urlscan.io logo urlscan.io
SecurityTrails logo

securityscorecard.com Open in urlscan Pro
2606:4700::6810:e250  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://securityscorecard.io/
Effective URL: https://securityscorecard.com/
Submission: On October 02 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 1 countries across 5 domains to perform 58 HTTP transactions. The main IP is 2606:4700::6810:e250, located in United States and belongs to CLOUDFLARENET, US. The main domain is securityscorecard.com. The Cisco Umbrella rank of the primary domain is 727924.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 5th 2023. Valid for: a year.
This is the only time securityscorecard.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.239.83.114 16509 (AMAZON-02)
1 1 18.239.83.31 16509 (AMAZON-02)
40 2606:4700::68... 13335 (CLOUDFLAR...)
1 151.101.193.91 54113 (FASTLY)
12 2a04:4e42::644 54113 (FASTLY)
1 2600:9000:212... 16509 (AMAZON-02)
1 2a04:4e42:200... 54113 (FASTLY)
2 2600:9000:211... 16509 (AMAZON-02)
1 18.239.83.123 16509 (AMAZON-02)
58 8
1    18.239.83.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-83-114.ams58.r.cloudfront.net
securityscorecard.io
1    18.239.83.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-83-31.ams58.r.cloudfront.net
securityscorecard.io
40    2606:4700::6810:e250 (United States)

ASN13335 (CLOUDFLARENET, US)
securityscorecard.com
1    151.101.193.91 (United States)

ASN54113 (FASTLY, US)
client-registry.mutinycdn.com
12    2a04:4e42::644 (United States)

ASN54113 (FASTLY, US)
fast.wistia.net
1    2600:9000:2127:a00:1e:c86:4140:93a1 (United States)

ASN16509 (AMAZON-02, US)
embed-ssl.wistia.com
1    2a04:4e42:200::644 (United States)

ASN54113 (FASTLY, US)
fast.wistia.com
2    2600:9000:211a:c600:3:471f:5240:93a1 (United States)

ASN16509 (AMAZON-02, US)
pipedream.wistia.com
1    18.239.83.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-83-123.ams58.r.cloudfront.net
distillery.wistia.com
Apex Domain
Subdomains		 Transfer
40 securityscorecard.com
securityscorecard.com — Cisco Umbrella Rank: 727924
1 MB
12 wistia.net
fast.wistia.net — Cisco Umbrella Rank: 18182
345 KB
5 wistia.com
embed-ssl.wistia.com — Cisco Umbrella Rank: 17088
fast.wistia.com — Cisco Umbrella Rank: 9847
pipedream.wistia.com — Cisco Umbrella Rank: 14616
distillery.wistia.com — Cisco Umbrella Rank: 14876
14 KB
2 securityscorecard.io
securityscorecard.io — Cisco Umbrella Rank: 392312
647 B
1 mutinycdn.com
client-registry.mutinycdn.com — Cisco Umbrella Rank: 47344
18 KB
58 5
Domain Requested by
40 securityscorecard.com securityscorecard.com
12 fast.wistia.net securityscorecard.com
fast.wistia.net
2 pipedream.wistia.com fast.wistia.net
2 securityscorecard.io 2 redirects
1 distillery.wistia.com fast.wistia.net
1 fast.wistia.com fast.wistia.net
1 embed-ssl.wistia.com
1 client-registry.mutinycdn.com securityscorecard.com
58 8
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-05 -
2024-05-04		 a year crt.sh
client-registry.mutinycdn.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-06-03 -
2024-07-04		 a year crt.sh
fast.wistia.net
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-07-02 -
2024-08-02		 a year crt.sh
*.wistia.com
Amazon RSA 2048 M01		 2023-01-31 -
2024-02-29		 a year crt.sh
fast.wistia.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2		 2023-07-02 -
2024-08-02		 a year crt.sh
pipedream-production-cloudfront-app-cname.wistia.com
Amazon RSA 2048 M03		 2023-09-11 -
2024-10-09		 a year crt.sh
stats-tap-production-cloudfront-app-cname.wistia.com
Amazon RSA 2048 M01		 2023-09-13 -
2024-10-11		 a year crt.sh

This page contains 2 frames:

Primary Page: https://securityscorecard.com/
Frame ID: EB9C708CC37DDC867B0D71E1C3E11690
Requests: 42 HTTP requests in this frame

Frame: https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
Frame ID: BF36F87663AEFAD9510CCEA982F1D717
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Security Ratings & Cybersecurity Risk Management | SecurityScorecardicon__SSClogoMarkicon__SSClogoMarkicon__SSClogoMarkicon__SSClogoMark

Page URL History Show full URLs

  1. http://securityscorecard.io/ HTTP 301
    https://securityscorecard.io/ HTTP 301
    https://securityscorecard.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link [^>]*href=(?:"|')[^"']*elementor/assets
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

58
Requests

100 %
HTTPS

56 %
IPv6

5
Domains

8
Subdomains

8
IPs

1
Countries

1625 kB
Transfer

3646 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://securityscorecard.io/ HTTP 301
    https://securityscorecard.io/ HTTP 301
    https://securityscorecard.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

58 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
securityscorecard.com/
Redirect Chain
  • http://securityscorecard.io/
  • https://securityscorecard.io/
  • https://securityscorecard.com/
875 KB
127 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cda5b77a5c2ee85e33b58455deb4981b2392ac1d5cf068b887c34d2be66478a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
3111
cache-control
public, max-age=2592000, stale-if-error=86400
cf-apo-via
tcache
cf-cache-status
HIT
cf-edge-cache
cache,platform=wordpress
cf-ray
810038c859ad03c4-FRA
content-encoding
br
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
content-type
text/html; charset=UTF-8
date
Mon, 02 Oct 2023 22:01:04 GMT
last-modified
Wed, 13 Sep 2023 14:20:41 GMT
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
referrer-policy
no-referrer-when-downgrade
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-cache
HIT: 711
x-cache-group
normal
x-cacheable
YES:2419200.000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

