urlscan.io logo urlscan.io
SecurityTrails logo

login.carmax.com Open in urlscan Pro
2a02:26f0:6c00:295::1c4e  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://homedelivery.carmax.com/
Effective URL: https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carm...
Submission: On June 13 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2a02:26f0:6c00:295::1c4e, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is login.carmax.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on May 19th 2022. Valid for: 9 months.
This is the only time login.carmax.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 23.96.103.159 8075 (MICROSOFT...)
11 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
11 2
Apex Domain
Subdomains		 Transfer
13 carmax.com
homedelivery.carmax.com
login.carmax.com
369 KB
0 Failed
function sub() { [native code] }. Failed
11 2
Domain Requested by
11 login.carmax.com login.carmax.com
2 homedelivery.carmax.com 2 redirects
0 truncated Failed login.carmax.com
11 3

This site contains no links.

Subject Issuer Validity Valid
www.carmax.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-19 -
2023-02-22		 9 months crt.sh

This page contains 1 frames:

Primary Page: https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Frame ID: 103F4AAC55FF7317CCB700C3EBBA0A7F
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Not Authorized

Page URL History Show full URLs

  1. https://homedelivery.carmax.com/ HTTP 302
    https://homedelivery.carmax.com/customers HTTP 302
    https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

367 kB
Transfer

440 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://homedelivery.carmax.com/ HTTP 302
    https://homedelivery.carmax.com/customers HTTP 302
    https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authorization.oauth2
login.carmax.com/as/
Redirect Chain
  • https://homedelivery.carmax.com/
  • https://homedelivery.carmax.com/customers
  • https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxident...
2 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e688a684a41c666cb529dda292646700b4f232c2753bee0602bbfa74ee31eaf7
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store
content-length
2435
content-security-policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
content-type
text/html;charset=utf-8
date
Mon, 13 Jun 2022 13:17:55 GMT
expires
Mon, 13 Jun 2022 13:17:55 GMT
pragma
no-cache
referrer-policy
origin
strict-transport-security
max-age=31536000
x-akamai-transformed
9 1839 0 pmb=mTOE,3

