eng-45021-be-verify-password-security.staging.thelifestyleapp.com Open in urlscan Pro
34.122.72.28  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response eng-45021-be-verify-password-security.staging.thelifestyleapp.com/	2 KB 2 KB	3081ms 2772ms	Document text/html	34.122.72.28 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.122.72.28 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 28.72.122.34.bc.googleusercontent.com Software / Express Resource Hash cd506615e7e017d02b1634da62bffd67f3a91e63720c1fe3cff82e5668bffa59 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers access-control-allow-credentials true content-length 1665 content-type text/html; charset=utf-8 date Tue, 13 Dec 2022 19:54:53 GMT etag W/"681-ANGOKOsmqHnd2xORhPIWFvPis1o" strict-transport-security max-age=15724800; includeSubDomains vary Origin x-powered-by Express
GET H2	200	all.min.css cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/	58 KB 13 KB	36ms 10ms	Stylesheet text/css	2606:4700::6810:5814 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.4/css/all.min.css Requested by Host: eng-45021-be-verify-password-security.staging.thelifestyleapp.com URL: https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Origin https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:53 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 23106711 x-jsd-version 5.15.4 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra19143-FRA, cache-tyo11974-TYO x-jsd-version-type version server cloudflare etag W/"e7a9-pX7mjRFgGw/Y5QN/wkH/ZadURzw" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8aNqCU6uSsVuLyTP4FPXtSJqevB%2FpJGTcsczxJzmxLM%2BQCwug4TEj7%2BphKwua1AInva%2FTNwB9rSeE3%2FKcZAHz3IJV5tNgcgwOm063wsox0YVNbJ1G3Cfi1akEMjROHaQ0BzDXV1SKDgy3KHpb7o%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 779141150d28f6d9-NRT
GET H2	200	kqn1brm.css use.typekit.net/	2 KB 873 B	281ms 254ms	Stylesheet text/css	2600:140b:1a00:14::17dc:548b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/kqn1brm.css Requested by Host: eng-45021-be-verify-password-security.staging.thelifestyleapp.com URL: https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash e00d509e78b7cefbff0eb68d38dcdfa1b1500e0b26e703e114ed084494eca3ac Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; Request headers accept-language jp-JP,jp;q=0.9 Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; content-encoding gzip date Tue, 13 Dec 2022 19:54:53 GMT server nginx vary Accept-Encoding content-type text/css;charset=utf-8 access-control-allow-origin * cache-control private, max-age=600, stale-while-revalidate=604800 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 641
GET H2	200	main.css static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/css/	689 KB 690 KB	475ms 454ms	Stylesheet text/css	34.117.200.237 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/css/main.css Requested by Host: eng-45021-be-verify-password-security.staging.thelifestyleapp.com URL: https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.117.200.237 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 237.200.117.34.bc.googleusercontent.com Software UploadServer / Resource Hash 6ae2c28d0bd73c175f921f40c2a7d496b2c47cb91f7ec035dbfdf70d0b236ace Request headers accept-language jp-JP,jp;q=0.9 Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:53 GMT x-goog-meta-goog-reserved-file-mtime 1670259037 x-guploader-uploadid ADPycdsIXiDC51Sfs2Y91DlLIW0t2m4kf5-_AQ2B-mupUVhfDUwjnkXwrU4kuB9eteDFoG70yIE5Eau2Fi4t9fMGy1_cKw x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 705199 last-modified Mon, 05 Dec 2022 17:02:05 GMT server UploadServer etag "6a4403487542215727e9d36677723337" x-goog-generation 1670259725503597 content-type text/css x-goog-hash crc32c=CGTpkQ==, md5=akQDSHVCIVcn6dNmd3IzNw== cache-control public,max-age=3600 x-goog-stored-content-length 705199 accept-ranges bytes
