HIT
content-length: 120538
x-request-id: 37f9a948-a0fe-4f80-95bb-54ff61a46195
x-served-by: cache-hhn-etou8220030-HHN
last-modified: Tue, 07 Mar 2023 21:11:25 GMT
server: Fastly
etag: "f85bc6dfe980d9a0902a7805687455fd"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1

GET
H2 200 analytics.5848ef8b99c7086afdcd.js Show response
www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/ 176 KB
53 KB 424ms
423ms Script
application/javascript 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/analytics.5848ef8b99c7086afdcd.js

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

a1eeab92b184fa0db54af96883849a93f6759ce969503a7e8913425ed9d3f887

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: no-store

GET
H2 200 bv.js Show response
apps.bazaarvoice.com/deployments/grovecollaborative/main_site/staging/en_US/ 65 KB
21 KB 513ms
439ms Script
text/javascript 2600:9000:2251:1200:d:274d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.bazaarvoice.com/deployments/grovecollaborative/main_site/staging/en_US/bv.js

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:1200:d:274d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d749d7b3717ccac27965d5ab5637a9290c8ed7eb9569c1b720bb94d01f81da8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-amz-version-id: 4AYmPLPXuaYSTx4lXh5naRP_uBeMEqqb
content-encoding: gzip
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-cf-pop: FRA60-P3
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 20752
last-modified: Wed, 25 May 2022 15:29:48 GMT
server: AmazonS3
etag: "1f2b5039a8fbbdacbc8cfd3094992b91"
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: 3dxScR2YsKCsICz3lF4zlnuDR0YNK0kGI1edAhPX_Wfj-jIjqAJztg==

GET
H2 200 ValueSans-Regular-Pro.woff2
www.carlos-authtoken-response.testing.gext.co/fonts/Value/ 54 KB
54 KB 122ms
122ms Font
font/woff2 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/fonts/Value/ValueSans-Regular-Pro.woff2

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/main.e035ec9ab93818ac2347.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

7ae5bd80ab0764a259c799a3e873407c273505750104eef0b340fecf2d35e854

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/main.e035ec9ab93818ac2347.css
Origin: https://www.carlos-authtoken-response.testing.gext.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://www.carlos-authtoken-response.testing.gext.co
cache-control: no-store

GET
BLOB 200
OK 9273726f-f12a-498e-b016-8dbf844558c7
https://www.carlos-authtoken-response.testing.gext.co/ 153 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.carlos-authtoken-response.testing.gext.co/9273726f-f12a-498e-b016-8dbf844558c7
Requested by: Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aeb74a4730502f28979422b63dc2febe2be725575ab3f1bcc0ebb91304ece1b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Length: 156996
Content-Type: text/css

POST
H/1.1 200
OK / Show response
sentry.io/api/95244/envelope/ 2 B
435 B 488ms
114ms Fetch
application/json 35.188.42.15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/95244/envelope/?sentry_key=01eaed07ecd944a2b546d9d7ab7d87b9&sentry_version=7

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

15.42.188.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 07 Mar 2023 22:30:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: nginx
vary: Origin
Content-Type: application/json
access-control-allow-origin: https://www.carlos-authtoken-response.testing.gext.co
access-control-expose-headers: x-sentry-rate-limits, x-sentry-error, retry-after
x-envoy-upstream-service-time: 0
Connection: keep-alive
Content-Length: 2

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/session/ 624 B
549 B 130ms
129ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/session/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

1d809cb8697938f33eb8bfbf9e7255a2f173c0da87a920e96c251705d40ef7b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228221368
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3188.1000003814697

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 253

GET
H2 200 v2 Show response
js.stripe.com/ 62 KB
22 KB 7ms
7ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v2

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/main.c920c1d3166b0f179015.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

91ab93b25227f8a29a716fdc41831b0a8a8729d8cde9f8adb29f4c8392457b9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 07 Mar 2023 22:30:21 GMT
via: 1.1 varnish
age: 13
x-cache: HIT
content-length: 21836
x-request-id: e10673b4-c261-42c8-baa3-6804e5e37de9
x-served-by: cache-hhn-etou8220030-HHN
last-modified: Thu, 03 Feb 2022 12:42:55 GMT
server: Fastly
etag: "4e0e5080f8f45588fcc33b82ee08fa3c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 5

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/constance-config/ 2 KB
917 B 135ms
133ms Fetch
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/constance-config/?params=all

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

95cd680c4f8d0a77a80cfec30fde757ac582c6654cbb8be5f6187871c606c356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/vnd.api+json
Referer: https://www.carlos-authtoken-response.testing.gext.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 621

GET
H2 200 grove-wordmark-cream.svg
images.grove.co/upload/v1544488331/global/ 12 KB
4 KB 63ms
29ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1544488331/global/grove-wordmark-cream.svg

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

754def9195227564b1c7a4f596f95530cfbb998286f1198abe1fc61faf13aa22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 22732
edge-cache-tag: 235029407830451067844895301428530304857,711df32ff0532a6c4e3a9b4e5cf3edc2
content-disposition: attachment; filename="grove-wordmark-cream.svg"
server-timing: fastly;dur=5;cpu=0;start=2023-03-07T13:59:56.037Z;desc=hit,rtt;dur=0
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 11 Dec 2018 00:32:12 GMT
server: cloudflare
etag: W/"f2a57e06caf04bbe069df962395dd7a4"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=2569268
cf-ray: 7a4648502a112c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:11:29 GMT

GET
H2 200 b-corp.svg
images.grove.co/upload/v1554326506/global/Icons/svg-icons/ 5 KB
2 KB 65ms
30ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1554326506/global/Icons/svg-icons/b-corp.svg

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0709a44f588b0a23b07d6036ab2977f20b634e169f6acea858455045865280e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 25363
edge-cache-tag: 307348137325933641725417585393474824059,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~63812f6b85c92efe5f548b578f7e7d47d5013bc3
content-disposition: attachment; filename="b-corp.svg"
server-timing: fastly;dur=78;cpu=0;start=2023-03-07T13:59:43.780Z;desc=miss,rtt;dur=0,cloudinary;dur=56;start=2023-03-07T13:59:43.793Z
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 04 Apr 2019 11:46:05 GMT
server: cloudflare
etag: W/"c6122f36c1b0a68c8cd774daee940897"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=2566637
cf-ray: 7a4648502a172c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 15:27:38 GMT

GET
H2 200 facebook.svg
images.grove.co/upload/v1554326506/global/Icons/svg-icons/ 2 KB
1 KB 68ms
33ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1554326506/global/Icons/svg-icons/facebook.svg

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85a35faa1804605b680b8ec87bcaa93a1ef3ee7ca042ebb6f7355e391052bb27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 22885
content-disposition: attachment; filename="facebook.svg"
server-timing: cloudflare;dur=139;start=2023-03-07T16:08:56.372Z;desc=hit
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 16 Jul 2019 22:53:20 GMT
server: cloudflare
etag: W/"36895a1e4f457973a59cd0d3e6a6ddb9"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, max-age=86400
cf-ray: 7a4648502a122c2e-FRA
timing-allow-origin: *
expires: Wed, 08 Mar 2023 22:30:21 GMT

GET
H2 200 instagram.svg
images.grove.co/upload/v1554326506/global/Icons/svg-icons/ 2 KB
1 KB 61ms
27ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1554326506/global/Icons/svg-icons/instagram.svg

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f6f6dd90c37972459c13b6d66e95846d7c4402a3d1cfadf18575d662ecfa1b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 23303
content-disposition: attachment; filename="instagram.svg"
server-timing: cloudflare;dur=128;start=2023-03-07T16:01:58.850Z;desc=hit
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 03 Apr 2019 21:22:10 GMT
server: cloudflare
etag: W/"42d6d5e3b4eaeab885303b5aebf231b1"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, max-age=86400
cf-ray: 7a4648502a142c2e-FRA
timing-allow-origin: *
expires: Wed, 08 Mar 2023 22:30:21 GMT

GET
H2 200 twitter.svg
images.grove.co/upload/v1554326506/global/Icons/svg-icons/ 696 B
1 KB 66ms
32ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1554326506/global/Icons/svg-icons/twitter.svg