Redirect headers

content-length
0
date
Mon, 13 Jun 2022 13:17:54 GMT
location
https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
request-context
appId=cid-v1:b9383ca0-2c3f-4b5b-a836-5fdf67be0b61
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
main.css
login.carmax.com/assets/css/ 		170 KB
171 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/assets/css/main.css
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9a90621815085a6a7737dfb406398daded188cda822a801226c8c16c4886fb6a
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.carmax.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
referrer-policy
origin
last-modified
Tue, 23 Feb 2021 23:20:18 GMT
date
Mon, 13 Jun 2022 13:17:55 GMT
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=0, no-cache, no-store
content-length
174066
expires
Mon, 13 Jun 2022 13:17:55 GMT
carmax.css
login.carmax.com/assets/css/ 		7 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/assets/css/carmax.css
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
947edceb0c0c70a8f153392668810af5a53cc21a3e34d084a552a86272c3ae17
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.carmax.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
referrer-policy
origin
last-modified
Sun, 30 May 2021 19:51:06 GMT
date
Mon, 13 Jun 2022 13:17:55 GMT
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=0, no-cache, no-store
content-length
7066
expires
Mon, 13 Jun 2022 13:17:55 GMT
3a4db8a9
login.carmax.com/akam/13/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/akam/13/3a4db8a9
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2842b0ba93c9a06da9669dbe06747f6de7eacd9e5f38dfa53f4499912c4d3410
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.carmax.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 Jun 2022 13:17:56 GMT
content-encoding
gzip
last-modified
Wed, 09 Feb 2022 15:09:44 GMT
etag
"3e52da545203cdb49d639a0a2cf1a8caf53b27242ce0d62b98b75aee5e7a00eb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=0, no-cache, no-store
strict-transport-security
max-age=31536000
content-length
8751
expires
Mon, 13 Jun 2022 13:17:56 GMT
carmax-logo-transparent.png
login.carmax.com/assets/images/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.carmax.com/assets/images/carmax-logo-transparent.png
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
60ba940601163d2554190621744fbbda23110aa881f47b2eebdc1c1d697de83b
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.carmax.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
referrer-policy
origin
last-modified
Wed, 08 Feb 2017 20:58:09 GMT
date
Mon, 13 Jun 2022 13:17:56 GMT
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
max-age=0, no-cache, no-store
content-length
28692
expires
Mon, 13 Jun 2022 13:17:56 GMT
WS4
login.carmax.com/59RvAJ/a/l/JcN5PvmBPw/3O9Lf29S7fwO/ZV46Lw/Ugs_ICkT/ 		84 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/59RvAJ/a/l/JcN5PvmBPw/3O9Lf29S7fwO/ZV46Lw/Ugs_ICkT/WS4
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fa43fd4073d3976c0bc94de0d58e6f81290443515528b60e80aa889fa38f80c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.carmax.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 13 Jun 2022 13:17:56 GMT
content-encoding
gzip
last-modified
Mon, 28 Feb 2022 19:29:24 GMT
etag
"a7a61709860c0c57ec0c92584ae4f1bc214dfc71043ea43843572e55d14841f6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=21600
strict-transport-security
max-age=31536000
content-length
20456
WS4
login.carmax.com/59RvAJ/a/l/JcN5PvmBPw/3O9Lf29S7fwO/ZV46Lw/Ugs_ICkT/ 		18 B
710 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/59RvAJ/a/l/JcN5PvmBPw/3O9Lf29S7fwO/ZV46Lw/Ugs_ICkT/WS4
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/59RvAJ/a/l/JcN5PvmBPw/3O9Lf29S7fwO/ZV46Lw/Ugs_ICkT/WS4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://login.carmax.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 13 Jun 2022 13:17:56 GMT
vary
Origin
content-type
application/json
access-control-allow-origin
https://login.carmax.com
access-control-allow-credentials
true
x_req_id
4cabc853-130a-45b1-8d60-4327eea6d15f
strict-transport-security
max-age=31536000
access-control-allow-headers
Content-Type
content-length
18
ProximaNova-Light.otf
login.carmax.com/assets/fonts/proxima-nova/ 		61 KB
62 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/assets/fonts/proxima-nova/ProximaNova-Light.otf
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/assets/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0f77660e06a5f61a45c4dbdab511722357cf29e7f5ba1b2cf097550afdb0ed20
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://login.carmax.com/
Origin
https://login.carmax.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
referrer-policy
origin
last-modified
Tue, 23 Feb 2021 23:18:08 GMT
date
Mon, 13 Jun 2022 13:17:56 GMT
strict-transport-security
max-age=31536000
content-type
application/vnd.oasis.opendocument.formula-template
cache-control
max-age=0, no-cache, no-store
content-length
62968
expires
Mon, 13 Jun 2022 13:17:56 GMT
ProximaNova-Regular.otf
login.carmax.com/assets/fonts/proxima-nova/ 		61 KB
62 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/assets/fonts/proxima-nova/ProximaNova-Regular.otf
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/assets/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2b80fbe521e07e4e84eb52e707b364c3e6c05c57e483276dc4b3be93a9794ba9
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://login.carmax.com/
Origin
https://login.carmax.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
referrer-policy
origin
last-modified
Tue, 23 Feb 2021 23:18:08 GMT
date
Mon, 13 Jun 2022 13:17:56 GMT
strict-transport-security
max-age=31536000
content-type
application/vnd.oasis.opendocument.formula-template
cache-control
max-age=0, no-cache, no-store
content-length
62892
expires
Mon, 13 Jun 2022 13:17:56 GMT
truncated
/ 		0
0
truncated
/ 		0
0
pixel_3a4db8a9
login.carmax.com/akam/13/ 		0
678 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/akam/13/pixel_3a4db8a9
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/akam/13/3a4db8a9
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://login.carmax.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Mon, 13 Jun 2022 13:17:56 GMT
cache-control
max-age=0, no-cache, no-store
expires
Mon, 13 Jun 2022 13:17:56 GMT
content-length
0
strict-transport-security
max-age=31536000
content-type
text/html
WS4
login.carmax.com/59RvAJ/a/l/JcN5PvmBPw/3O9Lf29S7fwO/ZV46Lw/Ugs_ICkT/ 		17 B
195 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.carmax.com/59RvAJ/a/l/JcN5PvmBPw/3O9Lf29S7fwO/ZV46Lw/Ugs_ICkT/WS4
Requested by
Host: login.carmax.com
URL: https://login.carmax.com/59RvAJ/a/l/JcN5PvmBPw/3O9Lf29S7fwO/ZV46Lw/Ugs_ICkT/WS4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:295::1c4e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://login.carmax.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 13 Jun 2022 13:17:56 GMT
vary
Origin
content-type
application/json
access-control-allow-origin
https://login.carmax.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
access-control-allow-headers
Content-Type
content-length
17

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation string| bazadebezolkohpepadr object| _acxj object| _cf object| bmak undefined| bm_counter object| bm_script undefined| scripts string| bm_url object| url_split string| obfus_state_field string| state_field_str string| _sd_trace string| urhehlevkedkilrobacf