GET H2	200	client Show response accounts.google.com/gsi/	191 KB 76 KB	211ms 120ms	Script application/javascript	2404:6800:4004:801::200d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://accounts.google.com/gsi/client Requested by Host: eng-45021-be-verify-password-security.staging.thelifestyleapp.com URL: https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:801::200d , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 73f6ff85e7477add05c3260857a4dc03f43b43ac4e0ede464c02f61c10892e87 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-KpisFz5ecH26SKP2BkRPVQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:53 GMT content-security-policy script-src 'report-sample' 'nonce-KpisFz5ecH26SKP2BkRPVQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http content-encoding gzip x-content-type-options nosniff server ESF x-frame-options SAMEORIGIN report-to {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]} content-type application/javascript; charset=utf-8 cache-control private, max-age=1800 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1" expires Tue, 13 Dec 2022 19:54:53 GMT
GET H2	200	main.js Show response static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/js/	3 MB 3 MB	530ms 510ms	Script application/javascript	34.117.200.237 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/js/main.js Requested by Host: eng-45021-be-verify-password-security.staging.thelifestyleapp.com URL: https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.117.200.237 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 237.200.117.34.bc.googleusercontent.com Software UploadServer / Resource Hash 35f613f2269bdb6996c35cbccfa841fc4a7e45d91ad124de708d304e65bc60d4 Request headers accept-language jp-JP,jp;q=0.9 Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:53 GMT x-goog-meta-goog-reserved-file-mtime 1670259037 x-guploader-uploadid ADPycdtrzUNQvikKmmhW-Hv4SvgqAD6bpUSOTZ5XY442kYD7VC97-eO4wzIzpbLrvZutk5bQs88ebhwKIX8jgENS14LIe-QkS2tw x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3625093 last-modified Mon, 05 Dec 2022 17:02:06 GMT server UploadServer etag "f50e7450a199b9f1ce8352a441da0ab1" x-goog-generation 1670259726248108 content-type application/javascript x-goog-hash crc32c=MV7/MA==, md5=9Q50UKGZufHOg1KkQdoKsQ== cache-control public,max-age=3600 x-goog-stored-content-length 3625093 accept-ranges bytes
GET H2	200	p.css p.typekit.net/	5 B 181 B	31ms 3ms	Stylesheet text/css	2600:140b:1a00:14::17dc:5494 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://p.typekit.net/p.css?s=1&k=kqn1brm&ht=tk&f=139.175&a=23311319&app=typekit&e=css Requested by Host: use.typekit.net URL: https://use.typekit.net/kqn1brm.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:140b:1a00:14::17dc:5494 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb Request headers accept-language jp-JP,jp;q=0.9 Referer https://use.typekit.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:53 GMT last-modified Sat, 09 Oct 2021 03:06:38 GMT server nginx etag "6161073e-5" content-type text/css access-control-allow-origin * cache-control public, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes content-length 5
OPTIONS H2	200	6089d144bedae00c6063b5fd app.launchdarkly.com/sdk/goals/ Frame	0 0	517ms 501ms	Preflight	151.101.130.217 FASTLY
General Check archive.org Show headers Download Go to Full URL https://app.launchdarkly.com/sdk/goals/6089d144bedae00c6063b5fd Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.130.217 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept */* Access-Control-Request-Headers x-launchdarkly-user-agent,x-launchdarkly-wrapper Access-Control-Request-Method GET Origin https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers accept-ranges bytes access-control-allow-headers Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags access-control-allow-methods GET, OPTIONS, HEAD access-control-allow-origin * access-control-max-age 3600 age 0 allow GET, OPTIONS, HEAD content-encoding gzip content-length 23 date Tue, 13 Dec 2022 19:54:55 GMT ld-region us-east-1 strict-transport-security max-age=31536000 vary Accept-Encoding via 1.1 varnish x-cache MISS x-cache-hits 0 x-served-by cache-nrt-rjtf7700040-NRT x-timer S1670961295.605633,VS0,VE499