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e578461394cc03c9f9f8dd8d6b5a4885bc4e73403e75556d7c2e17343983e06d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 22885
content-disposition: attachment; filename="twitter.svg"
server-timing: cloudflare;dur=122;start=2023-03-07T16:08:56.652Z;desc=hit
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 03 Apr 2019 21:22:21 GMT
server: cloudflare
etag: W/"93657d14a8b1c8da897fde0d674f5a5c"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, max-age=86400
cf-ray: 7a4648502a162c2e-FRA
timing-allow-origin: *
expires: Wed, 08 Mar 2023 22:30:21 GMT

GET
H2 200 pinterest.svg
images.grove.co/upload/v1554326506/global/Icons/svg-icons/ 897 B
1 KB 59ms
25ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1554326506/global/Icons/svg-icons/pinterest.svg

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a487fe6bd352138eb61cf0906f5c8b840bccc69a53506641d6492a72af2d4447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 25362
edge-cache-tag: 374699917000169542931650615617391482630,711df32ff0532a6c4e3a9b4e5cf3edc2
content-disposition: attachment; filename="pinterest.svg"
server-timing: fastly;dur=2;cpu=0;start=2023-03-07T14:00:01.617Z;desc=hit,rtt;dur=1
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 03 Apr 2019 21:22:13 GMT
server: cloudflare
etag: W/"e4926f76807f877fe5085cfaf591640b"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=2566638
cf-ray: 7a4648502a132c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 15:27:39 GMT

GET
H2 200 tiktok.svg
images.grove.co/upload/v1554326506/global/Icons/svg-icons/ 1 KB
1 KB 27ms
27ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1554326506/global/Icons/svg-icons/tiktok.svg

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3f323a59a589397a9ddbceb133cc33f66aba0ae8df40f977556b9fbab66715e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 22732
edge-cache-tag: 269382379005706117021162083787677446098,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~eb38ed7685b177d71c2d0822ae3079036002551d
content-disposition: attachment; filename="tiktok.svg"
server-timing: fastly;dur=365;cpu=1;start=2023-03-07T13:59:44.017Z;desc=miss,rtt;dur=8,cloudinary;dur=117;start=2023-03-07T13:59:44.144Z
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 08 Nov 2021 20:15:56 GMT
server: cloudflare
etag: W/"bed42dccc3ca922bf0f632dc4a40441d"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=2569268
cf-ray: 7a4648504a492c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 16:11:29 GMT

GET
H2 200 ValueSans-Medium-Pro.woff2
www.carlos-authtoken-response.testing.gext.co/fonts/Value/ 55 KB
56 KB 110ms
109ms Font
font/woff2 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/fonts/Value/ValueSans-Medium-Pro.woff2

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/main.e035ec9ab93818ac2347.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

2c43a3daee35ba5940322e0fb528761ee6f51f43bee17d1a0988cd36b6d312d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/main.e035ec9ab93818ac2347.css
Origin: https://www.carlos-authtoken-response.testing.gext.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://www.carlos-authtoken-response.testing.gext.co
cache-control: no-store

GET
H2 200 m-outer-93afeeb17bc37e711759584dbfc50d47.html Show response
js.stripe.com/v3/ Frame D914 200 B
786 B 9ms
8ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 7763118
cache-control: max-age=31536000
content-encoding: br
content-length: 122
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 07 Mar 2023 22:30:21 GMT
etag: "93afeeb17bc37e711759584dbfc50d47"
last-modified: Wed, 07 Dec 2022 23:30:12 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 516015
x-content-type-options: nosniff
x-request-id: b88d9cc1-8f47-4515-bd49-2d2d2373f91b
x-served-by: cache-hhn-etou8220030-HHN

POST
H2 200 csp-report
q.stripe.com/ Frame D914 0
601 B 725ms
345ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame D914 0
600 B 732ms
352ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 8
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 m-outer-8cb24ab2d649fd36a488d04d8c457933.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame D914 631 B
633 B 10ms
9ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 07 Mar 2023 22:30:21 GMT
via: 1.1 varnish
age: 7763118
x-cache: HIT
content-length: 332
x-request-id: 8507bc29-0980-4f9e-8f8e-d43113bf7c6a
x-served-by: cache-hhn-etou8220030-HHN
last-modified: Wed, 07 Dec 2022 23:30:11 GMT
server: Fastly
etag: "f8f6a4584135f737b26927596ce6e0a7"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 467322

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/session/ 624 B
549 B 148ms
147ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/session/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

1d809cb8697938f33eb8bfbf9e7255a2f173c0da87a920e96c251705d40ef7b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228221546
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3366.400001525879

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 253

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/offer/3760/ 2 KB
1 KB 404ms
403ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/offer/3760/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

e5edbcc9e9d69fe60fa5f152dce6f7cc51bdb9ec02412ecc9608fa6cf7919375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228221548
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3368

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 821

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/customer/361545275/ 6 KB
1 KB 189ms
189ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/customer/361545275/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

1ee6f56bc9f4b8e3c466ffed1b88cb867b72cacd637fa6da08b08778cf971435

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228221549
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3369.6000003814697

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, PATCH, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 1093

GET
H2 200 inner.html Show response
m.stripe.network/ Frame B1C3 930 B
1 KB 26ms
12ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 126
cache-control: max-age=300, public
content-encoding: gzip
content-length: 527
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 07 Mar 2023 22:30:21 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 125
x-content-type-options: nosniff
x-request-id: 1ef60f23-354c-41cb-9c48-a63e98672ea1
x-served-by: cache-hhn-etou8220030-HHN
x-timer: S1678228222.567905,VS0,VE0

GET
H2 200 channel.html Show response
js.stripe.com/v2/ Frame 1DAF 1 KB
982 B 7ms
6ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fwww.carlos-authtoken-response.testing.gext.co&stripe_xdm_c=default670401&stripe_xdm_p=1

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

a3e859b8149a06247853276aa0b4c79c4f3d0d63e91baf88bf96b76fbfc1b492

Security Headers

Name	Value
Content-Security-Policy	report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 120
cache-control: public, max-age=300
content-encoding: br
content-length: 563
content-security-policy: report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: default-src 'self'; connect-src https://api.stripe.com; base-uri 'none'; form-action 'none'; img-src 'self' https://q.stripe.com; script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 07 Mar 2023 22:30:21 GMT
etag: "19af0c6cc7a0bca20a355b3362dc64a0"
last-modified: Tue, 05 Oct 2021 15:24:12 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 19
x-content-type-options: nosniff
x-request-id: 04bc74ea-bf6f-4aa4-bd39-284b6ec7aaf1
x-served-by: cache-hhn-etou8220030-HHN

POST
H2 200 csp-report
q.stripe.com/ Frame B1C3 0
374 B 651ms
352ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

x-stripe-bg-intended-route-color: green
pragma: no-cache
date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
server: nginx
cross-origin-opener-policy: same-origin
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 8
x-robots-tag: none
content-length: 0
expires: 0

GET
H2 200 out-4.5.42.js Show response
m.stripe.network/ Frame B1C3 86 KB
16 KB 10ms
7ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.42.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Tue, 07 Mar 2023 22:30:21 GMT
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 varnish
age: 113
x-cache: HIT
content-length: 16031
x-request-id: b498a385-7bb4-4b15-ae06-6d0d389ed101
x-served-by: cache-hhn-etou8220030-HHN
server: Fastly
x-timer: S1678228222.606109,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 111

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
601 B 645ms
353ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 10
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 636ms
346ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 636ms
346ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
601 B 645ms
356ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 13
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 634ms
346ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
601 B 648ms
361ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 18
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
601 B 188ms
187ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 13
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
601 B 194ms
192ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 19
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
601 B 189ms
187ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 13
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 179ms
177ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
601 B 189ms
188ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 13
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
601 B 188ms
186ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 13
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
601 B 187ms
186ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 13
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 350ms
348ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 350ms
349ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 347ms
345ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 352ms
350ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 351ms
350ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 5
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 353ms
351ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 8
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 349ms
348ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 354ms
352ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 8
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 354ms
353ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 9
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame 1DAF 0
600 B 348ms
347ms Other
text/plain 54.187.119.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-119-242.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-upstream-service-time: 2
content-length: 0
x-stripe-bg-intended-route-color: green
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://js.stripe.com
access-control-expose-headers: Server, Range, Content-Type
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 / Show response
js.stripe.com/v2/ Frame 1DAF 62 KB
22 KB 7ms
6ms Script
application/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v2/

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fwww.carlos-authtoken-response.testing.gext.co&stripe_xdm_c=default670401&stripe_xdm_p=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