9 Cookies

Domain/Path Name / Value
homedelivery.carmax.com/login-callback Name: .AspNetCore.OpenIdConnect.Nonce.CfDJ8MQFV7_bzQtBnZ3mkGMZQK0HFSGtOOUQSFQJKXLRoOfhRg4NKwQR8B5RY-Q5uh3MwGzS21t5ymPYVQMItZdLZG0bRcLh6NCQguX4Dxcgpys_cLgPtCRUqAOf5TjXKH01Xjmh3EdlSbofzh2ub1CafnhIu5i5BYcuUqhP2Igp8SL3_9oVviJpcctltB55oysdhObuhewtlc44-N1u32ZSxBNQoo8Imp4_by4xnBIbgFUbWF5va6nq_ESDgSJnICKvlvZHATVv8k9xkNKED9pAzbs
Value: N
homedelivery.carmax.com/login-callback Name: .AspNetCore.Correlation.g9cOVpWO2IJoqo97FTyI_rUAjCnAUWO3sL_op_FvmFk
Value: N
.homedelivery.carmax.com/ Name: ARRAffinity
Value: eef2f4ac82a344161e11052ac01895e989a20eeb5c29806797a98f233ace2610
.homedelivery.carmax.com/ Name: ARRAffinitySameSite
Value: eef2f4ac82a344161e11052ac01895e989a20eeb5c29806797a98f233ace2610
login.carmax.com/ Name: PF
Value: JohbRpsv7nD90TLWHJWImdPH5rbNc8yue46AVRLSi91y
.carmax.com/ Name: bm_sz
Value: 7416FA16AF73790766CDEB39CAF2757B~YAAQnroQAm5bwzuBAQAAELY2XRC25Sa8rJn0vvlQQBdwWHSkJUgCKKsWMlwOqtHaNFY3d8YTr5+3x6UGcnhbFE85KbbKPYngEkS/Z/ixQ8ByROHMDEKQoMdFs2CusfO0uVlijCerECrMuHJM3BC2defk0nVNBVcQiqpyzMUVoF49Pkt+nnXa6zuiSaWO799gamRBa3lISbEDrI62pg/uQxTis0pxi9jaJHR8Oyf0i8bdbSnDoIkAOr069IYukyFOVjrx5J0gDZPuTqUJoBMf+q7AbTYYYwWu3GLyFSDOHedxBs4=~4601412~4273986
login.carmax.com/ Name: KMXCOM_COOKIE
Value: 206770186.47873.0000
.carmax.com/ Name: _abck
Value: B84F438C14E25F402BFFB162B2D2B564~0~YAAQnroQAt9bwzuBAQAAmLo2XQj0oqmunxUJ+f9xA8iIcRfoiXNfhOrJ0baG+aZO9kI297JWXjw19H+LQyYBCJJ3GQ3+z0cQ7kgQvRix6BtZAg28oBRa2ggI0GgubzSP++JyHSV0iybsHAN5uNDn5zu48qbAWCi3qiO9xBTRFX67a6rMuTeueDz8RzYoaR/jxoAZMHfYDc4egU06+1TK/L/bemmAJJqSr9yhwjKaFskFqyv53uLePBCjzwtyLDvbxRJbWII0RgjuPV3Fo7K0WGunspnLs8olicJGO5Bn4d+oV++Gi4SiqiaBKqy4VOTVpcwChe9Re94SFPft3/Ll5nn1aKyCC5Kp+sSZK3fAQm4AlwlnceFKsUXsDA6pqAmIZ/NyU+5t8hPg/dj/aR28OPrkbpmR5iu1~-1~||1-iPaGehjHEJ-1-10-1000-2||~1655129811
.carmax.com/ Name: ak_bmsc
Value: BE87463BCE2C603CFF7BA858A73DB279~000000000000000000000000000000~YAAQnroQAutbwzuBAQAAIbs2XRDYX2p3hks9RSVR3x6WqrQS/r/AQPYxR18khNA5CQFEoKOJhGDMhG/RTzLe/PTeX3fmKbLCBRYZ7u6gW6qRJ4nUFqXyXW7GVLGR9kc1IIoXvS3j3l6eDw8udJ2zO2ryIpucuUwJLghRqaUYHd0eYK1K24xqz61M+jC52lDs21DSF76uGo6mTG9wQvwGs61vDhOchcilcsJfGjTubB4AWptDs1T3ttssVkO3jSeRhveXrPsqouPyX5vDL71ur5jwtJHZzirG5UUN3zCSyWkRvb9HXYgsMb2JMfCa7Q73mF0jixaTrUHeY0tx4DonBbu+sBHc5iEfT04kSPKMF80j3+vfy28cTgkqgC9J7SIHGvyaSiwHPNkLTXTKA9E/NfbrNavcl8JWbuNPVFHu/wl68670Y6quMtCBKVWiDyQKYcenwkWJjkwk/xcRtbjqR59c2DF9zU2ab1XBrdHH3SVNpNFkwJWZVbaiZJERgwT6

2 Console Messages

Source Level URL
Text
security error URL: https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Message:
Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAACWCAYAAABkW7XSAAAAAXNSR0IArs4c6QAAIABJREFUeF7tnXt8VNXV93/rTEICwQAil1AroGhp5DYzgKgVFFBbFQqKKIpahWQSArT61No+7dM3bZ8WrTfuySQIBkRqfVRAfbyBrWhBhTmJgBQtKFpBlIsQCCaZmbPfz9pzYSaZ3ID4zMF1/tKwc2ad79rnN2uvtfYOQS4hIASEgE0IkE3sFDOFgBAQAhDBkkkgBISAbQj8nwuWKim5EMFgfxD1hGFUIxAw8eWX/6DCQss2FMOGqiVL0uH3uxAMXgSlVtG0aR819gwtHW83Hi21Vy1Y0B0pKcMA9CKPZ3ZLf7+p8aqwsA26dx8AYCgsy6Rp095u8ncWLuwEw7gIhuHEnj0P2HFeNvWMdvr3hIKliovPB9ElUKoHAAtEhxAMbgfRP2EYI8jjefpUPKQqKrocRGciL+85PPhgO2RmT...auEkOFgBAQwZI5IASEgG0IiGDZxlViqBAQAiJYMgeEgBCwDQERLNu4SgwVAkJABEvmgBAQArYhIIJlG1eJoUJACIhgyRwQAkLANgREsGzjKjFUCAgBESyZA0JACNiGgAiWbVwlhgoBISCCJXNACAgB2xAQwbKNq8RQISAERLBkDggBIWAbAiJYtnGVGCoEhIAIlswBISAEbENABMs2rhJDhYAQEMGSOSAEhIBtCIhg2cZVYqgQEAIiWDIHhIAQsA0BESzbuEoMFQJCQARL5oAQEAK2ISCCZRtXiaFCQAiIYMkcEAJCwDYERLBs4yoxVAgIAREsmQNCQAjYhoAIlm1cJYYKASEggiVzQAgIAdsQEMGyjavEUCEgBESwZA4IASFgGwIiWLZxlRgqBISACJbMASEgBGxDQATLNq4SQ4WAEBDBkjkgBISAbQiIYNnGVWKoEBACIlgyB4SAELANAREs27hKDBUCQuD/AwKpepZPRxlWAAAAAElFTkSuQmCC' because it violates the following Content Security Policy directive: "img-src 'self'".
security error URL: https://login.carmax.com/as/authorization.oauth2?client_id=homedelivery_prod&redirect_uri=https%3A%2F%2Fhomedelivery.carmax.com%2Flogin-callback&response_type=code&scope=openid%20profile%20kmxidentity%20kmxroles&code_challenge=TPNCzbH-idWPOHFJvl4ULZ1p19i320aK42vWHIfQ030&code_challenge_method=S256&response_mode=form_post&nonce=637907230748770925.NDczZDM5MzctMzU4My00MzYxLWJiZGEtZGI2Zjc2N2VlNTM0ZmI3NzEzYjItMDhiNS00YWE5LWI4NTEtODc5YWY5NDc0N2Zm&state=CfDJ8MQFV7_bzQtBnZ3mkGMZQK0juynFDdpqVGisekx-Z53pavppop8awWFNPAX3tXP4BXX2EREoFSp3oCTYQEP3FmKMFXh2t0JirIst2ZfcqdsF63-Gw1KAaG9nxTnafkZd4aieQZSdLLR_yhaxgAjryyuxhqxuDXM-ideC9QWbxPe4t2P_Zef4EhbzWdBoiGUaxN7iiSeQ3skXuA9IwgwHvJZkqE8Kr2ZVRpCjHg0gloxvYYrNmdrXtkgYXXtVoA685OTt60VEj3XMJgmOyapeC93i5mviRC8sHnzH6vzeqea8Rn7FqXlk0AjTrX5DHZlw-XIrrUeei40t3wE_zIT7xJRJIRu48D7cdCSD7gNJ98MVt4Vuj5k9MwMVTMxOPPGLb1FnTd0hfyNyFhdP8eHR30Q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.7.1.0
Message:
Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACGFjVEwAAAABAAAAAcMq2TYAAAANSURBVAiZY2BgYPgPAAEEAQB9ssjfAAAAGmZjVEwAAAAAAAAAAQAAAAEAAAAAAAAAAAD6A+gBAbNU+2sAAAARZmRBVAAAAAEImWNgYGBgAAAABQAB6MzFdgAAAABJRU5ErkJggg==' because it violates the following Content Security Policy directive: "img-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.force.com/ https://*.visualforce.com/ ;
Strict-Transport-Security max-age=31536000