GET H2	200	lifestyle-adminportal.png static.staging.thelifestyleapp.com/static/img/	7 KB 8 KB	387ms 386ms	Image image/png	34.117.200.237 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Show image Full URL https://static.staging.thelifestyleapp.com/static/img/lifestyle-adminportal.png Requested by Host: eng-45021-be-verify-password-security.staging.thelifestyleapp.com URL: https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.117.200.237 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 237.200.117.34.bc.googleusercontent.com Software UploadServer / Resource Hash afbe619653dd723ea9bce1ecd36bb257ebc24945df97f2ec29fb24a7321611ea Request headers accept-language jp-JP,jp;q=0.9 Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:54 GMT x-guploader-uploadid ADPycds9APzLhsEfp0GjaYVKtRuo88rcRThqnl5_MTBqd1hKuLiHpI7BUnzhUSvWTEAolzJm8qRM6VNZ5OMVHPRFfcLBP2ShgQy_ x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7504 last-modified Tue, 15 Feb 2022 19:43:43 GMT server UploadServer etag "02c6208d200ef55ec516a80a41e514b1" x-goog-generation 1644954223711683 content-type image/png x-goog-hash crc32c=seazOg==, md5=AsYgjSAO9V7FFqgKQeUUsQ== cache-control public,max-age=3600 x-goog-stored-content-length 7504 accept-ranges bytes
GET H2	200	6089d144bedae00c6063b5fd Show response app.launchdarkly.com/sdk/goals/	2 B 178 B	663ms 662ms	XHR application/json	151.101.130.217 FASTLY
General Check archive.org Show headers Download Go to Full URL https://app.launchdarkly.com/sdk/goals/6089d144bedae00c6063b5fd Requested by Host: static.staging.thelifestyleapp.com URL: https://static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/js/main.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.130.217 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ X-LaunchDarkly-Wrapper react-client-sdk/2.27.0 accept-language jp-JP,jp;q=0.9 X-LaunchDarkly-User-Agent JSClient/2.22.1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip via 1.1 varnish date Tue, 13 Dec 2022 19:54:55 GMT content-md5 d751713988987e9331980363e24189ce age 0 x-cache MISS content-length 26 x-served-by cache-nrt-rjtf7700040-NRT x-timer S1670961295.108766,VS0,VE660 etag "d751713988987e9331980363e24189ce" ld-region us-east-1 access-control-max-age 300 access-control-allow-methods GET, OPTIONS, HEAD content-type application/json access-control-allow-origin * cache-control max-age=0 vary Accept-Encoding accept-ranges bytes access-control-allow-headers Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags x-cache-hits 0
GET H2	200	eyJhbm9ueW1vdXMiOnRydWUsImN1c3RvbSI6eyJ1c2VyVHlwZSI6InN0YWZmIn0sImtleSI6IjAzN2E3M2MwLTdiMjAtMTFlZC1iZDJkLThiZDUyY2M1MmIwZSJ9 Show response app.launchdarkly.com/sdk/evalx/6089d144bedae00c6063b5fd/users/	989 B 688 B	1344ms 1343ms	XHR application/json	151.101.130.217 FASTLY
General Check archive.org Show headers Download Go to Full URL https://app.launchdarkly.com/sdk/evalx/6089d144bedae00c6063b5fd/users/eyJhbm9ueW1vdXMiOnRydWUsImN1c3RvbSI6eyJ1c2VyVHlwZSI6InN0YWZmIn0sImtleSI6IjAzN2E3M2MwLTdiMjAtMTFlZC1iZDJkLThiZDUyY2M1MmIwZSJ9 Requested by Host: static.staging.thelifestyleapp.com URL: https://static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/js/main.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.130.217 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 59482cfde63085f0fd0f7e0b8f437dc7224ecd575906ef437f565ceab32d20f5 Request headers Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ X-LaunchDarkly-Wrapper react-client-sdk/2.27.0 accept-language jp-JP,jp;q=0.9 X-LaunchDarkly-User-Agent JSClient/2.22.1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:56 GMT content-encoding gzip via 1.1 varnish age 0 x-cache MISS content-length 291 x-served-by cache-nrt-rjtf7700038-NRT, cache-nrt-rjtf7700040-NRT x-timer S1670961295.138570,VS0,VE1341 etag "1441dbb" access-control-max-age 3600 access-control-allow-methods OPTIONS, GET content-type application/json access-control-allow-origin * cache-control max-age=0 vary Authorization, Accept-Encoding accept-ranges bytes access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-Requested-With, X-LD-Private, X-LD-AccountId, X-LD-EnvId, X-LD-PrjId, X-LaunchDarkly-Event-Schema, X-LaunchDarkly-User-Agent, X-LaunchDarkly-Wrapper, Ld-Api-Version x-cache-hits 0
OPTIONS H2	200	eyJhbm9ueW1vdXMiOnRydWUsImN1c3RvbSI6eyJ1c2VyVHlwZSI6InN0YWZmIn0sImtleSI6IjAzN2E3M2MwLTdiMjAtMTFlZC1iZDJkLThiZDUyY2M1MmIwZSJ9 app.launchdarkly.com/sdk/evalx/6089d144bedae00c6063b5fd/users/ Frame	0 0	546ms 531ms	Preflight	151.101.130.217 FASTLY