91ab93b25227f8a29a716fdc41831b0a8a8729d8cde9f8adb29f4c8392457b9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fwww.carlos-authtoken-response.testing.gext.co&stripe_xdm_c=default670401&stripe_xdm_p=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Tue, 07 Mar 2023 22:30:21 GMT
via: 1.1 varnish
age: 14
x-cache: HIT
content-length: 21836
x-request-id: 7c5a2dff-091f-4324-814f-dd9571d0655d
x-served-by: cache-hhn-etou8220030-HHN
last-modified: Thu, 03 Feb 2022 12:42:55 GMT
server: Fastly
etag: "4e0e5080f8f45588fcc33b82ee08fa3c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 6

POST
H2 200 6 Show response
m.stripe.com/ Frame B1C3 156 B
552 B 575ms
184ms XHR
application/json 54.68.255.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.68.255.140 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-68-255-140.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

10b2f1eb60a9cb8d1190988a9a4040c3ab71d7429b8e1d72a2742581f2ec3d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: blue
date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: nginx
content-type: application/json;charset=utf-8
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 api-0.8.1.js Show response
apps.bazaarvoice.com/apps/api/ 32 KB
10 KB 7ms
7ms Script
text/javascript 2600:9000:2251:1200:d:274d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.bazaarvoice.com/apps/api/api-0.8.1.js

Requested by

Host: apps.bazaarvoice.com
URL: https://apps.bazaarvoice.com/bv.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:1200:d:274d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0be51ecda1851e22ee9644e9fc3c301b3ac0dc8b89fad8cf9789d16914682277

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 02 Mar 2023 04:20:49 GMT
content-encoding: br
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-amz-version-id: 5Xl4tfnhid2uSgxkFj2D8frBrxe8YCJY
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-cf-pop: FRA60-P3
age: 497373
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 9470
last-modified: Thu, 07 Apr 2022 10:26:19 GMT
server: AmazonS3
etag: "bf6f465bd6a9ad8f9f8abcdcb3ab21b9"
vary: Origin
content-type: text/javascript;charset=UTF-8
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: ts1-lnNOS5TMu1OhnGJoP2MyuJaLEoduhtXgcgmRUw-LCSatRQ4CiQ==

GET
H2 200 api-config.js Show response
apps.bazaarvoice.com/deployments/grovecollaborative/main_site/staging/en_US/ 2 KB
1 KB 149ms
148ms Script
text/javascript 2600:9000:2251:1200:d:274d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.bazaarvoice.com/deployments/grovecollaborative/main_site/staging/en_US/api-config.js

Requested by

Host: apps.bazaarvoice.com
URL: https://apps.bazaarvoice.com/bv.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:1200:d:274d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f890c866e5948494bc61489705df41e05b4e1713ceae885ba1e8e4b60344ab20

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
content-encoding: gzip
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-amz-version-id: H07keS8alR.TR9oBEFZK1XgQKLEQeiUq
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-length: 796
last-modified: Wed, 25 May 2022 15:29:44 GMT
server: AmazonS3
etag: "348bc1280a47bf1e612b732737bceb17"
vary: Origin
content-type: text/javascript;charset=UTF-8
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: bb8ME7VWJOzFvZoiasjHUBYML7fH16reBYeQPs8qu6Kxktj5th17LQ==

GET
H2 200 bv-analytics.js Show response
analytics-static.ugc.bazaarvoice.com/prod/static/latest/ 40 KB
13 KB 42ms
11ms Script
application/javascript 2600:9000:223c:a000:1c:58a3:4780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics-static.ugc.bazaarvoice.com/prod/static/latest/bv-analytics.js
Requested by: Host: apps.bazaarvoice.com
URL: https://apps.bazaarvoice.com/bv.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a000:1c:58a3:4780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7d22f48243f28ae0d3cfbbc0ec1919450e5249f32645dfdf104c83d0b5cfd00c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 07:25:33 GMT
content-encoding: gzip
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-version-id: yBTyGpHhnLO_7eDvLLvxQPPhpPacQnEX
x-amz-cf-pop: FRA56-P2
age: 54289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 12865
last-modified: Tue, 28 Feb 2023 07:25:10 GMT
server: AmazonS3
etag: "d30320dafbb1e585d933d2657267b544"
content-type: application/javascript
cache-control: max-age=604800
accept-ranges: bytes
x-amz-cf-id: PhweqKMKS_Ii9OurALJ5dfv6xVQM_fJPnkgEBdTq7Wf-PbMzSiJntQ==

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/customer/361545275/notifications/ 149 B
416 B 182ms
180ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/customer/361545275/notifications/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

a7b3b849fc8d8306a285da89b0ee27e15da31747aec3a539de91828a733c8d30

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228221742
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3562.7000007629395

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 149

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/session/ 624 B
549 B 123ms
123ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/session/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

1d809cb8697938f33eb8bfbf9e7255a2f173c0da87a920e96c251705d40ef7b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228221745
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3565.1000003814697

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 253

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/customer/361545275/experience/ 788 B
559 B 173ms
173ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/customer/361545275/experience/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

e1290a7afd9551eb2701e5ee269756406343ca8bdac3e6cc9d3bcec737349581

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228221746
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3566.5

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 263

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/pantry/361558121/ 5 KB
917 B 193ms
193ms Fetch
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/pantry/361558121/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

965e28ee67535d05b86b3ac2e17cd0c56c415f802b2f49b81b45ccfcf065f130

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/vnd.api+json
Referer: https://www.carlos-authtoken-response.testing.gext.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, PATCH, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 615

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/pricing-adjustment/customer/361545275/ 11 B
277 B 154ms
154ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/pricing-adjustment/customer/361545275/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/vnd.api+json
Referer: https://www.carlos-authtoken-response.testing.gext.co/
accept-language: de-DE,de;q=0.9
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:21 GMT
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 11

GET
H2 200 a.gif
network-stg-a.bazaarvoice.com/ 43 B
231 B 327ms
102ms Image
image/gif 3.213.11.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://network-stg-a.bazaarvoice.com/a.gif?loadId=41e5f12faa55686c1&BVBRANDID=a51aa956-18a1-4b61-9aaa-f9236961546e&BVBRANDSID=dab2b960-6eed-4603-bff6-a593548cc0c4&tz=0&sourceVersion=3.17.2&magpieJsVersion=3.17.2&source=bv-loader&environment=prod&client=GroveCollaborative&dc=23144&host=www.carlos-authtoken-response.testing.gext.co&r_batch=!((bvProduct:bv-loader,bvProductVersion:%2713.8.5%27,cl:Diagnostic,deploymentZone:main_site,elapsedMs:%272.2000%27,endTime:%273532.3000%27,locale:en_US,name:timeToRunScout,startTime:%273530.1000%27,type:Performance))&_=42fulk
Requested by: Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.213.11.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-11-165.compute-1.amazonaws.com
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON COR"
date: Tue, 07 Mar 2023 22:30:22 GMT
cache-control: no-cache, no-transform, must-revalidate, max-age=0
content-type: image/gif
server: nginx
content-length: 43
expires: -1

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/customer/361545275/current-offer/ 2 KB
1 KB 231ms
231ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/customer/361545275/current-offer/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

e5edbcc9e9d69fe60fa5f152dce6f7cc51bdb9ec02412ecc9608fa6cf7919375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228221926
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3746.300001144409

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:22 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 821

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/shipment/486133398/ 3 KB
1 KB 758ms
757ms Fetch
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/shipment/486133398/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

a6cf2441e3a77046f3321ba7c81f43fa434608800f35199f29f9dff119a36f68

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/vnd.api+json
Referer: https://www.carlos-authtoken-response.testing.gext.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:22 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, PATCH, DELETE, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 855

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/shipment/486133398/items/ 15 KB
1 KB 387ms
387ms Fetch
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/shipment/486133398/items/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

fdeb1c28c46ab46b9a84aefb2ea7d2ee7a8e0d37b1f9a2520fa65b25d57b9e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/vnd.api+json
Referer: https://www.carlos-authtoken-response.testing.gext.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:22 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 1112

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/content-item/ 6 KB
2 KB 169ms
169ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/content-item/?content_type_id=pageGroveVisitorHomepage&limit=1&slug=grove-2021-homepage

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

a74634911e15e500d9251c5ab948d6ce911d29db98cb4688ad45d88f193d64dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228221955
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3775.2000007629395

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:22 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 2105