age
72172
content-length
0
date
Mon, 02 Oct 2023 01:58:11 GMT
location
https://securityscorecard.com/
server
AmazonS3
via
1.1 7d758b616f5473c7b4bee1c49ecfa98a.cloudfront.net (CloudFront)
x-amz-cf-id
pFEhSLThdK6Va4zRSTWt88l5ZrlVQ-fkoSH5AjyDsClCXrb47VvRYg==
x-amz-cf-pop
AMS58-P5
x-cache
Hit from cloudfront
thegem-icons.woff
securityscorecard.com/wp-content/themes/thegem-elementor/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/themes/thegem-elementor/fonts/thegem-icons.woff
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
052d3817719fc86219418bf51ae42bd10992abc1c1361775dff5ed817890d8f7
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35570
content-length
23568
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 09 Sep 2023 04:12:49 GMT
server
cloudflare
etag
"64fbf0c1-5c10"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038c8ca1503c4-FRA
JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
securityscorecard.com/fonts.gstatic.com/s/montserrat/v25/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/fonts.gstatic.com/s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33befdbbb24930584f5ac94ea3117adcd56518f20ab1619d05de83ffd1821d38
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Mon, 11 Jul 2022 18:54:16 GMT
server
cloudflare
age
33944
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=31536000
cf-apo-via
proxy
accept-ranges
bytes
cf-ray
810038c8ca1703c4-FRA
content-length
31760
expires
Sun, 29 Sep 2024 18:37:19 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
securityscorecard.com/fonts.gstatic.com/s/montserrat/v25/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Mon, 11 Jul 2022 18:57:39 GMT
server
cloudflare
age
35571
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=31536000
cf-apo-via
proxy
accept-ranges
bytes
cf-ray
810038c8ca1803c4-FRA
content-length
30928
expires
Fri, 27 Sep 2024 17:57:25 GMT
NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzYw.woff2
securityscorecard.com/fonts.gstatic.com/s/titilliumweb/v17/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzYw.woff2
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd870101ad4e95d687a2eb734707b0dd7c20808f76d7be77a71a5d13cf99401c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Thu, 24 Aug 2023 21:07:01 GMT
server
cloudflare
age
33944
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=31536000
cf-apo-via
proxy
accept-ranges
bytes
cf-ray
810038c8ca1903c4-FRA
content-length
12136
expires
Sat, 28 Sep 2024 15:20:49 GMT
NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
securityscorecard.com/fonts.gstatic.com/s/titilliumweb/v17/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
last-modified
Thu, 24 Aug 2023 20:48:16 GMT
server
cloudflare
age
33944
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=31536000
cf-apo-via
proxy
accept-ranges
bytes
cf-ray
810038c8ca1c03c4-FRA
content-length
11796
expires
Sat, 28 Sep 2024 15:37:55 GMT
montserrat-ultralight.woff
securityscorecard.com/wp-content/themes/thegem-elementor/fonts/ 		53 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/themes/thegem-elementor/fonts/montserrat-ultralight.woff
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9956843e6bcd1ca47a15a97ccabeb09d5255c051829af54ad6d3c14bbc096fa2
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35570
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=tGjrlTC2ntH4hhMa_nslqOUM5a9.DdcB40Ge9tIGmUw-1696284064-0-AYl6Dl6bNm_LHULLdjyJwOyGXINeJWKAVZykuD-jPqH9zWrtI1HoCmegxIkBWzWaz42EBAAuHrdkaSsLWPzp3y06SQN6Hk3C1lLoF2g3rYb0p_gbfprCVdDY9SXiXZV9fAms1A7YZNVsZeidQvoRKpiBwLNau_x-5ppwEAzwe052; report-to cf-csp-endpoint
content-length
54036
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 09 Sep 2023 04:12:49 GMT
server
cloudflare
etag
"64fbf0c1-d314"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=tGjrlTC2ntH4hhMa_nslqOUM5a9.DdcB40Ge9tIGmUw-1696284064-0-AYl6Dl6bNm_LHULLdjyJwOyGXINeJWKAVZykuD-jPqH9zWrtI1HoCmegxIkBWzWaz42EBAAuHrdkaSsLWPzp3y06SQN6Hk3C1lLoF2g3rYb0p_gbfprCVdDY9SXiXZV9fAms1A7YZNVsZeidQvoRKpiBwLNau_x-5ppwEAzwe052"}],"group":"cf-csp-endpoint","max_age":86400}
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038c8ca1d03c4-FRA
fa-brands-400.woff2
securityscorecard.com/wp-content/plugins/jet-menu/assets/public/lib/font-awesome/webfonts/ 		74 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/plugins/jet-menu/assets/public/lib/font-awesome/webfonts/fa-brands-400.woff2
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e4560c16c7970efa47680450b2cf239d4a482c056d308acea12bb9022906c8b
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33944
content-length
75936
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 May 2023 05:53:06 GMT
server
cloudflare
etag
"64534842-128a0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038c8ca1e03c4-FRA
fa-solid-900.woff2
securityscorecard.com/wp-content/plugins/jet-menu/assets/public/lib/font-awesome/webfonts/ 		74 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/plugins/jet-menu/assets/public/lib/font-awesome/webfonts/fa-solid-900.woff2
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
787d76ad6deab67ccf8bac1b584260205e114f508fc5542b612e3f75d49a34e4
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35570
content-length
76084
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 May 2023 05:53:06 GMT
server
cloudflare
etag
"64534842-12934"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038c8ca2103c4-FRA
eicons.woff2
securityscorecard.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.21.0
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24f190f48754ad5156b04df5cf84dfddc2128f9bdd6e9576c54ac4761426fef5
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33944
content-length
94320
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 09 Sep 2023 04:12:04 GMT
server
cloudflare
etag
"64fbf094-17070"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038c8ca2203c4-FRA
ssc.woff2
securityscorecard.com/wp-content/uploads/elementor/custom-icons/ssc/font/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/uploads/elementor/custom-icons/ssc/font/ssc.woff2?80389504
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f376a5c926534af39ad5d555c11e0d3eeb0631ee3f6463d7b215a91ed3cddb9
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35569
content-length
23260
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 02 Feb 2023 22:03:13 GMT
server
cloudflare
etag
"63dc3321-5adc"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038c8fa4703c4-FRA
fa-solid-900.woff2
securityscorecard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 		76 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35569
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=OtPZS.oOtttLjUpOVayShjotc1O_z8vuu5rXKAszbEw-1696284064-0-AbNCpgbcAdqJ92tFDwR-Mct5GJ4iJ7MLoE37UInYlwvLz62sjII3hI_qX41IVms-WrWkLO_20vlPS3ct18jLQL1YhgTEtvj0SNVzAKqjb10lZpfEaI5Q_KoKb2eBbWEYvSMrz1LUB6D5Nob7fZSj63xzGweWaED5TzbrRTxXbV1J; report-to cf-csp-endpoint
content-length
78196
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 09 Sep 2023 04:12:05 GMT
server
cloudflare
etag
"64fbf095-13174"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=OtPZS.oOtttLjUpOVayShjotc1O_z8vuu5rXKAszbEw-1696284064-0-AbNCpgbcAdqJ92tFDwR-Mct5GJ4iJ7MLoE37UInYlwvLz62sjII3hI_qX41IVms-WrWkLO_20vlPS3ct18jLQL1YhgTEtvj0SNVzAKqjb10lZpfEaI5Q_KoKb2eBbWEYvSMrz1LUB6D5Nob7fZSj63xzGweWaED5TzbrRTxXbV1J"}],"group":"cf-csp-endpoint","max_age":86400}
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038c8fa4803c4-FRA
ElegantIcons.woff
securityscorecard.com/wp-content/themes/thegem-elementor/fonts/elegant/ 		62 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/themes/thegem-elementor/fonts/elegant/ElegantIcons.woff
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be1825e52a0dc7df04df9322f62abe2a2f2a25d98aac186de0140dfc7f6bdcae
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35569
content-length
63664
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 09 Sep 2023 04:12:49 GMT
server
cloudflare
etag
"64fbf0c1-f8b0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038c8fa4903c4-FRA
fa-brands-400.woff2
securityscorecard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityscorecard.com/
Origin
https://securityscorecard.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
34733
content-length
76764
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 09 Sep 2023 04:12:04 GMT
server
cloudflare
etag
"64fbf094-12bdc"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038c8fa4b03c4-FRA
4f6ca7fced130fc0.js
client-registry.mutinycdn.com/personalize/client/ 		62 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client-registry.mutinycdn.com/personalize/client/4f6ca7fced130fc0.js
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.91 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e066164beb96bd639e1527291c69d86e4441c7aa77ba7b25833b7fd518343b38

