urlscan.io logo urlscan.io
SecurityTrails logo

sundayapp.io Open in urlscan Pro
34.107.245.192  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://sundayapp.io/
Effective URL: https://sundayapp.io/
Submission: On April 30 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 34.107.245.192, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is sundayapp.io.
TLS certificate: Issued by R3 on March 14th 2024. Valid for: 3 months.
This is the only time sundayapp.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 34.107.245.192 396982 (GOOGLE-CL...)
4 151.101.66.132 54113 (FASTLY)
2 52.89.214.102 16509 (AMAZON-02)
15 4
Apex Domain
Subdomains		 Transfer
8 sundayapp.io
sundayapp.io
905 KB
6 amplitude.com
api.lab.amplitude.com — Cisco Umbrella Rank: 4102
api2.amplitude.com — Cisco Umbrella Rank: 1163
2 KB
15 2
Domain Requested by
8 sundayapp.io sundayapp.io
4 api.lab.amplitude.com sundayapp.io
2 api2.amplitude.com sundayapp.io
15 3

This site contains links to these domains. Also see Links.

Domain
sundayapp.com
Subject Issuer Validity Valid
sundayapp.io
R3		 2024-03-14 -
2024-06-12		 3 months crt.sh
*.lab.amplitude.com
GlobalSign Atlas R3 DV TLS CA 2023 Q4		 2023-11-29 -
2024-12-30		 a year crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2024-01-31 -
2025-03-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sundayapp.io/
Frame ID: 180031463D1AC16FEBD1D18EB7707075
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