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
390 B 459ms
98ms XHR
text/plain 34.205.162.149
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.205.162.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-205-162-149.compute-1.amazonaws.com
Software: nginx/1.21.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 07 Mar 2023 22:30:22 GMT
Server: nginx/1.21.0
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.carlos-authtoken-response.testing.gext.co
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 5f5170a1-9f80-467e-b094-7c809fde41ec

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/product/blessedsearch/ 110 KB
22 KB 1320ms
1320ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/product/blessedsearch/?category=home-products&include=preferredVariant&page_size=16&page=1

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

a0bf052e6390c282f24417a668dbbb90f4d823c4b8a3fca24b786529a23fb95a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228222166
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3986.300001144409

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:23 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Cookie, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: no-store
x-robots-tag: noindex
content-length: 21813

GET
H2 200 / Show response
www.carlos-authtoken-response.testing.gext.co/api/block/more-about-us-landing/ 3 KB
1 KB 111ms
110ms XHR
application/json 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/api/block/more-about-us-landing/

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

df66bd5a2833224b1b0ee8e66c89b88e2aa04279d3995a44a7a56eaf2bffd0d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

X-Style-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Client-Version: c0e6938c35a2fdd3b6574dfb74a6864d035198ca
X-Sent-UTC: 1678228222172
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/vnd.api+json
Accept: application/vnd.api+json
accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
X-Requested-With: XMLHttpRequest
X-Browser-Window-Id: b47bca97-449c-4ff7-bdd8-3d3ad9f3dcb7
X-CSRFToken: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
X-Sent-Browser-Monotonic-Clock: 3992.400001525879

Response headers

x-http-content-type-override: application/vnd.api+json
date: Tue, 07 Mar 2023 22:30:22 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
allow: GET, HEAD, OPTIONS
vary: Host, Referer, Accept-Encoding, Origin
content-type: application/json
x-frame-options: SAMEORIGIN
cache-control: public, max-age=86400
x-robots-tag: noindex
content-length: 1176

GET
H2 200 icon_bottles.svg
images.grove.co/upload/v1617423876/homepage/spring_21/ 20 KB
9 KB 153ms
153ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1617423876/homepage/spring_21/icon_bottles.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92698f972cd99cf4e81c092499ba31cb20b71d95d423e871c45c1e5107195ed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
edge-cache-tag: 401313578530015542964875114951441426878,711df32ff0532a6c4e3a9b4e5cf3edc2
content-disposition: attachment; filename="02.svg"
server-timing: fastly;dur=3;cpu=0;start=2023-03-07T22:14:24.427Z;desc=hit,rtt;dur=0
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 03 Apr 2021 04:26:29 GMT
server: cloudflare
etag: W/"d893be3338baf1c35d65f77154fe7c67"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
cf-ray: 7a4648549fa02c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 icon_bp.svg
images.grove.co/upload/v1617552273/homepage/spring_21/ 13 KB
5 KB 616ms
615ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1617552273/homepage/spring_21/icon_bp.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea46ae5bc5d3e13c2f8ecb30ee1610f1ff0c7422dce726e93b513c20f8e17412

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
edge-cache-tag: 202029269135166933474220197092468157464,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~20f7682b5afe57ba1628ee92348c08ecaf1f1c95
content-disposition: attachment; filename="100-percent-plastic-free-L.svg"
server-timing: fastly;dur=356;cpu=0;start=2023-03-07T22:30:22.313Z;desc=miss,rtt;dur=0,cloudinary;dur=109;start=2023-03-07T22:30:22.438Z
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sun, 04 Apr 2021 16:05:17 GMT
server: cloudflare
etag: W/"1309dbfc153bdbea8cb3d75fa19fa5c9"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
cf-ray: 7a4648549fa12c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 icon_earth.svg
images.grove.co/upload/v1617423659/homepage/spring_21/ 14 KB
6 KB 281ms
280ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1617423659/homepage/spring_21/icon_earth.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c02c749754648525316f04885397f36f713fbd51c271715fb3c7926f92224a63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
edge-cache-tag: 251159075202931500257843617213307050216,711df32ff0532a6c4e3a9b4e5cf3edc2
content-disposition: attachment; filename="06.svg"
server-timing: fastly;dur=24;cpu=1;start=2023-03-07T22:30:22.311Z;desc=hit,rtt;dur=0
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 03 Apr 2021 04:21:10 GMT
server: cloudflare
etag: W/"ab30a8c232cedc9aa92e26c6c1531594"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
cf-ray: 7a4648549fa32c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 icon_truck.svg
images.grove.co/upload/v1617423739/homepage/spring_21/ 5 KB
2 KB 211ms
211ms Image
image/svg+xml 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/v1617423739/homepage/spring_21/icon_truck.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b8a79cf4bb1e90284bdfaf64352efdf985e63426fef83668d583ddab581b482

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
edge-cache-tag: 116404188784029583504597254220758913349,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~073d1e8cfdfdaf65b5b1697893b04bede73cda35
content-disposition: attachment; filename="08.svg"
server-timing: fastly;dur=1102;cpu=0;start=2023-03-07T22:29:33.634Z;desc=miss,rtt;dur=0,cloudinary;dur=136;start=2023-03-07T22:29:34.480Z
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 03 Apr 2021 04:22:31 GMT
server: cloudflare
etag: W/"14235656d2d92f49aa991f60b7450b7c"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
cf-ray: 7a4648549fa52c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 Signup_Hero_Widget_Copy.jpg
images.grove.co/fetch/f_auto,fl_progressive,q_auto/https://images.ctfassets.net/lraovp89rm10/2yxLVEfLU2mlNqG1A8RhNc/9efa09c4c087ea621f4215f3535bfe35/ 367 KB
368 KB 212ms
212ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/fetch/f_auto,fl_progressive,q_auto/https://images.ctfassets.net/lraovp89rm10/2yxLVEfLU2mlNqG1A8RhNc/9efa09c4c087ea621f4215f3535bfe35/Signup_Hero_Widget_Copy.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95441027556ef02b0619fcd0f5b892921748d2be5f6928547fd6840052755457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 166911169486819852128409330944895437136,326102088703629294143662968385678074599,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~3849f2ba11a67ed2b1aca51f57f5f60669396ee2
content-disposition: inline; filename="Signup_Hero_Widget_Copy.webp"
server-timing: fastly;dur=1;start=2023-03-07T22:30:22.290Z;desc=hit,rtt;dur=0
content-length: 376144
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 14 Sep 2022 21:53:04 GMT
server: cloudflare
etag: "83e14d614da7074df94604d5da75b367"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a4648549fae2c2e-FRA
timing-allow-origin: *
expires: Tue, 14 Mar 2023 22:30:22 GMT

GET
H2 200 ValueSerif-Bold-Web.woff2
www.carlos-authtoken-response.testing.gext.co/fonts/Value/ 44 KB
43 KB 110ms
110ms Font
font/woff2 34.236.113.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carlos-authtoken-response.testing.gext.co/fonts/Value/ValueSerif-Bold-Web.woff2

Requested by

Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/main.e035ec9ab93818ac2347.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.236.113.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-236-113-150.compute-1.amazonaws.com

Software

Resource Hash

cb752f0006454f7f6ab2e97a9b484b4f581bc81942d437f7cc6e79406454f048

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/main.e035ec9ab93818ac2347.css
Origin: https://www.carlos-authtoken-response.testing.gext.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Tue, 07 Mar 2023 22:16:19 GMT
vary: Host, Referer, Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: https://www.carlos-authtoken-response.testing.gext.co
cache-control: no-store

GET
H2 200 LP_DrewsPicks_.png
images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://downloads.ctfassets.net/lraovp89rm10/5cjRHmV4Af8B0ylrxHLK90/4101fcb4b785fbe8c0c2d2e4c68ed6f9/ 31 KB
31 KB 242ms
239ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://downloads.ctfassets.net/lraovp89rm10/5cjRHmV4Af8B0ylrxHLK90/4101fcb4b785fbe8c0c2d2e4c68ed6f9/LP_DrewsPicks_.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bc4fae03bd9cb000a5dbc3da883d1f1de78963fc4d4271e71d8cf720abe4448

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 366709009618012717187502559122173347513,205132053119634949884278531649908387072,711df32ff0532a6c4e3a9b4e5cf3edc2
content-disposition: inline; filename="LP_DrewsPicks_.webp"
server-timing: fastly;dur=2;cpu=0;start=2023-03-07T22:30:22.339Z;desc=hit,rtt;dur=0
content-length: 31494
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 02 May 2022 14:45:36 GMT
server: cloudflare
etag: "53d7be224007f4f5920cf258b792bfa2"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854bfe62c2e-FRA
timing-allow-origin: *
expires: Tue, 14 Mar 2023 22:30:22 GMT