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-version-id
dbBxQQbMQ2o1GfSua6xwdjBy0zBHkNak
x-continent-code
EU
content-encoding
gzip
date
Mon, 02 Oct 2023 22:01:04 GMT
via
1.1 varnish
x-edge-region
EU-East
x-amz-request-id
4PZH4TSRPKDFR751
age
718
x-amz-server-side-encryption
AES256
x-cache
HIT
x-edge-datacenter
FRA
content-length
17454
x-amz-id-2
VSaEHTb4TSD2uPRbxL5CVL29GC+VUZ8g18tYjPVLqnqw0CbO+ZgLHDVXXb/j6cHGbOEdJP52Hks=
x-served-by
cache-fra-eddf8230067-FRA
x-connection-speed
broadband
last-modified
Thu, 21 Sep 2023 17:46:51 GMT
server
AmazonS3
etag
"c860f51b0b15662553dc662893fd6237"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=3600, max-age=0
vary
X-Continent-Code, Accept-Encoding
accept-ranges
bytes
x-country-code
DE
x-cache-hits
1
email-decode.min.js
securityscorecard.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
818 B 		Script
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 27 Sep 2023 11:52:30 GMT
server
cloudflare
content-encoding
gzip
etag
W/"6514177e-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
810038c93a7a03c4-FRA
expires
Wed, 04 Oct 2023 22:01:04 GMT
smush-lazy-load-native.min.js
securityscorecard.com/wp-content/plugins/wp-smush-pro/app/assets/js/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securityscorecard.com/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load-native.min.js?ver=3.14.2
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be6782a8a0617c64e1eaf887f6771ac1e4ead25232ffcf133e5cba77b7379e76
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
34734
content-encoding
br
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 26 Aug 2023 04:12:57 GMT
server
cloudflare
etag
W/"64e97bc9-2505"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
cf-ray
810038c98ab503c4-FRA
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type
image/gif
SSC_purplepattern_3.png
securityscorecard.com/wp-content/uploads/2022/10/ 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/10/SSC_purplepattern_3.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02891874c4c037f51fa74ad54b41e4e639268ce1077c548de78e2105b3e0997a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35568
content-length
106742
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:24:50 GMT
server
cloudflare
etag
"6518f492-1a0f6"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038ca5b3203c4-FRA
expires
Tue, 01 Oct 2024 12:08:16 GMT
IMG_SecurityData-Computer.png
securityscorecard.com/wp-content/uploads/2023/02/ 		84 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2023/02/IMG_SecurityData-Computer.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecdade75e33531d7c9f40bffb211c688f867355ad8a2e1ca14ecd8064965bdb0
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35568
content-length
86260
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:24:16 GMT
server
cloudflare
etag
"6518f470-150f4"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038ca6b3803c4-FRA
expires
Tue, 01 Oct 2024 12:08:16 GMT
SSC_greypattern_3.png
securityscorecard.com/wp-content/uploads/2022/09/ 		60 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/SSC_greypattern_3.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fb2b02a51a7782c4f3a1dbd0b7302ba017232ad354fe857ecceffa02260c662
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35568
content-length
61454
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:25:20 GMT
server
cloudflare
etag
"6518f4b0-f00e"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038ca6b3a03c4-FRA
expires
Tue, 01 Oct 2024 12:08:16 GMT
SSC_greypattern_3.png
securityscorecard.com/wp-content/uploads/2023/02/ 		60 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2023/02/SSC_greypattern_3.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fb2b02a51a7782c4f3a1dbd0b7302ba017232ad354fe857ecceffa02260c662
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
61454
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:24:20 GMT
server
cloudflare
etag
"6518f474-f00e"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038ca6b3c03c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
sty2xpgkg5
fast.wistia.net/embed/iframe/ Frame BF36 		11 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/wp-content/plugins/wp-smush-pro/app/assets/js/smush-lazy-load-native.min.js?ver=3.14.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
20207f8699af8737bf9f46710c1b1f5c47fc415be5429a98bef048ea61e61e3f
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff

Request headers

Referer
https://securityscorecard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
9610
cache-control
public, no-cache
content-encoding
br
content-length
3414
content-type
text/html; charset=utf-8
date
Mon, 02 Oct 2023 22:01:04 GMT
etag
W/"20207f8699af8737bf9f46710c1b1f5c"
server
envoy
strict-transport-security
max-age=0
timing-allow-origin
*
vary
Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
via
1.1 281687fdef6568ba75a1a090e3b48e2a.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
x-amz-cf-id
gpUHarV5ZJd6QS-ycnNI4WvCkFS1ErigST-Gz4ZZXrtP9tziAPajHw==
x-amz-cf-pop
IAD61-P1
x-browser
chrome
x-browser-version
117
x-cache
Miss from cloudfront, HIT, HIT
x-cache-hits
29, 1
x-content-type-options
nosniff
x-ecma-v
modern
x-envoy-upstream-service-time
95
x-permitted-cross-domain-policies
none
x-request-id
2ee06b03-1e14-4f55-af37-0493fd82a7bc
x-runtime
0.091646
x-served-by
cache-iad-kcgs7200132-IAD, cache-fra-etou8220107-FRA
x-timer
S1696284065.529532,VS0,VE1
forrester-300x48.png
securityscorecard.com/wp-content/uploads/2023/01/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2023/01/forrester-300x48.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d4aa24480a35d317f6f923ef76bf197925a3233ebc832ab581c6f137b9b5f18
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
2080
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:24:27 GMT
server
cloudflare
etag
"6518f47b-820"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038caab6803c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
securityscorecard_logo-300x43.png
securityscorecard.com/wp-content/uploads/2022/09/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/securityscorecard_logo-300x43.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
330500899472c1b6c7b9e5edf989c405e724cf8456aa496e3b1de415a72cf271
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
2198
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:26:08 GMT
server
cloudflare
etag
"6518f4e0-896"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038caab6903c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
ssc-new-logo-300x43.png
securityscorecard.com/wp-content/uploads/2022/12/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/12/ssc-new-logo-300x43.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
863ecdd486daa7c01c39de8c8f826494eb59bc5934aeac9e12ae95d0a087eefa
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
2508
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:24:47 GMT
server
cloudflare
etag
"6518f48f-9cc"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038caab6a03c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
Projected-Score_2021-11-09-211217_mxuw.jpg
securityscorecard.com/wp-content/uploads/2022/09/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/Projected-Score_2021-11-09-211217_mxuw.jpg
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b13d0f383b73b14ba36483e67de27cdb14f2f3efb8707037bedfd072fd117f06
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
15518
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:25:17 GMT
server
cloudflare
etag
"6518f4ad-3c9e"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038caab6b03c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
board-report.jpg
securityscorecard.com/wp-content/uploads/2022/10/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/10/board-report.jpg
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9e949444351d3067ec1e36b9d62daf65316e59d5cf3f1f19cbdb44c6e491591
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
12700
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:24:50 GMT
server
cloudflare
etag
"6518f492-319c"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038caab6d03c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
Dashboard.png
securityscorecard.com/wp-content/uploads/2022/09/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/Dashboard.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d611cb90bb5b9c517d07fc054cd2b4fc50d483408a3b508ffeac995ed443a99
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
54550
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:25:08 GMT
server
cloudflare
etag
"6518f4a4-d516"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038caab6e03c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
Network-Security.jpg
securityscorecard.com/wp-content/uploads/2022/09/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/Network-Security.jpg
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f569085d96229ea9eca0dd042598c4eb7e073fa07dc6690bfa6b8cb18c1ee82
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35560
content-length
13880
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:25:14 GMT
server
cloudflare
etag
"6518f4aa-3638"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038caab6f03c4-FRA
expires
Tue, 01 Oct 2024 12:08:24 GMT
CDM-Global-Infosec-Award-2022-150x150.jpeg
securityscorecard.com/wp-content/uploads/2022/09/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/CDM-Global-Infosec-Award-2022-150x150.jpeg
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b111f8428eb3e546332bc98fb5246e0a1a56fa44a6c723bc7b1e98f66fe47b89
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35559
content-length
7056
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:25:07 GMT
server
cloudflare
etag
"6518f4a3-1b90"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7003c4-FRA
expires
Tue, 01 Oct 2024 12:08:24 GMT
black-unicorn-2022-150x150.jpeg
securityscorecard.com/wp-content/uploads/2022/12/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/12/black-unicorn-2022-150x150.jpeg
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd433b611f32b584fc0971178dd4a13ef3c590a75fea6a911f7cabb009424934
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
4840
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:24:39 GMT
server
cloudflare
etag
"6518f487-12e8"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7103c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
ITRiskManagement_BestMeetsRequirements_Mid-Market_MeetsRequirements-150x150.png
securityscorecard.com/wp-content/uploads/2023/04/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2023/04/ITRiskManagement_BestMeetsRequirements_Mid-Market_MeetsRequirements-150x150.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87782f52c106b75b3c7ccab1593e7e75548f808a4e09523e0f97978fda3b6226
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35559
content-length
4778
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:23:51 GMT
server
cloudflare
etag
"6518f457-12aa"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7303c4-FRA
expires
Tue, 01 Oct 2024 12:08:25 GMT
SecurityRiskAnalysis_FastestImplementation_Enterprise_GoLiveTime-150x150.png