sunday - pay faster

Page URL History Show full URLs

  1. http://sundayapp.io/ HTTP 307
    https://sundayapp.io/ Page URL

Page Statistics

15
Requests

93 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

907 kB
Transfer

2951 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sundayapp.io/ HTTP 307
    https://sundayapp.io/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
sundayapp.io/
Redirect Chain
  • http://sundayapp.io/
  • https://sundayapp.io/
28 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sundayapp.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.245.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.245.107.34.bc.googleusercontent.com
Software
/
Resource Hash
e3cfc9d571a5224bc07c014b6cf769e23aa5d2956a4409d8a744372c2ab43785
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob: ; connect-src 'self' https://api.lab.amplitude.com/ https://api2.amplitude.com/ https://m.stripe.com/ https://r.stripe.com/ https://js.checkout.com/framesv2/log https://*.logs.datadoghq.eu/ https://*.browser-intake-datadoghq.eu/ https://browser-intake-datadoghq.eu/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaselogging-pa.googleapis.com/v1/firelog/legacy/log https://firebaseinstallations.googleapis.com/v1/projects/ https://firebaseremoteconfig.googleapis.com/v1/projects/ https://securetoken.googleapis.com/v1/token https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://identitytoolkit.googleapis.com/v1/ https://*.smartlook.com https://*.smartlook.cloud https://www.google-analytics.com/ https://auth.alpha.sundayapp.xyz/ https://sunday-eu-alpha.eu.auth0.com/ https://auth.sundayapp.io/ https://sunday-eu-production.eu.auth0.com/ https://edge.api.flagsmith.com/ https://play.google.com/ https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://google.com/pay https://www.google.com/pay https://pay.google.com/ https://api.sundayapp.io https://api.vpos.sundayapp.io https://api.refresh-bill.sundayapp.io https://api.payment.sundayapp.io https://api.voucher.sundayapp.io https://api.billing.sundayapp.io https://api.receipt.sundayapp.io https://api.user-account.sundayapp.io https://api.venue-feedback.sundayapp.io https://api.loyalty-dispatcher.sundayapp.io https://api.consent-manager.sundayapp.io https://api.menu-back-end.sunday.cloud https://api.payment-terminal.sunday.cloud https://fp.sundayapp.io https://grpc.vpos.sundayapp.io https://webhooks.sundayapp.io/b2c-analytics/ingest https://api.paygreen.fr/ https://api.checkout.com/tokens ; default-src 'self' ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ ; frame-src * ; img-src 'self' data: https://www.google.com/images/cleardot.gif https://firebasestorage.googleapis.com/v0/b/ https://storage.googleapis.com/public-sunday-production/ blob: https://s.gravatar.com/ https://cdn.auth0.com/avatars/ https://*.googleusercontent.com/ https://*.wp.com/cdn.auth0.com/avatars/ https://www.gstatic.com/ https://media.zelty.fr https://*.amazonaws.com/ http://*.amazonaws.com/ https://api.sundayapp.io https://api.menu-back-end.sunday.cloud https://storage.googleapis.com/menu-pictures-sunday-production/ ; object-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io/v2/ https://js.stripe.com/ https://www.googletagmanager.com/gtag/ https://apis.google.com/ https://pay.google.com/gp/p/js/pay.js https://core.spreedly.com/iframe/iframe-v1.min.js https://cdn.checkout.com/js/framesv2.min.js https://www.google.com/maps/api/js/ https://www.gstatic.com/ https://fpnpmcdn.net/ https://*.smartlook.com https://*.smartlook.cloud https://pgjs.paygreen.fr/ ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ ; worker-src 'self' blob: ;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
child-src 'self' blob: ; connect-src 'self' https://api.lab.amplitude.com/ https://api2.amplitude.com/ https://m.stripe.com/ https://r.stripe.com/ https://js.checkout.com/framesv2/log https://*.logs.datadoghq.eu/ https://*.browser-intake-datadoghq.eu/ https://browser-intake-datadoghq.eu/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaselogging-pa.googleapis.com/v1/firelog/legacy/log https://firebaseinstallations.googleapis.com/v1/projects/ https://firebaseremoteconfig.googleapis.com/v1/projects/ https://securetoken.googleapis.com/v1/token https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://identitytoolkit.googleapis.com/v1/ https://*.smartlook.com https://*.smartlook.cloud https://www.google-analytics.com/ https://auth.alpha.sundayapp.xyz/ https://sunday-eu-alpha.eu.auth0.com/ https://auth.sundayapp.io/ https://sunday-eu-production.eu.auth0.com/ https://edge.api.flagsmith.com/ https://play.google.com/ https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://google.com/pay https://www.google.com/pay https://pay.google.com/ https://api.sundayapp.io https://api.vpos.sundayapp.io https://api.refresh-bill.sundayapp.io https://api.payment.sundayapp.io https://api.voucher.sundayapp.io https://api.billing.sundayapp.io https://api.receipt.sundayapp.io https://api.user-account.sundayapp.io https://api.venue-feedback.sundayapp.io https://api.loyalty-dispatcher.sundayapp.io https://api.consent-manager.sundayapp.io https://api.menu-back-end.sunday.cloud https://api.payment-terminal.sunday.cloud https://fp.sundayapp.io https://grpc.vpos.sundayapp.io https://webhooks.sundayapp.io/b2c-analytics/ingest https://api.paygreen.fr/ https://api.checkout.com/tokens ; default-src 'self' ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ ; frame-src * ; img-src 'self' data: https://www.google.com/images/cleardot.gif https://firebasestorage.googleapis.com/v0/b/ https://storage.googleapis.com/public-sunday-production/ blob: https://s.gravatar.com/ https://cdn.auth0.com/avatars/ https://*.googleusercontent.com/ https://*.wp.com/cdn.auth0.com/avatars/ https://www.gstatic.com/ https://media.zelty.fr https://*.amazonaws.com/ http://*.amazonaws.com/ https://api.sundayapp.io https://api.menu-back-end.sunday.cloud https://storage.googleapis.com/menu-pictures-sunday-production/ ; object-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io/v2/ https://js.stripe.com/ https://www.googletagmanager.com/gtag/ https://apis.google.com/ https://pay.google.com/gp/p/js/pay.js https://core.spreedly.com/iframe/iframe-v1.min.js https://cdn.checkout.com/js/framesv2.min.js https://www.google.com/maps/api/js/ https://www.gstatic.com/ https://fpnpmcdn.net/ https://*.smartlook.com https://*.smartlook.cloud https://pgjs.paygreen.fr/ ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ ; worker-src 'self' blob: ;
content-type
text/html
date
Tue, 30 Apr 2024 11:11:59 GMT
last-modified
Mon, 29 Apr 2024 15:44:57 GMT
permissions-policy
accelerometer=(), autoplay=(), camera=(self), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(self "https://pay.google.com/gp/p/js/pay.js" "https://js.stripe.com"), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
referrer-policy
strict-origin
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-rtt
6