GET
H2 200 210830_PE_GR_BC_02_0348_R.jpeg
images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/7Do2jzK39QhNSJl8kRLE8U/3e3fc3c98fd5c234802aa567d11c8fdd/ 14 KB
15 KB 244ms
239ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/7Do2jzK39QhNSJl8kRLE8U/3e3fc3c98fd5c234802aa567d11c8fdd/210830_PE_GR_BC_02_0348_R.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

474cdcb7ac468960f1112152d2e53fe5f7f1c81827cfab5fe1ee2a60faeade02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 70088807990526035972843408272385280666,205132053119634949884278531649908387072,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~de5e75dc85a239b8dce99b5fd70daa0c5313a53d
content-disposition: inline; filename="210830_PE_GR_BC_02_0348_R.webp"
server-timing: fastly;dur=2;cpu=1;start=2023-03-07T22:30:22.321Z;desc=hit,rtt;dur=0
content-length: 14794
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 20 Nov 2021 00:24:32 GMT
server: cloudflare
etag: "c80fc2df6b7f266e3623cd324c03315a"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854bfe72c2e-FRA
timing-allow-origin: *
expires: Tue, 14 Mar 2023 22:30:22 GMT

GET
H2 200 PE_GR_BC_36_0084_012821_4161C_V2_R2_ALT.jpg
images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/1xIJ7qFt3SJpmAHFzzWA56/2dedc44796d4bff08f1448985092cdab/ 21 KB
22 KB 510ms
506ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/1xIJ7qFt3SJpmAHFzzWA56/2dedc44796d4bff08f1448985092cdab/PE_GR_BC_36_0084_012821_4161C_V2_R2_ALT.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4e7f129bd56d2d88cfae052f22b7d36af94978130f7d8bcb3a0e89f24582dea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 89394194983082313026911734975354645616,205132053119634949884278531649908387072,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~3a2ffcb344cd4be4f7b39e207031fafcad05dc77
content-disposition: inline; filename="PE_GR_BC_36_0084_012821_4161C_V2_R2_ALT.webp"
server-timing: fastly;dur=291;cpu=0;start=2023-03-07T22:30:22.318Z;desc=miss,rtt;dur=0,cloudinary;dur=45;start=2023-03-07T22:30:22.445Z
content-length: 21790
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 20 Nov 2021 00:24:32 GMT
server: cloudflare
etag: "4f3973908d3c6c5872cb8924ab3c23ee"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cfe92c2e-FRA
timing-allow-origin: *
expires: Tue, 14 Mar 2023 22:30:22 GMT

GET
H2 200 Homepage-1up-02.jpg
images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/7uYP58qLwTmV8BKbBtcRtf/80075b1c1bd73852567f688dcb94760f/ 19 KB
19 KB 150ms
146ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/7uYP58qLwTmV8BKbBtcRtf/80075b1c1bd73852567f688dcb94760f/Homepage-1up-02.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87ae56b6fc4b934dd32a726764f107d9db66fe7ba5c4cfbdd159bb8cd195af6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 208711558036040572262478582466916855282,205132053119634949884278531649908387072,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~dab31f36435356745c069e0633c01777359b267a
content-disposition: inline; filename="Homepage-1up-02.webp"
server-timing: fastly;dur=1;start=2023-03-07T22:30:22.287Z;desc=hit,rtt;dur=0
content-length: 19124
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 20 Nov 2021 00:24:31 GMT
server: cloudflare
etag: "f0b6eaffc3b987b254c167ffd54bf1c4"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cfea2c2e-FRA
timing-allow-origin: *
expires: Tue, 14 Mar 2023 22:30:22 GMT

GET
H2 200 211019_PE_GR_BC_01_0101_R__1_.jpeg
images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/1jKioaF9MoOOgB6z2HipXP/62a64665eeb0a7e140173b1b5370f9cd/ 20 KB
20 KB 155ms
151ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/1jKioaF9MoOOgB6z2HipXP/62a64665eeb0a7e140173b1b5370f9cd/211019_PE_GR_BC_01_0101_R__1_.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80bd792f439fb00f51bdf1bc31544a04da08c6e71d35002b91773bccf68e86e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 310826506625446837515686991906226027464,205132053119634949884278531649908387072,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~fa139eeaaa2683b29a64838206f5e3dae1c9bc08
content-disposition: inline; filename="211019_PE_GR_BC_01_0101_R__1_.webp"
server-timing: fastly;dur=2;cpu=1;start=2023-03-07T22:30:22.292Z;desc=hit,rtt;dur=0
content-length: 20248
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 20 Nov 2021 00:24:32 GMT
server: cloudflare
etag: "cc9e109976a8f3ab34a2bd62ca357685"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cfeb2c2e-FRA
timing-allow-origin: *
expires: Tue, 14 Mar 2023 22:30:22 GMT

GET
H2 200 Homepae-1up-03.jpeg
images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/5MnpZmSOQjjP8Jh2jGksSZ/3398276966d9bc6d677bf570f2d41d8e/ 28 KB
28 KB 169ms
165ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/fetch/f_auto,q_auto:low,fl_progressive,w_672,ar_4:3,c_fill,g_auto/https://images.ctfassets.net/lraovp89rm10/5MnpZmSOQjjP8Jh2jGksSZ/3398276966d9bc6d677bf570f2d41d8e/Homepae-1up-03.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7b41ef338bb84267073645400af69d1ceb28e38250c733ae3bd1af467458798

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 101244277791236402629055688294131116751,205132053119634949884278531649908387072,711df32ff0532a6c4e3a9b4e5cf3edc2
content-disposition: inline; filename="Homepae-1up-03.webp"
server-timing: fastly;dur=2;cpu=1;start=2023-03-07T22:30:22.297Z;desc=hit,rtt;dur=0
content-length: 28304
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 20 Nov 2021 00:24:31 GMT
server: cloudflare
etag: "c1cbfcd56be1bac6699be8a2cbbac63a"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cfec2c2e-FRA
timing-allow-origin: *
expires: Tue, 14 Mar 2023 22:30:22 GMT

GET
H2 200 laundry-detergent_new.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087736/homepage/home/product-categories/desktop/ 6 KB
7 KB 437ms
433ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087736/homepage/home/product-categories/desktop/laundry-detergent_new.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3276965c1628619cb97f2672e3d3b61fff524dc7e9ca1348abb178fcb50bfec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 297044021370354938053488508299746861058,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~5d7ab3ef158769543a3c7e90da5a0db1c3b13d96
content-disposition: inline; filename="laundry-detergent_new.webp"
server-timing: fastly;dur=2;cpu=1;start=2023-03-07T22:30:22.574Z;desc=hit,rtt;dur=0
content-length: 6316
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 21 Dec 2020 20:53:14 GMT
server: cloudflare
etag: "25574f8d6dadd73d18339a2277752d53"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cfed2c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 hand_soap.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617317779/homepage/spring_21/categories/desktop/ 3 KB
4 KB 240ms
237ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617317779/homepage/spring_21/categories/desktop/hand_soap.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

715b9acdfd0f683bbfe42598752363a0ef4d060d9601fc74d3e14f408e6ffa99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 349233126981248990072997604818708353430,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2
content-disposition: inline; filename="hand_soap.webp"
server-timing: fastly;dur=2;cpu=0;start=2023-03-07T22:30:22.314Z;desc=hit,rtt;dur=0
content-length: 3290
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 02 Apr 2021 01:58:23 GMT
server: cloudflare
etag: "a986d7dfdd6a5f654ece6c4a290a77f8"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cfee2c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 floor_cleaners.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617318856/homepage/spring_21/categories/desktop/ 4 KB
4 KB 247ms
244ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617318856/homepage/spring_21/categories/desktop/floor_cleaners.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cfd1d3527680ff79e6089b2a334f91b577521683afd5f11de23b7e4db209130