General Check archive.org Show headers Download Go to Full URL https://app.launchdarkly.com/sdk/evalx/6089d144bedae00c6063b5fd/users/eyJhbm9ueW1vdXMiOnRydWUsImN1c3RvbSI6eyJ1c2VyVHlwZSI6InN0YWZmIn0sImtleSI6IjAzN2E3M2MwLTdiMjAtMTFlZC1iZDJkLThiZDUyY2M1MmIwZSJ9 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.130.217 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept */* Access-Control-Request-Headers x-launchdarkly-user-agent,x-launchdarkly-wrapper Access-Control-Request-Method GET Origin https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers accept-ranges bytes access-control-allow-headers Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags access-control-allow-methods GET, OPTIONS, HEAD access-control-allow-origin * access-control-max-age 3600 age 0 allow GET, OPTIONS, HEAD content-encoding gzip content-length 23 date Tue, 13 Dec 2022 19:54:55 GMT ld-region us-east-1 strict-transport-security max-age=31536000 vary Accept-Encoding via 1.1 varnish x-cache MISS x-cache-hits 0 x-served-by cache-nrt-rjtf7700040-NRT x-timer S1670961295.605682,VS0,VE527
GET H2	200	l use.typekit.net/af/949f99/00000000000000003b9b3068/27/	34 KB 34 KB	13ms 4ms	Font application/font-woff2	2600:140b:1a00:14::17dc:548b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/kqn1brm.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 60fe579c50202903eec3a1898b8eafc6df528307b7e40052c0f800e718a7129f Request headers Referer https://use.typekit.net/kqn1brm.css Origin https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:54 GMT server nginx etag "b5fef031a96fc670f9c3b1b64dd52243a29d7531" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 34336
GET H2	200	l use.typekit.net/af/705e94/00000000000000003b9b3062/27/	33 KB 33 KB	12ms 3ms	Font application/font-woff2	2600:140b:1a00:14::17dc:548b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://use.typekit.net/af/705e94/00000000000000003b9b3062/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 Requested by Host: use.typekit.net URL: https://use.typekit.net/kqn1brm.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:140b:1a00:14::17dc:548b Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software nginx / Resource Hash 31685af3bbf1ff809935f70512ea48729eac2add3a47f604db26c43f2a253541 Request headers Referer https://use.typekit.net/kqn1brm.css Origin https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:54 GMT server nginx etag "79fea02668402fc378c129193093131a2db2577c" content-type application/font-woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin timing-allow-origin * content-length 33576
GET H3	200	style accounts.google.com/gsi/	533 B 328 B	87ms 47ms	Stylesheet text/css	2404:6800:4004:801::200d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://accounts.google.com/gsi/style Requested by Host: accounts.google.com URL: https://accounts.google.com/gsi/client Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4004:801::200d , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-LqmH9737o5wZieWfIgsHYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:54 GMT content-security-policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-LqmH9737o5wZieWfIgsHYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http content-encoding gzip x-content-type-options nosniff server ESF x-frame-options SAMEORIGIN report-to {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]} content-type text/css; charset=utf-8 cache-control private, max-age=86400 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1" expires Tue, 13 Dec 2022 19:54:54 GMT
GET H3	403	button Show response accounts.google.com/gsi/ Frame 6A1B	1 KB 737 B	260ms 224ms	Document text/html	2404:6800:4004:801::200d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://accounts.google.com/gsi/button?type=standard&size=large&theme=outline&text=sign_in_with&shape=rectangular&logo_alignment=left&client_id=213063601955-5q35s40eu62ajs86hvb3opv6f6rocch4.apps.googleusercontent.com&iframe_id=gsi_294598_325501&as=x%2BAP%2Br0Se9fv3%2Bzxt9tpVA Requested by Host: accounts.google.com URL: https://accounts.google.com/gsi/client Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4004:801::200d , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 93c2f2e3eac8d725ad181e3afb454d7ce9dc0c97a24b288655539adc3cc66d7f Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http script-src 'report-sample' 'nonce-trhi8TuO4ylkqjdr1TlKPg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-security-policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http script-src 'report-sample' 'nonce-trhi8TuO4ylkqjdr1TlKPg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http content-type text/html; charset=utf-8 cross-origin-opener-policy-report-only same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1" cross-origin-resource-policy cross-origin date Tue, 13 Dec 2022 19:54:54 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]} server ESF x-content-type-options nosniff x-xss-protection 0