Redirect headers

Location
https://sundayapp.io/
Non-Authoritative-Reason
HttpsUpgrades
config.js
sundayapp.io/config/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sundayapp.io/config/config.js
Requested by
Host: sundayapp.io
URL: https://sundayapp.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.245.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.245.107.34.bc.googleusercontent.com
Software
/
Resource Hash
052c11b87b04d9eee2a52d16127f94f4681c7de06d1ac1cad7d18655f388702b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://sundayapp.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 11:11:59 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
last-modified
Tue, 30 Apr 2024 08:55:55 GMT
via
1.1 google
vary
Accept-Encoding
content-type
application/javascript
x-rtt
8
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
index-CcMFKzRs.js
sundayapp.io/assets/ 		488 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sundayapp.io/assets/index-CcMFKzRs.js
Requested by
Host: sundayapp.io
URL: https://sundayapp.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.245.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.245.107.34.bc.googleusercontent.com
Software
/
Resource Hash
c551197e95c55d1c8331ec050fdb920727d24a070cc1f00ccf95c34e16fc5cbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://sundayapp.io/
Origin
https://sundayapp.io
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
date
Mon, 29 Apr 2024 16:15:31 GMT
via
1.1 google
age
68188
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
133517
last-modified
Mon, 29 Apr 2024 15:44:57 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://sundayapp.io
x-rtt
8
cache-control
max-age=31536000
access-control-allow-credentials
true
expires
Tue, 29 Apr 2025 16:15:31 GMT
vendor-C6IQLpmV.js
sundayapp.io/assets/ 		2 MB
666 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sundayapp.io/assets/vendor-C6IQLpmV.js
Requested by
Host: sundayapp.io
URL: https://sundayapp.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.245.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.245.107.34.bc.googleusercontent.com
Software
/
Resource Hash
9d4186c055b4294fa5d1ef01124a3db06e6002b903f8790aa5a6e24fa161b669
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://sundayapp.io/
Origin
https://sundayapp.io
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
date
Mon, 29 Apr 2024 13:59:13 GMT
via
1.1 google
last-modified
Mon, 29 Apr 2024 13:12:55 GMT
age
76366
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://sundayapp.io
x-rtt
8
cache-control
max-age=31536000
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 29 Apr 2025 13:59:13 GMT
index-BtI-TTbZ.css
sundayapp.io/assets/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sundayapp.io/assets/index-BtI-TTbZ.css
Requested by
Host: sundayapp.io
URL: https://sundayapp.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.245.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.245.107.34.bc.googleusercontent.com
Software
/
Resource Hash
c876b5fa85a4028e9fd390749c41a988e8b14e257ec27f6b68458fbbe83143cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://sundayapp.io/
Origin
https://sundayapp.io
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
date
Fri, 26 Apr 2024 07:36:07 GMT
via
1.1 google
age
358552
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5110
last-modified
Fri, 26 Apr 2024 07:05:08 GMT
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
https://sundayapp.io
x-rtt
8
cache-control
max-age=31536000
access-control-allow-credentials
true
expires
Sat, 26 Apr 2025 07:36:07 GMT
vardata
api.lab.amplitude.com/sdk/v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/v2/vardata?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-amp-exp-user
Access-Control-Request-Method
GET
Origin
https://sundayapp.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
authorization,x-amp-exp-user
access-control-allow-methods
GET,POST,HEAD
access-control-allow-origin
https://sundayapp.io
access-control-max-age
1800
age
1621
cache-control
no-store
content-length
0
date