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 205365705375033528257460583851195119297,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~39f788092cf49bbd045c6f702e8d96a96f0daf0f
content-disposition: inline; filename="floor_cleaners.webp"
server-timing: fastly;dur=2;cpu=1;start=2023-03-07T22:30:22.334Z;desc=hit,rtt;dur=0
content-length: 3844
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 02 Apr 2021 01:58:23 GMT
server: cloudflare
etag: "063dfd7ee8d490091b4cbee90afb82d4"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cff02c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 dish_soap.jpg
images.grove.co/upload/f_auto,fl_progressive,w_416,q_auto/v1617328298/homepage/spring_21/categories/desktop/ 15 KB
15 KB 588ms
585ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_416,q_auto/v1617328298/homepage/spring_21/categories/desktop/dish_soap.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2a0c177562a128a152a8e6ec5f83739c07e93801ed7ffa0529936ab008dcfd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 306788804560176436134409515975415361253,271200540683722500967199374696312918391,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~11ace5573c40ab3c68d38e58a068e0e1d00d536a
content-disposition: inline; filename="dish_soap.webp"
server-timing: fastly;dur=332;cpu=0;start=2023-03-07T22:30:22.340Z;desc=miss,rtt;dur=0,cloudinary;dur=87;start=2023-03-07T22:30:22.464Z
content-length: 15130
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 02 Apr 2021 01:58:23 GMT
server: cloudflare
etag: "dde15682ae6191f98ea5b5029c136ea9"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cff22c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 toothpaste_new.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087704/homepage/home/product-categories/desktop/ 1 KB
2 KB 245ms
242ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087704/homepage/home/product-categories/desktop/toothpaste_new.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e937741165ca69f5175ed31b3b9735f451b3be37a51b0aead14fb2873a9a82ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 406033418175733449165459361613250289907,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~7bf3fccfff2c8df926ff703328f4264e9cce1b15
content-disposition: inline; filename="toothpaste_new.webp"
server-timing: fastly;dur=2;cpu=0;start=2023-03-07T22:30:22.325Z;desc=hit,rtt;dur=0
content-length: 1238
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 21 Dec 2020 21:56:25 GMT
server: cloudflare
etag: "90f76a146217cd1273b70c6b0346ab4c"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cff32c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 bathroom_cleaners_jpg.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617331035/homepage/spring_21/categories/desktop/ 3 KB
3 KB 533ms
531ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617331035/homepage/spring_21/categories/desktop/bathroom_cleaners_jpg.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8052aadbd97d45d52c11359db0edcf4542a6d95160d9813aefadc1c6df6ab63a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 163544916733390508452828510701023094887,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~8acb4d6b25e47b257032a033dd58136fb6679009
content-disposition: inline; filename="bathroom_cleaners_jpg.webp"
server-timing: fastly;dur=290;cpu=0;start=2023-03-07T22:30:22.334Z;desc=miss,rtt;dur=0,cloudinary;dur=44;start=2023-03-07T22:30:22.452Z
content-length: 3060
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 02 Apr 2021 02:56:28 GMT
server: cloudflare
etag: "10bfb78c034867760155ff520e16cb34"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cff42c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 deodorant_new.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087433/homepage/home/product-categories/desktop/ 1 KB
2 KB 233ms
230ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087433/homepage/home/product-categories/desktop/deodorant_new.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0254ae518f0630584e8757d5f4718ac76c4461fed271c6e01d00d727798086f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 389407247989029141778343142835203964400,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~22f87fccc029a4c7b149822a8052afd5c208efda
content-disposition: inline; filename="deodorant_new.webp"
server-timing: fastly;dur=1;start=2023-03-07T22:30:22.335Z;desc=hit,rtt;dur=0
content-length: 1258
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 21 Dec 2020 21:56:08 GMT
server: cloudflare
etag: "06fbbcd3592f8b3e0cb4b378fb5432ed"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cff52c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 shampoo_conditioner.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617331695/homepage/spring_21/categories/desktop/ 1 KB
2 KB 232ms
230ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617331695/homepage/spring_21/categories/desktop/shampoo_conditioner.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a9b8b413dfbcbb18b32e94e063b3d17abd496cdadfb7cb4b129803a4c1c10e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 99785376771260385918295822365704205955,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~f8d5521e13ef2d2b69cc6b003eef3ff5cd804669
content-disposition: inline; filename="shampoo_conditioner.webp"
server-timing: fastly;dur=1;cpu=0;start=2023-03-07T22:30:22.332Z;desc=hit,rtt;dur=0
content-length: 1148
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 02 Apr 2021 02:56:28 GMT
server: cloudflare
etag: "f38e323890009139c06a3991e9799fde"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cff72c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 hand-sanitizer_new.jpg
images.grove.co/upload/f_auto,fl_progressive,w_416,q_auto/v1585087712/homepage/home/product-categories/desktop/ 7 KB
8 KB 162ms
160ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_416,q_auto/v1585087712/homepage/home/product-categories/desktop/hand-sanitizer_new.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a3e8f462560abe7281b1fe1e1dfcfc0f9598598cd4d28fa7faf9f2f3fdc3159

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 195949636657644848822655925780187537263,271200540683722500967199374696312918391,711df32ff0532a6c4e3a9b4e5cf3edc2
content-disposition: inline; filename="hand-sanitizer_new.webp"
server-timing: fastly;dur=2;start=2023-03-07T22:30:22.295Z;desc=hit,rtt;dur=0
content-length: 7442
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 21 Dec 2020 21:56:08 GMT
server: cloudflare
etag: "99f5d72d18ae8aedad21d11aa2e10eb5"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cff82c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 clean-beauty_new.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087574/homepage/home/product-categories/desktop/ 2 KB
3 KB 262ms
260ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087574/homepage/home/product-categories/desktop/clean-beauty_new.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

779a0bc3af0243b9db090c2232dbd0ecbba29c26ec1d0b74f1eda242efb0382a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 398497014266133449688641903152642116733,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2
content-disposition: inline; filename="clean-beauty_new.webp"
server-timing: fastly;dur=2;cpu=1;start=2023-03-07T22:30:22.342Z;desc=hit,rtt;dur=0
content-length: 2432
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 21 Dec 2020 21:56:08 GMT
server: cloudflare
etag: "4ea6602613b5168aa4a39d471c12cee5"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cff92c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 body_lotion.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617332752/homepage/spring_21/categories/desktop/ 7 KB
7 KB 249ms
247ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1617332752/homepage/spring_21/categories/desktop/body_lotion.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf962b20a9f2344c09838173bfeb6a7c17967185c7360b927b0db33f7079b357

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 366492112064773102562911142444544851238,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~2bbf5bc8911e7d50c9d58b4a2fdb3d2441063318
content-disposition: inline; filename="body_lotion.webp"
server-timing: fastly;dur=2;cpu=0;start=2023-03-07T22:30:22.333Z;desc=hit,rtt;dur=0
content-length: 7182
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 02 Apr 2021 03:45:13 GMT
server: cloudflare
etag: "25412055ae8cc2a0bc4c859c8314ae76"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cffa2c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 air-freshener-_-candles_new.jpg
images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087611/homepage/home/product-categories/desktop/ 1 KB
2 KB 589ms
587ms Image
image/webp 2606:4700:4400::ac40:91e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.grove.co/upload/f_auto,fl_progressive,w_208,q_auto/v1585087611/homepage/home/product-categories/desktop/air-freshener-_-candles_new.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:91e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b22b60ce216f707fc73f74d1f32898f8242d1a44ee9d983828dffd6d2007f85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
edge-cache-tag: 300621285108020577258933649738417599273,258749819738215783891820612460563715635,711df32ff0532a6c4e3a9b4e5cf3edc2,~1~3d0b887be9981400574fee4b99166dad4de0a130
content-disposition: inline; filename="air-freshener-_-candles_new.webp"
server-timing: fastly;dur=327;cpu=0;start=2023-03-07T22:30:22.337Z;desc=miss,rtt;dur=0,cloudinary;dur=82;start=2023-03-07T22:30:22.462Z
content-length: 1330
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 28 Dec 2020 15:16:56 GMT
server: cloudflare
etag: "ccf3aaac783788d643f3bed2f58bb7b3"
expect-ct: max-age=86400, enforce
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,X-Content-Type-Options
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7a464854cffb2c2e-FRA
timing-allow-origin: *
expires: Thu, 06 Apr 2023 22:30:22 GMT

GET
H2 200 inline_ratings-2.3.3.js Show response
apps.bazaarvoice.com/apps/inline_ratings/ 108 KB
32 KB 11ms
10ms Script
text/javascript 2600:9000:2251:1200:d:274d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.bazaarvoice.com/apps/inline_ratings/inline_ratings-2.3.3.js