GET H2	200	js Show response maps.googleapis.com/maps/api/	168 KB 55 KB	212ms 72ms	Script text/javascript	2404:6800:4004:81f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/js?key=AIzaSyBxqgKDW17yK8lqHdi2KXH1IeUaEAPuFf0&callback=resolveGoogleMapsPromise&libraries=places Requested by Host: static.staging.thelifestyleapp.com URL: https://static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/js/main.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:81f::200a , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software mafe / Resource Hash 276e8be9e952ebeec77fb813f88b3639fc59dfc8f4619baf251ebad2bfcadb39 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:54 GMT content-encoding gzip server mafe vary Accept-Language x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control public, max-age=1800 cross-origin-resource-policy cross-origin server-timing gfet4t7; dur=29 timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 56012 x-xss-protection 0 expires Tue, 13 Dec 2022 20:24:54 GMT
GET H3	200	gen_204 Show response maps.googleapis.com/maps/api/mapsjs/	3 B 45 B	100ms 65ms	XHR application/json	2404:6800:4004:81f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBxqgKDW17yK8lqHdi2KXH1IeUaEAPuFf0&callback=resolveGoogleMapsPromise&libraries=places Protocol H3 Security QUIC, , AES_128_GCM Server 2404:6800:4004:81f::200a , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:54 GMT content-encoding gzip x-content-type-options nosniff server scaffolding on HTTPServer2 vary Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type application/json; charset=UTF-8 access-control-allow-origin https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 23 x-xss-protection 0
POST H2	204	identity-sign-in-google-http csp.withgoogle.com/csp/ Frame 6A1B	0 0	156ms 47ms	Other text/html	2404:6800:4004:827::2011 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csp.withgoogle.com/csp/identity-sign-in-google-http Requested by Host: eng-45021-be-verify-password-security.staging.thelifestyleapp.com URL: https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:827::2011 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://accounts.google.com/ accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Content-Type application/csp-report Response headers
GET H2	200	m=credential_button_library ssl.gstatic.com/_/gsi/_/ss/k=gsi.gsi.9mfSvkhLuWI.L.W.O/am=ag/d=1/rs=AF0KOtVTL5HhlR9yRYVeRA5jk9PzQXajoA/ Frame 6A1B	7 KB 2 KB	83ms 3ms	Stylesheet text/css	2404:6800:4004:821::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.gstatic.com/_/gsi/_/ss/k=gsi.gsi.9mfSvkhLuWI.L.W.O/am=ag/d=1/rs=AF0KOtVTL5HhlR9yRYVeRA5jk9PzQXajoA/m=credential_button_library Requested by Host: accounts.google.com URL: https://accounts.google.com/gsi/button?type=standard&size=large&theme=outline&text=sign_in_with&shape=rectangular&logo_alignment=left&client_id=213063601955-5q35s40eu62ajs86hvb3opv6f6rocch4.apps.googleusercontent.com&iframe_id=gsi_294598_325501&as=x%2BAP%2Br0Se9fv3%2Bzxt9tpVA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9ffd9148502527101428184082d3f169369aa4ba51720bd2eef686fc06571bfd Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/csi-web-eng X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers content-security-policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/csi-web-eng content-encoding gzip x-content-type-options nosniff date Tue, 13 Dec 2022 11:10:46 GMT age 31448 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1753 x-xss-protection 0 last-modified Mon, 21 Nov 2022 22:18:44 GMT server sffe cross-origin-opener-policy same-origin; report-to="csi-web-eng" vary Accept-Encoding report-to {"group":"csi-web-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/csi-web-eng"}]} content-type text/css; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 13 Dec 2023 11:10:46 GMT