Tue, 30 Apr 2024 11:12:00 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Origin,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amzn-trace-id
Root=1-6630cbaa-578d87ef699e1f4116dac18c
x-cache
HIT
x-cache-hits
157
x-content-type-options
nosniff
x-served-by
cache-fra-etou8220121-FRA
x-timer
S1714475520.080531,VS0,VE0
vardata
api.lab.amplitude.com/sdk/v2/ 		2 KB
675 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/v2/vardata?v=0
Requested by
Host: sundayapp.io
URL: https://sundayapp.io/assets/vendor-C6IQLpmV.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2ed2d4ea6aa968a07bf1b97e14b169ad37027695cc52083efd6427cb57b1cfed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
X-Amp-Exp-User
eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS4xMC4wIiwibGFuZ3VhZ2UiOiJlbi1VUyIsInBsYXRmb3JtIjoiV2ViIiwib3MiOiJDaHJvbWUgMTI0IiwiZGV2aWNlX21vZGVsIjoiV2luZG93cyIsImRldmljZV9pZCI6ImYwZjM3NzI5LWY3NDctNDM5OS1iNmQ4LTIwOTExNDBjOGE2MSIsInVzZXJfcHJvcGVydGllcyI6e319
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Authorization
Api-Key client-9yF6QBOMb0in2Wmrjmokp6GHnPo9OSul
Referer
https://sundayapp.io/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 11:12:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
0
x-cache
MISS
content-length
527
x-served-by
cache-fra-etou8220121-FRA
x-timer
S1714475520.087139,VS0,VE208
x-amzn-trace-id
Root=1-6630d200-0d52443015d0162d0ee091e9
vary
Origin, Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://sundayapp.io
cache-control
no-store
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
en_US-B3Ti6nNo.js
sundayapp.io/assets/ 		63 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sundayapp.io/assets/en_US-B3Ti6nNo.js
Requested by
Host: sundayapp.io
URL: https://sundayapp.io/assets/index-CcMFKzRs.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.245.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.245.107.34.bc.googleusercontent.com
Software
/
Resource Hash
fa6adeee205895c3580998f65f4c286ccd9f12a8b754add3984ad937e2d6534c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://sundayapp.io/
Origin
https://sundayapp.io
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
date
Mon, 29 Apr 2024 13:58:37 GMT
via
1.1 google
age
76403
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17567
last-modified
Mon, 29 Apr 2024 13:12:55 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://sundayapp.io
x-rtt
6
cache-control
max-age=31536000
access-control-allow-credentials
true
expires
Tue, 29 Apr 2025 13:58:37 GMT
vardata
api.lab.amplitude.com/sdk/v2/ 		2 KB
593 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/v2/vardata?v=0
Requested by
Host: sundayapp.io
URL: https://sundayapp.io/assets/vendor-C6IQLpmV.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2ed2d4ea6aa968a07bf1b97e14b169ad37027695cc52083efd6427cb57b1cfed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
X-Amp-Exp-User
eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS4xMC4wIiwibGFuZ3VhZ2UiOiJlbi1VUyIsInBsYXRmb3JtIjoiV2ViIiwib3MiOiJDaHJvbWUgMTI0IiwiZGV2aWNlX21vZGVsIjoiV2luZG93cyIsImRldmljZV9pZCI6ImYwZjM3NzI5LWY3NDctNDM5OS1iNmQ4LTIwOTExNDBjOGE2MSIsInVzZXJfcHJvcGVydGllcyI6e319
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Authorization
Api-Key client-9yF6QBOMb0in2Wmrjmokp6GHnPo9OSul
Referer
https://sundayapp.io/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 11:12:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
0
x-cache
HIT
content-length
527
x-served-by
cache-fra-etou8220121-FRA
x-timer
S1714475520.304745,VS0,VE1
x-amzn-trace-id
Root=1-6630d200-0d52443015d0162d0ee091e9
vary
Origin, Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://sundayapp.io
cache-control
no-store
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
1
favicon.png
sundayapp.io/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://sundayapp.io/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.245.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.245.107.34.bc.googleusercontent.com
Software
/
Resource Hash
48b2078a991154e618cbed828168a0c54333cf0e279681f962f6bf4dad1b8283