Requested by

Host: apps.bazaarvoice.com
URL: https://apps.bazaarvoice.com/bv.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:1200:d:274d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3b58eed50f50fb815c1924ed5d571f41316ea94e22cb7974a736c7a179781415

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 09:17:34 GMT
content-encoding: gzip
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-amz-version-id: yPcDzs4o7Uq8opwWVkgM1suSa4hH.U85
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-cf-pop: FRA60-P3
age: 17413970
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 31965
last-modified: Thu, 03 Mar 2022 05:53:42 GMT
server: AmazonS3
etag: "88a737544bf33b4ddd04a6d4cd0f124e"
vary: Origin
content-type: text/javascript;charset=UTF-8
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: w6Lhk4ChV-VNUMYS3JvmWJ07mFtNG0zovu3AQKOzkvnO8bvlGlHY0Q==

GET
H2 200 inline_ratings-config.js Show response
apps.bazaarvoice.com/deployments/grovecollaborative/main_site/staging/en_US/ 2 KB
2 KB 147ms
146ms Script
text/javascript 2600:9000:2251:1200:d:274d:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://apps.bazaarvoice.com/deployments/grovecollaborative/main_site/staging/en_US/inline_ratings-config.js

Requested by

Host: apps.bazaarvoice.com
URL: https://apps.bazaarvoice.com/bv.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:1200:d:274d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

877cf109bea74d60aeb199515a8285c1de44b62c18af530416a5c8417e8354b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 07 Mar 2023 22:30:24 GMT
content-encoding: gzip
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-amz-version-id: mPw7BqsvL2juRbx.Vb3NpQ0gtT_9dJKa
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-length: 1286
last-modified: Wed, 25 May 2022 15:29:44 GMT
server: AmazonS3
etag: "1f645f244c733456ad603b5139116fd9"
vary: Origin
content-type: text/javascript;charset=UTF-8
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: SNOFMI99dCodsEYFCCxvGhXq2KhWFMk8xambPVap9sH2RpOLzep9lQ==

GET
H2 200 a.gif
network-stg-a.bazaarvoice.com/ 43 B
230 B 104ms
102ms Image
image/gif 3.213.11.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://network-stg-a.bazaarvoice.com/a.gif?cl=PageView&loadId=41e5f12faa55686c1&type=Embedded&BVBRANDID=a51aa956-18a1-4b61-9aaa-f9236961546e&BVBRANDSID=dab2b960-6eed-4603-bff6-a593548cc0c4&tz=0&sourceVersion=3.17.2&magpieJsVersion=3.17.2&source=bv-loader&environment=prod&client=GroveCollaborative&dc=23144&host=www.carlos-authtoken-response.testing.gext.co&locale=en_US&deploymentZone=main_site&displaySegment=baseline&bvProduct=InlineRatings&bvProductVersion=2.3.3&href=https://www.carlos-authtoken-response.testing.gext.co/&canurl=https://www.grove.co/&res=1600x1200&lang=en-us&charset=UTF-8&geo=1&cookies=1&r_t=(con:258,dns:52,load:1763,req:1860,res:1,tot:3935)&_=3rf1i7&ref=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.213.11.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-11-165.compute-1.amazonaws.com
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON COR"
date: Tue, 07 Mar 2023 22:30:23 GMT
cache-control: no-cache, no-transform, must-revalidate, max-age=0
content-type: image/gif
server: nginx
content-length: 43
expires: -1

GET
H/1.1 200
OK statistics.json Show response
stg.api.bazaarvoice.com/data/ 687 B
1 KB 142ms
46ms Fetch
application/json 52.48.40.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://stg.api.bazaarvoice.com/data/statistics.json?apiversion=5.4&passkey=canDHr7zACsvnCWnfBI251eUQ9KkwnwebY2R4PUQzfOeU&stats=Reviews&filter=ContentLocale:en_US,en*&filter=ProductId:kit-mm-01-4326,gr-83-001,me-27-230,bw-01-005
Requested by: Host: www.carlos-authtoken-response.testing.gext.co
URL: https://www.carlos-authtoken-response.testing.gext.co/staticfiles/dist/vendor.a7f30180b84617931d04.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.48.40.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-40-73.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b24dc3feb871ffe6eba7c0b7204174875f3bd678018c522422b48d081932fd8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.carlos-authtoken-response.testing.gext.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Tue, 07 Mar 2023 22:30:23 GMT
Content-Encoding: gzip
X-Bazaarvoice-Quota-Allotted: 1728000
X-Bazaarvoice-Quota-Reset: 2023-03-07T23:00:00.000Z
Transfer-Encoding: chunked
X-Bazaarvoice-Api-Version: 5.4
Connection: keep-alive
X-Bazaarvoice-Quota-Current: 19
X-Bazaarvoice-QPM-Current: 1
X-Bazaarvoice-QPM-Allotted: 1200
Server: nginx
X-Bazaarvoice-QPS-Allotted: 20
Vary: Accept-Encoding
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.carlos-authtoken-response.testing.gext.co
Access-Control-Expose-Headers: X-Bazaarvoice-Api-Version,X-Bazaarvoice-Original-MessageId,X-Bazaarvoice-Platform-Version,X-Bazaarvoice-QPM-Allotted,X-Bazaarvoice-QPM-Current,X-Bazaarvoice-QPS-Allotted,X-Bazaarvoice-QPS-Current,X-Bazaarvoice-Quota-Allotted,X-Bazaarvoice-Quota-Current,X-Bazaarvoice-Quota-Reset,X-Requested-With,X-CSRF-Token,Content-Type
X-Bazaarvoice-Platform-Version: 2
X-Bazaarvoice-Original-MessageId: rrt-0189a8d0fef84dd38-c-wo-17522-1368311-1
X-Bazaarvoice-QPS-Current: 1

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.carlos-authtoken-response.testing.gext.co/	1970-01-20 18:54:37	Name: csrftoken Value: s1ZF7epOYfZYGrBOaHNTwRDAlEEnMnG0elJ3Pggb2dpXtRzBCSiQHurduEYbGLlW
www.carlos-authtoken-response.testing.gext.co/	1970-01-20 12:20:04	Name: sessionid Value: x4hrkqywgkowuytu5ozvs7yjs6hmnmfk
.gext.co/	1970-01-20 14:29:40	Name: optimizelyEndUserId Value: oeu1678228221079r0.4202930209936815
.grove.co/	1970-01-20 10:10:30	Name: __cf_bm Value: qXjPSoY7_f7pKE0prpQwEu9feAzDFNq5BeZ.0R0L480-1678228221-0-AeWbX7mgLeW3QjpRjIQd0FtyfgIKV/MJMqPrRV6ruNb2cUEkUULFra+Wi3+woW2TX8cZ8Pp8D7ic/9nsgGnycng=
.testing.gext.co/	1970-01-20 18:56:04	Name: BVBRANDID Value: a51aa956-18a1-4b61-9aaa-f9236961546e
.testing.gext.co/	1970-01-20 10:10:30	Name: BVBRANDSID Value: dab2b960-6eed-4603-bff6-a593548cc0c4
m.stripe.com/	1970-01-20 19:46:28	Name: m Value: 03e63e1b-dbff-405b-8322-6755febab7c75bed07
.www.carlos-authtoken-response.testing.gext.co/	1970-01-20 18:56:04	Name: __stripe_mid Value: 2c838b37-9419-457c-bffa-638f256d75c7c19f64
.www.carlos-authtoken-response.testing.gext.co/	1970-01-20 10:10:30	Name: __stripe_sid Value: 0bc56236-64a5-4001-9fe2-8f427733bf38aad1b0