securityscorecard.com/wp-content/uploads/2023/04/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2023/04/SecurityRiskAnalysis_FastestImplementation_Enterprise_GoLiveTime-150x150.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c457915b5bf54d6c728b61bfb7b6971be9a4dd3c9f97dd7eed37781f27bd8011
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
4312
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:23:54 GMT
server
cloudflare
etag
"6518f45a-10d8"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7403c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
SecurityRiskAnalysis_MostImplementable_Enterprise_Total-150x150.png
securityscorecard.com/wp-content/uploads/2023/04/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2023/04/SecurityRiskAnalysis_MostImplementable_Enterprise_Total-150x150.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fb2726371ab41b9e4d23aff5e1d8cad44002caef28f9f411cbe01593da72993
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35559
content-length
4330
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:23:54 GMT
server
cloudflare
etag
"6518f45a-10ea"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7503c4-FRA
expires
Tue, 01 Oct 2024 12:08:25 GMT
ThirdPartySupplierRiskManagement_EasiestAdmin_Mid-Market_EaseOfAdmin-150x150.png
securityscorecard.com/wp-content/uploads/2023/04/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2023/04/ThirdPartySupplierRiskManagement_EasiestAdmin_Mid-Market_EaseOfAdmin-150x150.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9848c2b9876412fea5190df4f4d889716dd894e6ceb7f0e8f9e8d67c78dbe552
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=o26BwzIo6dQ872DXCVyx5qV6ej7U83GU2M.GdhrYhTo-1696284064-0-AbE3LcR_MSqBfwMtrsWXlipOo-SsfO9G_Q-QALohaAg3PdQ4GfEc4wyKWjaWBm-_TMkfjlSsXW91XGnu9oBKgdzx_GUrIcxOTU0GUmLUKr-MHcCY_MBbf9gBIgcxh-a2Ueed8wPWtouoAXKXNV6A41gH-aap_yaFYlwNpWwxq4cJ; report-to cf-csp-endpoint
content-length
4580
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:23:54 GMT
server
cloudflare
etag
"6518f45a-11e4"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=o26BwzIo6dQ872DXCVyx5qV6ej7U83GU2M.GdhrYhTo-1696284064-0-AbE3LcR_MSqBfwMtrsWXlipOo-SsfO9G_Q-QALohaAg3PdQ4GfEc4wyKWjaWBm-_TMkfjlSsXW91XGnu9oBKgdzx_GUrIcxOTU0GUmLUKr-MHcCY_MBbf9gBIgcxh-a2Ueed8wPWtouoAXKXNV6A41gH-aap_yaFYlwNpWwxq4cJ"}],"group":"cf-csp-endpoint","max_age":86400}
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7603c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
SecurityRiskAnalysis_EasiestToDoBusinessWith_Enterprise_EaseOfDoingBusinessWith-150x150.png
securityscorecard.com/wp-content/uploads/2023/04/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2023/04/SecurityRiskAnalysis_EasiestToDoBusinessWith_Enterprise_EaseOfDoingBusinessWith-150x150.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
718512f78febfcdb91a04b52c39ff5dc211ca1154a87bba2a0b1ff58cef86768
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
4590
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:23:54 GMT
server
cloudflare
etag
"6518f45a-11ee"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7703c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
logo_cb7a39cde0ad70c497a0c4e102c4e9d0_1x.png
securityscorecard.com/wp-content/uploads/thegem-logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/thegem-logos/logo_cb7a39cde0ad70c497a0c4e102c4e9d0_1x.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
331f47ce48ff071f760155a77ea8faa838d0cd74de39d58fedf83da7e84d7754
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35559
content-length
2006
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:22:24 GMT
server
cloudflare
etag
"6518f400-7d6"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7b03c4-FRA
expires
Tue, 01 Oct 2024 12:08:25 GMT
Diversa_Logo_Color-300x83.png
securityscorecard.com/wp-content/uploads/2023/06/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2023/06/Diversa_Logo_Color-300x83.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98268caef9cf3e84607bee1cbbbb2e0eec717a000b75644d105af448f29c9a57
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33942
content-length
2860
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:23:31 GMT
server
cloudflare
etag
"6518f443-b2c"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7c03c4-FRA
expires
Tue, 01 Oct 2024 12:35:22 GMT
access_logo-466X177-1-300x114.png
securityscorecard.com/wp-content/uploads/2022/09/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/access_logo-466X177-1-300x114.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b66bc9f26b4acd84feaf9e762fcb38d6a23160fca2a67a2fddab3d2ca1d8ee06
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
33943
content-length
2968
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:25:27 GMT
server
cloudflare
etag
"6518f4b7-b98"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7d03c4-FRA
expires
Tue, 01 Oct 2024 12:35:21 GMT
axa-logo-scroller-300x300.png
securityscorecard.com/wp-content/uploads/2022/09/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/axa-logo-scroller-300x300.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6f16f4ab63f651884b2de233f0d5c66f472c9b5ffa6b7bfd02fc78a150334a6
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35558
content-length
2226
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:25:30 GMT
server
cloudflare
etag
"6518f4ba-8b2"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cabb7e03c4-FRA
expires
Tue, 01 Oct 2024 12:08:26 GMT
horizon-media-logo-scroller.png
securityscorecard.com/wp-content/uploads/2022/09/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/horizon-media-logo-scroller.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e8ad18758a85e15cbce4b8c0a5660deae163da6d401c234eab4a94a33233441
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35558
content-length
5786
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:25:49 GMT
server
cloudflare
etag
"6518f4cd-169a"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cacb8603c4-FRA
expires
Tue, 01 Oct 2024 12:08:26 GMT
liberty-mutual-logo-scroller.png
securityscorecard.com/wp-content/uploads/2022/09/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securityscorecard.com/wp-content/uploads/2022/09/liberty-mutual-logo-scroller.png
Requested by
Host: securityscorecard.com
URL: https://securityscorecard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8749ab73fdc91646819d0f0da0afac1767a70f4648fa48d96271b324ec36c255
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityscorecard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
35558
content-length
6096
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 01 Oct 2023 04:25:54 GMT
server
cloudflare
etag
"6518f4d2-17d0"
vary
Accept, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=2592000, stale-if-error=86400
permissions-policy
fullscreen=(self "https://*securityscorecard.com https://securityscorecard.com"), geolocation=(self "https://securityscorecard.com"), camera=()
accept-ranges
bytes
cf-ray
810038cacb8703c4-FRA
expires
Tue, 01 Oct 2024 12:08:26 GMT