GET H2	200	m=credential_button_library Show response ssl.gstatic.com/_/gsi/_/js/k=gsi.gsi.ja.voQqWF_i3ZI.O/am=ag/d=1/rs=AF0KOtXvsTKTs1b6QWeNlmgdaXvvqXvbjA/ Frame 6A1B	95 KB 35 KB	84ms 4ms	Script text/javascript	2404:6800:4004:821::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.gstatic.com/_/gsi/_/js/k=gsi.gsi.ja.voQqWF_i3ZI.O/am=ag/d=1/rs=AF0KOtXvsTKTs1b6QWeNlmgdaXvvqXvbjA/m=credential_button_library Requested by Host: accounts.google.com URL: https://accounts.google.com/gsi/button?type=standard&size=large&theme=outline&text=sign_in_with&shape=rectangular&logo_alignment=left&client_id=213063601955-5q35s40eu62ajs86hvb3opv6f6rocch4.apps.googleusercontent.com&iframe_id=gsi_294598_325501&as=x%2BAP%2Br0Se9fv3%2Bzxt9tpVA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:821::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 182dd079f071ada5bd4d970c4498d40d01b6d15cf827cfddda3235f56c20882e Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/csi-web-eng X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers content-security-policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/csi-web-eng content-encoding gzip x-content-type-options nosniff date Thu, 08 Dec 2022 09:17:38 GMT age 470236 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35461 x-xss-protection 0 last-modified Fri, 02 Dec 2022 20:17:08 GMT server sffe cross-origin-opener-policy same-origin; report-to="csi-web-eng" vary Accept-Encoding report-to {"group":"csi-web-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/csi-web-eng"}]} content-type text/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes expires Fri, 08 Dec 2023 09:17:38 GMT
GET H2	403	/ Show response eng-45021-be-verify-password-security.staging.thelifestyleapp.com/staff/v1/user/	53 B 277 B	762ms 762ms	Fetch application/json	34.122.72.28 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/staff/v1/user/? Requested by Host: static.staging.thelifestyleapp.com URL: https://static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/js/main.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.122.72.28 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 28.72.122.34.bc.googleusercontent.com Software / Express Resource Hash be6687599d546a7e03e951268a9afd101074793305f3ca8a86cca35c9dbcf011 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Accept application/json Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Content-Type application/json Response headers date Tue, 13 Dec 2022 19:54:55 GMT strict-transport-security max-age=15724800; includeSubDomains x-powered-by Express etag W/"35-zoU78ZWXBICDCBFITg+NX8gxiE0" vary Origin content-type application/json; charset=utf-8 access-control-allow-credentials true content-length 53
GET H2	403	/ Show response eng-45021-be-verify-password-security.staging.thelifestyleapp.com/staff/v1/user/	53 B 277 B	146ms 146ms	Fetch application/json	34.122.72.28 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/staff/v1/user/? Requested by Host: static.staging.thelifestyleapp.com URL: https://static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/js/main.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.122.72.28 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 28.72.122.34.bc.googleusercontent.com Software / Express Resource Hash be6687599d546a7e03e951268a9afd101074793305f3ca8a86cca35c9dbcf011 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains Request headers Accept application/json Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Content-Type application/json Response headers date Tue, 13 Dec 2022 19:54:54 GMT strict-transport-security max-age=15724800; includeSubDomains x-powered-by Express etag W/"35-zoU78ZWXBICDCBFITg+NX8gxiE0" vary Origin content-type application/json; charset=utf-8 access-control-allow-credentials true content-length 53
POST H2	202	6089d144bedae00c6063b5fd Show response events.launchdarkly.com/events/diagnostic/	0 344 B	180ms 179ms	XHR application/json	54.85.189.177 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://events.launchdarkly.com/events/diagnostic/6089d144bedae00c6063b5fd Requested by Host: static.staging.thelifestyleapp.com URL: https://static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/js/main.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.85.189.177 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-85-189-177.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ X-LaunchDarkly-Wrapper react-client-sdk/2.27.0 accept-language jp-JP,jp;q=0.9 X-LaunchDarkly-User-Agent JSClient/2.22.1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Content-Type application/json Response headers date Tue, 13 Dec 2022 19:54:55 GMT strict-transport-security max-age=31536000 access-control-max-age 300 access-control-allow-methods POST,OPTIONS content-type application/json access-control-allow-origin * access-control-expose-headers Date access-control-allow-headers Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags content-length 0
OPTIONS H2	204	6089d144bedae00c6063b5fd events.launchdarkly.com/events/diagnostic/ Frame	0 0	525ms 171ms	Preflight	54.85.189.177 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://events.launchdarkly.com/events/diagnostic/6089d144bedae00c6063b5fd Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.85.189.177 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-85-189-177.compute-1.amazonaws.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept */* Access-Control-Request-Headers content-type,x-launchdarkly-user-agent,x-launchdarkly-wrapper Access-Control-Request-Method POST Origin https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers access-control-allow-headers Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags access-control-allow-methods POST,OPTIONS access-control-allow-origin * access-control-expose-headers Date access-control-max-age 300 date Tue, 13 Dec 2022 19:54:55 GMT strict-transport-security max-age=31536000
GET H2	200	eyJhbm9ueW1vdXMiOnRydWUsImN1c3RvbSI6eyJ1c2VyVHlwZSI6InN0YWZmIn0sImtleSI6IjAzN2E3M2MwLTdiMjAtMTFlZC1iZDJkLThiZDUyY2M1MmIwZSJ9 clientstream.launchdarkly.com/eval/6089d144bedae00c6063b5fd/	1010 B 0	484ms 335ms	EventSource text/event-stream	76.223.31.44 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://clientstream.launchdarkly.com/eval/6089d144bedae00c6063b5fd/eyJhbm9ueW1vdXMiOnRydWUsImN1c3RvbSI6eyJ1c2VyVHlwZSI6InN0YWZmIn0sImtleSI6IjAzN2E3M2MwLTdiMjAtMTFlZC1iZDJkLThiZDUyY2M1MmIwZSJ9 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 76.223.31.44 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a1370dc23e25e46ce.awsglobalaccelerator.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept text/event-stream Cache-Control no-cache Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Tue, 13 Dec 2022 19:54:56 GMT strict-transport-security max-age=31536000 ld-region ap-southeast-1 access-control-max-age 300 access-control-allow-methods GET,OPTIONS content-type text/event-stream; charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, must-revalidate accept-ranges bytes access-control-allow-headers Accept,Content-Type,Content-Length,Accept-Encoding,Cache-Control,X-Requested-With,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper
POST H2	202	6089d144bedae00c6063b5fd Show response events.launchdarkly.com/events/bulk/	0 344 B	184ms 184ms	XHR application/json	54.85.189.177 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://events.launchdarkly.com/events/bulk/6089d144bedae00c6063b5fd Requested by Host: static.staging.thelifestyleapp.com URL: https://static.staging.thelifestyleapp.com/webapp/eng-45021-be-verify-password-security/static/js/main.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.85.189.177 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-85-189-177.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers X-LaunchDarkly-Payload-ID 04e686e0-7b20-11ed-bd2d-8bd52cc52b0e X-LaunchDarkly-Event-Schema 3 accept-language jp-JP,jp;q=0.9 X-LaunchDarkly-User-Agent JSClient/2.22.1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Content-Type application/json Referer https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/ X-LaunchDarkly-Wrapper react-client-sdk/2.27.0 Response headers date Tue, 13 Dec 2022 19:54:57 GMT strict-transport-security max-age=31536000 access-control-max-age 300 access-control-allow-methods POST,OPTIONS content-type application/json access-control-allow-origin * access-control-expose-headers Date access-control-allow-headers Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags content-length 0
OPTIONS H2	204	6089d144bedae00c6063b5fd events.launchdarkly.com/events/bulk/ Frame	0 0	173ms 173ms	Preflight	54.85.189.177 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://events.launchdarkly.com/events/bulk/6089d144bedae00c6063b5fd Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.85.189.177 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-85-189-177.compute-1.amazonaws.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept */* Access-Control-Request-Headers content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent,x-launchdarkly-wrapper Access-Control-Request-Method POST Origin https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers access-control-allow-headers Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags access-control-allow-methods POST,OPTIONS access-control-allow-origin * access-control-expose-headers Date access-control-max-age 300 date Tue, 13 Dec 2022 19:54:57 GMT strict-transport-security max-age=31536000
GET		common.js maps.googleapis.com/maps-api-v3/api/js/51/3/	0 0
GET		util.js maps.googleapis.com/maps-api-v3/api/js/51/3/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

maps.googleapis.com

URL

https://maps.googleapis.com/maps-api-v3/api/js/51/3/common.js

Domain

maps.googleapis.com

URL

https://maps.googleapis.com/maps-api-v3/api/js/51/3/util.js

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange object| env object| default_gsi object| google object| __$$GLOBAL_REWIRE_REGISTRY__ function| __rewire_reset_all__ number| __$$GLOBAL_REWIRE_NEXT_MODULE_ID__ function| P object| Spinner function| _ function| saveAs number| 2f1acc6c3a606b082e5eef5e54414ffb object| L function| setImmediate function| clearImmediate function| moment function| handleGoogleLogin function| handleError object| __G_ID_CLIENT__ object| closure_lm_608336 object| module$contents$mapsapi$overlay$overlayView_OverlayView

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accounts.google.com/gsi/button?type=standard&size=large&theme=outline&text=sign_in_with&shape=rectangular&logo_alignment=left&client_id=213063601955-5q35s40eu62ajs86hvb3opv6f6rocch4.apps.googleusercontent.com&iframe_id=gsi_294598_325501&as=x%2BAP%2Br0Se9fv3%2Bzxt9tpVA Message: Failed to load resource: the server responded with a status of 403 ()
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/staff/v1/user/? Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://eng-45021-be-verify-password-security.staging.thelifestyleapp.com/staff/v1/user/? Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
app.launchdarkly.com
cdn.jsdelivr.net
clientstream.launchdarkly.com
csp.withgoogle.com
eng-45021-be-verify-password-security.staging.thelifestyleapp.com
events.launchdarkly.com
maps.googleapis.com
p.typekit.net
ssl.gstatic.com
static.staging.thelifestyleapp.com
use.typekit.net
maps.googleapis.com
151.101.130.217
2404:6800:4004:801::200d
2404:6800:4004:81f::200a
2404:6800:4004:821::2003
2404:6800:4004:827::2011
2600:140b:1a00:14::17dc:548b
2600:140b:1a00:14::17dc:5494
2606:4700::6810:5814
34.117.200.237
34.122.72.28
54.85.189.177
76.223.31.44
182dd079f071ada5bd4d970c4498d40d01b6d15cf827cfddda3235f56c20882e
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c4e7e389d73c6acf7f19cc812514e71230740791fde8a018c1d7edccf1590ae
276e8be9e952ebeec77fb813f88b3639fc59dfc8f4619baf251ebad2bfcadb39
31685af3bbf1ff809935f70512ea48729eac2add3a47f604db26c43f2a253541
35f613f2269bdb6996c35cbccfa841fc4a7e45d91ad124de708d304e65bc60d4
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
59482cfde63085f0fd0f7e0b8f437dc7224ecd575906ef437f565ceab32d20f5
60fe579c50202903eec3a1898b8eafc6df528307b7e40052c0f800e718a7129f
6ae2c28d0bd73c175f921f40c2a7d496b2c47cb91f7ec035dbfdf70d0b236ace
73f6ff85e7477add05c3260857a4dc03f43b43ac4e0ede464c02f61c10892e87
93c2f2e3eac8d725ad181e3afb454d7ce9dc0c97a24b288655539adc3cc66d7f
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
9ffd9148502527101428184082d3f169369aa4ba51720bd2eef686fc06571bfd
afbe619653dd723ea9bce1ecd36bb257ebc24945df97f2ec29fb24a7321611ea
be6687599d546a7e03e951268a9afd101074793305f3ca8a86cca35c9dbcf011
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd506615e7e017d02b1634da62bffd67f3a91e63720c1fe3cff82e5668bffa59
e00d509e78b7cefbff0eb68d38dcdfa1b1500e0b26e703e114ed084494eca3ac
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855