228 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='".
javascript	warning	URL: https://www.carlos-authtoken-response.testing.gext.co/ Message: The resource https://www.carlos-authtoken-response.testing.gext.co/staticfiles/fonts/Value/ValueSerif-Bold-Web.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.carlos-authtoken-response.testing.gext.co/ Message: The resource https://www.carlos-authtoken-response.testing.gext.co/staticfiles/fonts/Value/ValueSans-Regular-Pro.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.carlos-authtoken-response.testing.gext.co/ Message: The resource https://www.carlos-authtoken-response.testing.gext.co/staticfiles/fonts/Value/ValueSans-Medium-Pro.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics-static.ugc.bazaarvoice.com
apps.bazaarvoice.com
cdn.optimizely.com
images.grove.co
js.stripe.com
logx.optimizely.com
m.stripe.com
m.stripe.network
network-stg-a.bazaarvoice.com
q.stripe.com
sentry.io
stg.api.bazaarvoice.com
www.carlos-authtoken-response.testing.gext.co
151.101.192.176
2600:9000:223c:a000:1c:58a3:4780:93a1
2600:9000:2251:1200:d:274d:a6c0:93a1
2606:4700:4400::ac40:91e2
2a02:26f0:dc:388::13b8
3.213.11.165
34.205.162.149
34.236.113.150
35.188.42.15
52.48.40.73
54.187.119.242
54.68.255.140
0254ae518f0630584e8757d5f4718ac76c4461fed271c6e01d00d727798086f5
0b8a79cf4bb1e90284bdfaf64352efdf985e63426fef83668d583ddab581b482
0bc4fae03bd9cb000a5dbc3da883d1f1de78963fc4d4271e71d8cf720abe4448
0be51ecda1851e22ee9644e9fc3c301b3ac0dc8b89fad8cf9789d16914682277
0cfd1d3527680ff79e6089b2a334f91b577521683afd5f11de23b7e4db209130
10815d26cb7ca83d7879cb6e30eb2138ac60a7a1464563773a20090fa2eeedd1
10b2f1eb60a9cb8d1190988a9a4040c3ab71d7429b8e1d72a2742581f2ec3d72
1d809cb8697938f33eb8bfbf9e7255a2f173c0da87a920e96c251705d40ef7b9
1ee6f56bc9f4b8e3c466ffed1b88cb867b72cacd637fa6da08b08778cf971435
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
2a9b8b413dfbcbb18b32e94e063b3d17abd496cdadfb7cb4b129803a4c1c10e9
2c43a3daee35ba5940322e0fb528761ee6f51f43bee17d1a0988cd36b6d312d6
3276965c1628619cb97f2672e3d3b61fff524dc7e9ca1348abb178fcb50bfec0
3491a46d0db7015d9f9d0f4f43db792c94fdf4d9cd44bcb2702f15ffeae34f56
3b58eed50f50fb815c1924ed5d571f41316ea94e22cb7974a736c7a179781415
3b70e77e335a33a9cf75023b05ba98e9533ee3944bca4941e86a506bc38c56a2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
474cdcb7ac468960f1112152d2e53fe5f7f1c81827cfab5fe1ee2a60faeade02
4a3e8f462560abe7281b1fe1e1dfcfc0f9598598cd4d28fa7faf9f2f3fdc3159
65d730ff2ac52b5c05ac920c7f89859960b92f72fab700d6a78cfff63f9e9523
6b22b60ce216f707fc73f74d1f32898f8242d1a44ee9d983828dffd6d2007f85
715b9acdfd0f683bbfe42598752363a0ef4d060d9601fc74d3e14f408e6ffa99
754def9195227564b1c7a4f596f95530cfbb998286f1198abe1fc61faf13aa22
779a0bc3af0243b9db090c2232dbd0ecbba29c26ec1d0b74f1eda242efb0382a
7ae5bd80ab0764a259c799a3e873407c273505750104eef0b340fecf2d35e854
7d22f48243f28ae0d3cfbbc0ec1919450e5249f32645dfdf104c83d0b5cfd00c
8052aadbd97d45d52c11359db0edcf4542a6d95160d9813aefadc1c6df6ab63a
80bd792f439fb00f51bdf1bc31544a04da08c6e71d35002b91773bccf68e86e3
85a35faa1804605b680b8ec87bcaa93a1ef3ee7ca042ebb6f7355e391052bb27
877cf109bea74d60aeb199515a8285c1de44b62c18af530416a5c8417e8354b7
87ae56b6fc4b934dd32a726764f107d9db66fe7ba5c4cfbdd159bb8cd195af6c
8f6f6dd90c37972459c13b6d66e95846d7c4402a3d1cfadf18575d662ecfa1b9
8fe32e407a1038ee38753b70e5374b3a46d6ae9d5f16cd5b73c53abaca8f5ed0
91ab93b25227f8a29a716fdc41831b0a8a8729d8cde9f8adb29f4c8392457b9e
92698f972cd99cf4e81c092499ba31cb20b71d95d423e871c45c1e5107195ed6
9387f1ed6fc11f86366eeb6df37267fe30ac93b722ad27b282de17c153cb6c87
95441027556ef02b0619fcd0f5b892921748d2be5f6928547fd6840052755457
95cd680c4f8d0a77a80cfec30fde757ac582c6654cbb8be5f6187871c606c356
965e28ee67535d05b86b3ac2e17cd0c56c415f802b2f49b81b45ccfcf065f130
a0bf052e6390c282f24417a668dbbb90f4d823c4b8a3fca24b786529a23fb95a
a1eeab92b184fa0db54af96883849a93f6759ce969503a7e8913425ed9d3f887
a3e859b8149a06247853276aa0b4c79c4f3d0d63e91baf88bf96b76fbfc1b492
a487fe6bd352138eb61cf0906f5c8b840bccc69a53506641d6492a72af2d4447
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
a6cf2441e3a77046f3321ba7c81f43fa434608800f35199f29f9dff119a36f68
a74634911e15e500d9251c5ab948d6ce911d29db98cb4688ad45d88f193d64dc
a7b3b849fc8d8306a285da89b0ee27e15da31747aec3a539de91828a733c8d30
aeb74a4730502f28979422b63dc2febe2be725575ab3f1bcc0ebb91304ece1b4
b24dc3feb871ffe6eba7c0b7204174875f3bd678018c522422b48d081932fd8a
bf962b20a9f2344c09838173bfeb6a7c17967185c7360b927b0db33f7079b357
c02c749754648525316f04885397f36f713fbd51c271715fb3c7926f92224a63
c1e844569bd6125c1081581c7e2f877dc729fb6ba5e5f6736d0d37dc5b72b334
cb752f0006454f7f6ab2e97a9b484b4f581bc81942d437f7cc6e79406454f048
cd7680d5391505ce96d6eaa98e7afd1f1f4716d3bef18113ace104f5da03983d
d749d7b3717ccac27965d5ab5637a9290c8ed7eb9569c1b720bb94d01f81da8e
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
df66bd5a2833224b1b0ee8e66c89b88e2aa04279d3995a44a7a56eaf2bffd0d4
e0709a44f588b0a23b07d6036ab2977f20b634e169f6acea858455045865280e
e1290a7afd9551eb2701e5ee269756406343ca8bdac3e6cc9d3bcec737349581
e2a0c177562a128a152a8e6ec5f83739c07e93801ed7ffa0529936ab008dcfd2
e373f18dbf8437a3aac6b247664cdfb9b0044e25f6c6dfc03d240c57a52d417d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e578461394cc03c9f9f8dd8d6b5a4885bc4e73403e75556d7c2e17343983e06d
e5edbcc9e9d69fe60fa5f152dce6f7cc51bdb9ec02412ecc9608fa6cf7919375
e937741165ca69f5175ed31b3b9735f451b3be37a51b0aead14fb2873a9a82ed
ea46ae5bc5d3e13c2f8ecb30ee1610f1ff0c7422dce726e93b513c20f8e17412
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f3f323a59a589397a9ddbceb133cc33f66aba0ae8df40f977556b9fbab66715e
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
f4e7f129bd56d2d88cfae052f22b7d36af94978130f7d8bcb3a0e89f24582dea
f7b41ef338bb84267073645400af69d1ceb28e38250c733ae3bd1af467458798
f890c866e5948494bc61489705df41e05b4e1713ceae885ba1e8e4b60344ab20
fdeb1c28c46ab46b9a84aefb2ea7d2ee7a8e0d37b1f9a2520fa65b25d57b9e25

www.carlos-authtoken-response.testing.gext.co Open in urlscan Pro 34.236.113.150 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

107 Requests

99 %HTTPS

33 %IPv6

7 Domains

13 Subdomains

13 IPs

3 Countries

2066 kBTransfer

5567 kBSize

9 Cookies

16 Outgoing links

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.carlos-authtoken-response.testing.gext.co Open in urlscan Pro
34.236.113.150 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

99 %
HTTPS

33 %
IPv6

7
Domains

13
Subdomains

13
IPs

3
Countries

2066 kB
Transfer

5567 kB
Size

9
Cookies

107 HTTP transactions
0 data transactions