insideIframe.js
fast.wistia.net/assets/external/ Frame BF36 		45 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/assets/external/insideIframe.js
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
24f7cd37795b4af931607af4069fd1e34441fe2999a4ded68c13f3e76197bb84
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
Origin
https://fast.wistia.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
age
2852
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
12067
x-served-by
cache-iad-kcgs7200174-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Mon, 02 Oct 2023 16:12:40 GMT
server
AmazonS3
x-timer
S1696284065.581024,VS0,VE0
etag
"c2befee6098e5e462e08db8195131418"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-browser
chrome
asset-version
4d20bf3e38907bb59b5ab4c8f6401e37ffab4b9e
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
13, 27
E-v1.js
fast.wistia.net/assets/external/ Frame BF36 		734 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/assets/external/E-v1.js
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9ce6dfd8b9ae531aa3d8f38a857471be1e39dd48ce9ddeea10970e4af04fe64e
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
age
2853
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
127488
x-served-by
cache-iad-kcgs7200102-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Mon, 02 Oct 2023 16:12:40 GMT
server
AmazonS3
x-timer
S1696284065.581097,VS0,VE0
etag
"d9a9d5f8a3e9066fbe9fcafc351683c0"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-browser
chrome
asset-version
4d20bf3e38907bb59b5ab4c8f6401e37ffab4b9e
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
13, 37
swatch
fast.wistia.net/embed/medias/sty2xpgkg5/ Frame BF36 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fast.wistia.net/embed/medias/sty2xpgkg5/swatch
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
6e9aa9bddeafd03b0ed2063fe07c15474dfee72099ea0253941b389867732773
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
access-control-request-method
*
via
1.1 1bd7d779bed244375679d82e1821cc3c.cloudfront.net (CloudFront), 1.1 368146333bf1a1071e8432a7d4e41e1a.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
x-cdn
cloudfront
x-amz-cf-pop
IAD89-P2, IAD89-C3
age
532901
edge-cache-tag
eb526ad0eab7dffa65759bc60d44f63b
x-cache
Miss from cloudfront, HIT, HIT
x-envoy-upstream-service-time
31
content-disposition
inline
content-length
3135
x-served-by
cache-iad-kcgs7200158-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Wed, 19 Jul 2023 17:24:21 UTC
server
envoy
x-timer
S1696284065.581209,VS0,VE2
etag
hH8LrZ_bIlot42fu4w6LL3XiSkE=
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, no-cache,max-age=31536000
x-browser
chrome
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
XL-kWSV25hj0Ux--rFb4i-NACJGVjow2ssB5S_E6SLxg8WU9yK1FbA==
x-cache-hits
1129, 1
captions.js
fast.wistia.net/assets/external/ Frame BF36 		162 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/assets/external/captions.js
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/E-v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a5ffb3a207fd89390bcde47e9ff53ba38a7f7f0d94271d93eb59b124abf1be1f
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
age
2852
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
33742
x-served-by
cache-iad-kiad7000116-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Mon, 02 Oct 2023 16:12:40 GMT
server
AmazonS3
x-timer
S1696284065.816669,VS0,VE0
etag
"e9140b47195a9b14d5b8a9957d0717fd"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-browser
chrome
asset-version
4d20bf3e38907bb59b5ab4c8f6401e37ffab4b9e
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
5, 9
playPauseLoadingControl.js
fast.wistia.net/assets/external/ Frame BF36 		79 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/assets/external/playPauseLoadingControl.js
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/E-v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e41df036e157428f6b0a354d91e3f12936ce211ab4d5cfb451f16972c924e360
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://fast.wistia.net/assets/external/E-v1.js
Origin
https://fast.wistia.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
age
2854
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
20987
x-served-by
cache-iad-kcgs7200129-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Mon, 02 Oct 2023 16:12:40 GMT
server
AmazonS3
x-timer
S1696284065.886949,VS0,VE0
etag
"6c922364c786a0e0917fb34588eca6a4"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-browser
chrome
asset-version
4d20bf3e38907bb59b5ab4c8f6401e37ffab4b9e
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
21, 27
sty2xpgkg5.json
fast.wistia.net/embed/captions/ Frame BF36 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/embed/captions/sty2xpgkg5.json
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/captions.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
4f7ca1115c94399ea320398be65a7161195a68b88401da436b49538ac43168d1
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=0
via
1.1 3d088826d90526f82c740c9ebe467f50.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
x-permitted-cross-domain-policies
none
x-amz-cf-pop
IAD55-P2
age
9610
x-cache
Miss from cloudfront, HIT, HIT
x-envoy-upstream-service-time
61
content-length
1335
x-request-id
50a4acbc-22ca-4b7e-a64b-a2d911cfadaa
x-served-by
cache-iad-kjyo7100070-IAD, cache-fra-etou8220107-FRA
x-runtime
0.059239
x-browser-version
117
server
envoy
x-timer
S1696284065.891503,VS0,VE2
etag
W/"4f7ca1115c94399ea320398be65a7161"
vary
Accept-Encoding,X-Forwarded-Proto
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, no-cache
x-browser
chrome
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
cqZZoxuEGUeKJl24Z8GbWqZytEGwZrczsSjanCvFrRHE9H5Ht2XCSQ==
x-cache-hits
17, 1
interFontFace.js
fast.wistia.net/assets/external/ Frame BF36 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/assets/external/interFontFace.js
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/captions.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3d653cf287a3212e8c5f8d68f2af6563d062b2aaf37348d0b1c5c1798dc22a0
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://fast.wistia.net/assets/external/captions.js
Origin
https://fast.wistia.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
age
2854
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
18267
x-served-by
cache-iad-kcgs7200174-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Mon, 02 Oct 2023 16:12:40 GMT
server
AmazonS3
x-timer
S1696284065.902939,VS0,VE0
etag
"9273139b4f23d8c9635da27dfe1931ba"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-browser
chrome
asset-version
4d20bf3e38907bb59b5ab4c8f6401e37ffab4b9e
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
15, 12
truncated
/ Frame BF36 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe2d7250cc0730dc655721c5fa4bf5236dcabdf57f8593e8fe2096a42c0c8baf

Request headers

Referer
Origin
https://fast.wistia.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
swatch
fast.wistia.net/embed/medias/sty2xpgkg5/ Frame BF36 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fast.wistia.net/embed/medias/sty2xpgkg5/swatch
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/E-v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
6e9aa9bddeafd03b0ed2063fe07c15474dfee72099ea0253941b389867732773
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:04 GMT
access-control-request-method
*
via
1.1 1bd7d779bed244375679d82e1821cc3c.cloudfront.net (CloudFront), 1.1 368146333bf1a1071e8432a7d4e41e1a.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
x-cdn
cloudfront
x-amz-cf-pop
IAD89-P2, IAD89-C3
age
532901
edge-cache-tag
eb526ad0eab7dffa65759bc60d44f63b
x-cache
Miss from cloudfront, HIT, HIT
x-envoy-upstream-service-time
31
content-disposition
inline
content-length
3135
x-served-by
cache-iad-kcgs7200158-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Wed, 19 Jul 2023 17:24:21 UTC
server
envoy
x-timer
S1696284065.933580,VS0,VE0
etag
hH8LrZ_bIlot42fu4w6LL3XiSkE=
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, no-cache,max-age=31536000
x-browser
chrome
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
XL-kWSV25hj0Ux--rFb4i-NACJGVjow2ssB5S_E6SLxg8WU9yK1FbA==
x-cache-hits
1129, 2
eb526ad0eab7dffa65759bc60d44f63b.webp
embed-ssl.wistia.com/deliveries/ Frame BF36 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://embed-ssl.wistia.com/deliveries/eb526ad0eab7dffa65759bc60d44f63b.webp?image_crop_resized=640x360
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:a00:1e:c86:4140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
envoy /
Resource Hash
da9bade2098ce2a0a3ffde33a83ed4d15fcd8129c2c62a88c682c113a84afb7e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fast.wistia.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 20 Sep 2023 11:26:57 GMT
access-control-request-method
*
via
1.1 6fc3cae9692b6db972e4990be9921fae.cloudfront.net (CloudFront)
x-cdn
cloudfront
x-amz-cf-pop
PRG50-C1
age
1074847
edge-cache-tag
eb526ad0eab7dffa65759bc60d44f63b
x-cache
Hit from cloudfront
x-envoy-upstream-service-time
168
content-disposition
inline
surrogate-key
eb526ad0eab7dffa65759bc60d44f63b thumbnail-delivery
last-modified
Wed, 19 Jul 2023 17:24:21 UTC
server
envoy
etag
TT_JFe0BXT4ON9kWOhbMtKlECf0=
vary
Origin
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
none
x-amz-cf-id
b0pTfyXEPk1h3XzwQaz3VVmE5r4kBAyQlGhOlOR8biEVjedIXB_Bgg==
hls_video.js
fast.wistia.net/assets/external/engines/ Frame BF36 		473 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/assets/external/engines/hls_video.js
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/E-v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
807f40e8b45de929b80b67bca96d069d92e98e82e1226b74a02b999bbf51d85a
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://fast.wistia.net/assets/external/E-v1.js
Origin
https://fast.wistia.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:05 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
age
2881
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
117671
x-served-by
cache-iad-kjyo7100161-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Mon, 02 Oct 2023 16:12:40 GMT
server
AmazonS3
x-timer
S1696284065.192128,VS0,VE0
etag
"8fd9a2a95e4509200c3bfb496918b20c"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-browser
chrome
asset-version
4d20bf3e38907bb59b5ab4c8f6401e37ffab4b9e
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
35, 20
sty2xpgkg5.m3u8
fast.wistia.com/embed/medias/ Frame BF36 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.com/embed/medias/sty2xpgkg5.m3u8
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/engines/hls_video.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:200::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
af775b0fb96d313548dc6ea038442bff17e69830b6b9eb4a9243503ebd50a1f2
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fast.wistia.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:05 GMT
via
1.1 ba82151bf51e4c722c5305c983d8b71e.cloudfront.net (CloudFront), 1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=0
x-permitted-cross-domain-policies
none
x-amz-cf-pop
IAD89-C3
age
9650
x-cache
Miss from cloudfront, HIT, HIT
x-envoy-upstream-service-time
41
content-length
1355
x-request-id
3f81b24a-847a-4ad8-810a-6ed8a98e7887
x-served-by
cache-iad-kjyo7100134-IAD, cache-ams21045-AMS
x-runtime
0.039538
x-browser-version
117
server
envoy
x-timer
S1696284065.375665,VS0,VE1
etag
W/"af775b0fb96d313548dc6ea038442bff"
vary
Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
content-type
application/x-mpegURL
access-control-allow-origin
*
cache-control
public, no-cache
x-browser
chrome
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
toDVVjRXdNK8Rm5kKpZ07_8nBl_xQsvxrJvVnHgp22RB1L9VOwSh0A==
x-cache-hits
9973, 1
blank.gif
fast.wistia.net/assets/images/ Frame BF36 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fast.wistia.net/assets/images/blank.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://fast.wistia.net/embed/iframe/sty2xpgkg5?seo=false&videoFoam=true
Origin
https://fast.wistia.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:05 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
age
2360
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
1214
x-served-by
cache-iad-kiad7000175-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Wed, 10 May 2023 19:48:54 GMT
server
AmazonS3
x-timer
S1696284065.293140,VS0,VE0
etag
"fbdc4ed9a1e2ee4917a265306927bcf1"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=3600
x-browser
chrome
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
2381539, 22
mput
pipedream.wistia.com/ Frame BF36 		2 B
329 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pipedream.wistia.com/mput?topic=metrics
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/E-v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:c600:3:471f:5240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
envoy /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://fast.wistia.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 02 Oct 2023 22:01:05 GMT
via
1.1 4de71b0a42267b098ed30fff0d8a660a.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
access-control-allow-methods
POST, OPTIONS
access-control-allow-origin
*
content-type
text/plain; charset=utf-8
x-envoy-upstream-service-time
1
content-length
2
x-amz-cf-id
oBCUp_goyK1Fp9VgECriL-2_hEeH9Ddrr6t8IYd4C5XjNwQOG4Mlmw==
x
distillery.wistia.com/ Frame BF36 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://distillery.wistia.com/x
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/E-v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.83.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-83-123.ams58.r.cloudfront.net
Software
envoy /
Resource Hash

Request headers

Referer
https://fast.wistia.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 02 Oct 2023 22:01:05 GMT
via
1.1 cb6a2c71695f851967f08ee8b2defc0c.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
AMS58-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
x-amz-cf-id
_Zl8Hgi3XsX2XTRlX2YoPhdB3V1ifiFvAQbceQdhNH3hqlVZr1kJUA==
mput
pipedream.wistia.com/ Frame BF36 		2 B
329 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pipedream.wistia.com/mput?topic=metrics
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/E-v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:c600:3:471f:5240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
envoy /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://fast.wistia.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 02 Oct 2023 22:01:05 GMT
via
1.1 4de71b0a42267b098ed30fff0d8a660a.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
access-control-allow-methods
POST, OPTIONS
access-control-allow-origin
*
content-type
text/plain; charset=utf-8
x-envoy-upstream-service-time
1
content-length
2
x-amz-cf-id
RlSTZURKnhxkgpHZoYgCoqMkkDrzI-FTIa_wQpnhY62N4X81y6gXtA==
allIntegrations.js
fast.wistia.net/assets/external/ Frame BF36 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fast.wistia.net/assets/external/allIntegrations.js
Requested by
Host: fast.wistia.net
URL: https://fast.wistia.net/assets/external/E-v1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::644 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fdd8d1cf387ce7af0aaa13703613978fdc0d306802eadb1ebb5d3aba2afe8145
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://fast.wistia.net/assets/external/E-v1.js
Origin
https://fast.wistia.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 22:01:05 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=0
age
2854
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
5797
x-served-by
cache-iad-kjyo7100117-IAD, cache-fra-etou8220107-FRA
x-browser-version
117
last-modified
Mon, 02 Oct 2023 16:12:40 GMT
server
AmazonS3
x-timer
S1696284066.940792,VS0,VE0
etag
"6c845f555b2f09eb9a4f5e8d2351ddff"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=3600
x-browser
chrome
asset-version
4d20bf3e38907bb59b5ab4c8f6401e37ffab4b9e
x-ecma-v
modern
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
33, 7

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture undefined| href object| wpml_cookies object| levitated_manual_resources_ajax_object object| mutiny object| mutinyWpJsonp object| thegem_menu_data object| thegem_dlmenu_settings object| thegem_scripts_data object| _wpUtilSettings object| aepro object| jetMenuPublicSettings object| jetBlocksData object| JetHamburgerPanelSettings object| jetElements object| JetTabsSettings object| lazySizes

0 Cookies

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized origin: 'https://*securityscorecard.com https://securityscorecard.com'.
security error URL: https://securityscorecard.com/(Line 2205)
Message:
Refused to frame '' because it violates the following Content Security Policy directive: "frame-src 'self' https://*.qualified.com https:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'self' securityscorecard.lookbookhq.com resources.securityscorecard.com securityscorecard.pathfactory.com discover.securityscorecard.com instant.securityscorecard.com instant.securityscorecard.camp securityscorecard.qa securityscorecard.com securityscorecard.camp *.cookiebot.com; default-src *.crazyegg.com; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: https://*.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com https://www.datadoghq-browser-agent.com blob: data: https:; style-src 'self' 'unsafe-inline' https://*.qualified.com https:; font-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.auryc.com instant.securityscorecard.camp data: https:; frame-src 'self' https://*.qualified.com https:; connect-src 'self' securityscorecard.com securityscorecard.camp instant.securityscorecard.com *.crazyegg.com https://*.qualified.com wss://*.qualified.com *.auryc.com https://*.browser-intake-datadoghq.com https:; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src https://*.qualified.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

client-registry.mutinycdn.com
distillery.wistia.com
embed-ssl.wistia.com
fast.wistia.com
fast.wistia.net
pipedream.wistia.com
securityscorecard.com
securityscorecard.io
151.101.193.91
18.239.83.114
18.239.83.123
18.239.83.31
2600:9000:211a:c600:3:471f:5240:93a1
2600:9000:2127:a00:1e:c86:4140:93a1
2606:4700::6810:e250
2a04:4e42:200::644
2a04:4e42::644
02891874c4c037f51fa74ad54b41e4e639268ce1077c548de78e2105b3e0997a
052d3817719fc86219418bf51ae42bd10992abc1c1361775dff5ed817890d8f7
1e8ad18758a85e15cbce4b8c0a5660deae163da6d401c234eab4a94a33233441
20207f8699af8737bf9f46710c1b1f5c47fc415be5429a98bef048ea61e61e3f
24f190f48754ad5156b04df5cf84dfddc2128f9bdd6e9576c54ac4761426fef5
24f7cd37795b4af931607af4069fd1e34441fe2999a4ded68c13f3e76197bb84
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
330500899472c1b6c7b9e5edf989c405e724cf8456aa496e3b1de415a72cf271
331f47ce48ff071f760155a77ea8faa838d0cd74de39d58fedf83da7e84d7754
33befdbbb24930584f5ac94ea3117adcd56518f20ab1619d05de83ffd1821d38
3d4aa24480a35d317f6f923ef76bf197925a3233ebc832ab581c6f137b9b5f18
3fb2726371ab41b9e4d23aff5e1d8cad44002caef28f9f411cbe01593da72993
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
4f376a5c926534af39ad5d555c11e0d3eeb0631ee3f6463d7b215a91ed3cddb9
4f7ca1115c94399ea320398be65a7161195a68b88401da436b49538ac43168d1
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
6e9aa9bddeafd03b0ed2063fe07c15474dfee72099ea0253941b389867732773
6f569085d96229ea9eca0dd042598c4eb7e073fa07dc6690bfa6b8cb18c1ee82
718512f78febfcdb91a04b52c39ff5dc211ca1154a87bba2a0b1ff58cef86768
787d76ad6deab67ccf8bac1b584260205e114f508fc5542b612e3f75d49a34e4
7cda5b77a5c2ee85e33b58455deb4981b2392ac1d5cf068b887c34d2be66478a
807f40e8b45de929b80b67bca96d069d92e98e82e1226b74a02b999bbf51d85a
863ecdd486daa7c01c39de8c8f826494eb59bc5934aeac9e12ae95d0a087eefa
8749ab73fdc91646819d0f0da0afac1767a70f4648fa48d96271b324ec36c255
87782f52c106b75b3c7ccab1593e7e75548f808a4e09523e0f97978fda3b6226
8d611cb90bb5b9c517d07fc054cd2b4fc50d483408a3b508ffeac995ed443a99
8e4560c16c7970efa47680450b2cf239d4a482c056d308acea12bb9022906c8b
98268caef9cf3e84607bee1cbbbb2e0eec717a000b75644d105af448f29c9a57
9848c2b9876412fea5190df4f4d889716dd894e6ceb7f0e8f9e8d67c78dbe552
9956843e6bcd1ca47a15a97ccabeb09d5255c051829af54ad6d3c14bbc096fa2
9ce6dfd8b9ae531aa3d8f38a857471be1e39dd48ce9ddeea10970e4af04fe64e
9fb2b02a51a7782c4f3a1dbd0b7302ba017232ad354fe857ecceffa02260c662
a5ffb3a207fd89390bcde47e9ff53ba38a7f7f0d94271d93eb59b124abf1be1f
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
af775b0fb96d313548dc6ea038442bff17e69830b6b9eb4a9243503ebd50a1f2
b111f8428eb3e546332bc98fb5246e0a1a56fa44a6c723bc7b1e98f66fe47b89
b13d0f383b73b14ba36483e67de27cdb14f2f3efb8707037bedfd072fd117f06
b66bc9f26b4acd84feaf9e762fcb38d6a23160fca2a67a2fddab3d2ca1d8ee06
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be1825e52a0dc7df04df9322f62abe2a2f2a25d98aac186de0140dfc7f6bdcae
be6782a8a0617c64e1eaf887f6771ac1e4ead25232ffcf133e5cba77b7379e76
c457915b5bf54d6c728b61bfb7b6971be9a4dd3c9f97dd7eed37781f27bd8011
cd433b611f32b584fc0971178dd4a13ef3c590a75fea6a911f7cabb009424934
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
da9bade2098ce2a0a3ffde33a83ed4d15fcd8129c2c62a88c682c113a84afb7e
dd870101ad4e95d687a2eb734707b0dd7c20808f76d7be77a71a5d13cf99401c
e066164beb96bd639e1527291c69d86e4441c7aa77ba7b25833b7fd518343b38
e3d653cf287a3212e8c5f8d68f2af6563d062b2aaf37348d0b1c5c1798dc22a0
e41df036e157428f6b0a354d91e3f12936ce211ab4d5cfb451f16972c924e360
e6f16f4ab63f651884b2de233f0d5c66f472c9b5ffa6b7bfd02fc78a150334a6
ecdade75e33531d7c9f40bffb211c688f867355ad8a2e1ca14ecd8064965bdb0
f9e949444351d3067ec1e36b9d62daf65316e59d5cf3f1f19cbdb44c6e491591
fdd8d1cf387ce7af0aaa13703613978fdc0d306802eadb1ebb5d3aba2afe8145
fe2d7250cc0730dc655721c5fa4bf5236dcabdf57f8593e8fe2096a42c0c8baf