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://sundayapp.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
via
1.1 google
x-content-type-options
nosniff
date
Tue, 30 Apr 2024 07:45:42 GMT
last-modified
Mon, 29 Apr 2024 15:44:53 GMT
age
12378
content-type
image/png
x-rtt
6
cache-control
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3677
expires
Wed, 30 Apr 2025 07:45:42 GMT
home-page-image.png
sundayapp.io/images/ 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sundayapp.io/images/home-page-image.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.245.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.245.107.34.bc.googleusercontent.com
Software
/
Resource Hash
360f9425dfa218adc3f0f8c0825cd1965f7697cb0c0f4c4e0586c09efc1562c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://sundayapp.io/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
via
1.1 google
x-content-type-options
nosniff
date
Fri, 26 Apr 2024 08:23:10 GMT
last-modified
Fri, 26 Apr 2024 07:39:12 GMT
age
355730
content-type
image/png
x-rtt
9
cache-control
max-age=31536000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67708
expires
Sat, 26 Apr 2025 08:23:10 GMT
b1572f6d-e892-4556-ab3e-24cc092f745c
https://sundayapp.io/ 		2 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://sundayapp.io/b1572f6d-e892-4556-ab3e-24cc092f745c
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
58763412c3a28933886d961ee282e33be311ebb239509e94b7de687316937d5d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length
2235
Content-Type
application/javascript
vardata
api.lab.amplitude.com/sdk/v2/ 		2 KB
622 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.lab.amplitude.com/sdk/v2/vardata?v=0
Requested by
Host: sundayapp.io
URL: https://sundayapp.io/assets/vendor-C6IQLpmV.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.132 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2ed2d4ea6aa968a07bf1b97e14b169ad37027695cc52083efd6427cb57b1cfed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
X-Amp-Exp-User
eyJsaWJyYXJ5IjoiZXhwZXJpbWVudC1qcy1jbGllbnQvMS4xMC4wIiwibGFuZ3VhZ2UiOiJlbi1VUyIsInBsYXRmb3JtIjoiV2ViIiwib3MiOiJDaHJvbWUgMTI0IiwiZGV2aWNlX21vZGVsIjoiV2luZG93cyIsImRldmljZV9pZCI6ImYwZjM3NzI5LWY3NDctNDM5OS1iNmQ4LTIwOTExNDBjOGE2MSIsInVzZXJfcHJvcGVydGllcyI6eyJzY3JlZW5XaWR0aCI6MTYwMCwic2NyZWVuSGVpZ2h0IjoxMjAwfX0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Authorization
Api-Key client-9yF6QBOMb0in2Wmrjmokp6GHnPo9OSul
Referer
https://sundayapp.io/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 11:12:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
0
x-cache
MISS
content-length
527
x-served-by
cache-fra-etou8220121-FRA
x-timer
S1714475520.312461,VS0,VE171
x-amzn-trace-id
Root=1-6630d200-0272cf8a3a0367454567daf3
vary
Origin, Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://sundayapp.io
cache-control
no-store
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
httpapi
api2.amplitude.com/2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.89.214.102 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-89-214-102.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://sundayapp.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
*
access-control-max-age
86400
content-length
0
date
Tue, 30 Apr 2024 11:12:01 GMT
strict-transport-security
max-age=15768000
httpapi
api2.amplitude.com/2/ 		94 B
309 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Requested by
Host: sundayapp.io
URL: https://sundayapp.io/assets/vendor-C6IQLpmV.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.89.214.102 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-89-214-102.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
3706d49759ddf1931ec448987de679a422a53bc75bae6dfcc8c3ca18a48a5518
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
*/*
Referer
https://sundayapp.io/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 11:12:01 GMT
strict-transport-security
max-age=15768000
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
trace-id
Root=1-6630d201-361bd48c7e5d454154e86fea
content-length
94

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| sundayEnv function| fallbackCopyTextToClipboard function| copyTextToClipboard function| getNowUtc number| loadStart object| scanId object| ssid object| pwd object| brandColor object| accentColor object| logo object| brandLogo object| logoToken string| url function| sendEvent function| clearImmediate function| setImmediate object| DD_LOGS string| __reactRouterVersion object| __REACT_INTL_CONTEXT__ object| DD_RUM object| analyticsConnectorInstances number| coldStartIsAt number| coldStartTime boolean| networkWasSlowOnAppStartup boolean| slowNetwork

3 Cookies

Domain/Path Name / Value
.sundayapp.io/ Name: AMP_MKTG_b86256eb50
Value: JTdCJTdE
.sundayapp.io/ Name: AMP_b86256eb50
Value: JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJmMGYzNzcyOS1mNzQ3LTQzOTktYjZkOC0yMDkxMTQwYzhhNjElMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0NDc1NTIwMDQyJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDQ3NTUyMDEyOCUyQyUyMmxhc3RFdmVudElkJTIyJTNBMyUyQyUyMnBhZ2VDb3VudGVyJTIyJTNBMCU3RA==
sundayapp.io/ Name: _dd_s
Value: logs=1&id=9f0ae298-9750-4224-9f37-fd136c9578b7&created=1714475520030&expire=1714476420032&rum=1

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy child-src 'self' blob: ; connect-src 'self' https://api.lab.amplitude.com/ https://api2.amplitude.com/ https://m.stripe.com/ https://r.stripe.com/ https://js.checkout.com/framesv2/log https://*.logs.datadoghq.eu/ https://*.browser-intake-datadoghq.eu/ https://browser-intake-datadoghq.eu/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaselogging-pa.googleapis.com/v1/firelog/legacy/log https://firebaseinstallations.googleapis.com/v1/projects/ https://firebaseremoteconfig.googleapis.com/v1/projects/ https://securetoken.googleapis.com/v1/token https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://identitytoolkit.googleapis.com/v1/ https://*.smartlook.com https://*.smartlook.cloud https://www.google-analytics.com/ https://auth.alpha.sundayapp.xyz/ https://sunday-eu-alpha.eu.auth0.com/ https://auth.sundayapp.io/ https://sunday-eu-production.eu.auth0.com/ https://edge.api.flagsmith.com/ https://play.google.com/ https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://google.com/pay https://www.google.com/pay https://pay.google.com/ https://api.sundayapp.io https://api.vpos.sundayapp.io https://api.refresh-bill.sundayapp.io https://api.payment.sundayapp.io https://api.voucher.sundayapp.io https://api.billing.sundayapp.io https://api.receipt.sundayapp.io https://api.user-account.sundayapp.io https://api.venue-feedback.sundayapp.io https://api.loyalty-dispatcher.sundayapp.io https://api.consent-manager.sundayapp.io https://api.menu-back-end.sunday.cloud https://api.payment-terminal.sunday.cloud https://fp.sundayapp.io https://grpc.vpos.sundayapp.io https://webhooks.sundayapp.io/b2c-analytics/ingest https://api.paygreen.fr/ https://api.checkout.com/tokens ; default-src 'self' ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ ; frame-src * ; img-src 'self' data: https://www.google.com/images/cleardot.gif https://firebasestorage.googleapis.com/v0/b/ https://storage.googleapis.com/public-sunday-production/ blob: https://s.gravatar.com/ https://cdn.auth0.com/avatars/ https://*.googleusercontent.com/ https://*.wp.com/cdn.auth0.com/avatars/ https://www.gstatic.com/ https://media.zelty.fr https://*.amazonaws.com/ http://*.amazonaws.com/ https://api.sundayapp.io https://api.menu-back-end.sunday.cloud https://storage.googleapis.com/menu-pictures-sunday-production/ ; object-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io/v2/ https://js.stripe.com/ https://www.googletagmanager.com/gtag/ https://apis.google.com/ https://pay.google.com/gp/p/js/pay.js https://core.spreedly.com/iframe/iframe-v1.min.js https://cdn.checkout.com/js/framesv2.min.js https://www.google.com/maps/api/js/ https://www.gstatic.com/ https://fpnpmcdn.net/ https://*.smartlook.com https://*.smartlook.cloud https://pgjs.paygreen.fr/ ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ ; worker-src 'self' blob: ;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN