origin.goodleap.com Open in urlscan Pro
76.76.21.123  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request f6d7b61f6631419b8a75e06c15e80f34 Show response origin.goodleap.com/loan-form/	3 KB 2 KB	112ms 70ms	Document text/html	76.76.21.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash 1dc58b0df87f755f2bf13ec00edaa368fa643a35b8ee276632c709b621e4d37b Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-origin * age 126137 cache-control s-maxage=0 cf-cache-status DYNAMIC cf-ray 806a0446a7d32c37-FRA content-disposition inline; filename="index.html" content-encoding br content-type text/html; charset=utf-8 date Thu, 14 Sep 2023 16:30:49 GMT etag W/"6dad8d074aa3c62d4c9e54cebc80008e" server Vercel strict-transport-security max-age=63072000 x-vercel-cache HIT x-vercel-id fra1:fra1:fra1::6vwzs-1694709049367-fc86900683d4
GET H2	200	css2 fonts.googleapis.com/	7 KB 1 KB	38ms 18ms	Stylesheet text/css	2a00:1450:4001:831::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap Requested by Host: origin.goodleap.com URL: https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2a6d7a06a4458b56f188177654688a18648aaf4800feee0a4a09a858f46bc920 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 14 Sep 2023 16:30:49 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Thu, 14 Sep 2023 14:59:18 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 14 Sep 2023 16:30:49 GMT
GET H2	200	runtime.min.js Show response cdn.jsdelivr.net/npm/regenerator-runtime@0.13.7/	7 KB 3 KB	36ms 19ms	Script application/javascript	2606:4700::6810:5714 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/regenerator-runtime@0.13.7/runtime.min.js Requested by Host: origin.goodleap.com URL: https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 587bbee639da5a2f097ba99b12ffd33e10a64378b29624945b8ab3a5514d5107 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 17654209 x-jsd-version 0.13.7 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230046-FRA, cache-jnb7022-JNB x-jsd-version-type version server cloudflare etag W/"1a73-bnmptAFfOvFXhGrxwrCcGHiq7DM" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IV6U%2BiVESUHF5OEXNexVWf9%2FLUrScIXlgSzWsnLEqofxEAjaRa5m%2FZfOwhs8epFg5pE0aS5FnR9WyjTsgwzAYUABwlgDAlzMIrEfrQE8iiJVpSj8ALG1B3WLKGmTExMlmJk8pChUpb8Uf0S5RA4%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 806a04471f401c97-FRA
GET H2	200	import-map-overrides.js Show response cdn.jsdelivr.net/npm/import-map-overrides@2.2.0/dist/	44 KB 13 KB	39ms 22ms	Script application/javascript	2606:4700::6810:5714 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/import-map-overrides@2.2.0/dist/import-map-overrides.js Requested by Host: origin.goodleap.com URL: https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d1252b23b5ba7cd633182ea88889403fbaa292ba571ff676844e75a512cbb604 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 17654209 x-jsd-version 2.2.0 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230113-FRA, cache-jnb7022-JNB x-jsd-version-type version server cloudflare etag W/"af61-/QXMy/3aRblSUh1Rz5IDzUNVYkI" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BEpMUthaZoDvmTqhykUI6e%2BVV%2FLrDfLdjJAdaQ%2BnNHMEA7ACQlzBBJtzn03tnf0BIm0TUKOjaA78yYXTXGpnF5GlzuO72TXK7q8EhlUMqIamBzLDKFbFb7TNU4hUiikmzOd9kwh88MRaTTvnND8%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 806a04471f421c97-FRA
GET H2	200	system.min.js Show response cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/	11 KB 5 KB	39ms 23ms	Script application/javascript	2606:4700::6810:5714 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js Requested by Host: origin.goodleap.com URL: https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash faf458dcada028341e6c98a52f71067328fb710a51d0f3acb69df9dbe93619af Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 17654209 x-jsd-version 6.8.3 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230042-FRA, cache-jnb7025-JNB x-jsd-version-type version server cloudflare etag W/"2d8f-vNLePrR3zcdZpnqBy/hzJsUTIac" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcK%2BqtTjQzA77jM%2FCmDJQcMm6OEwf1O6jrMxCNDpppk%2B5uZRAd7gDgVGAkmJvw9jlWurFFuLYtyZ6mSle6o23315e%2ByZjxxtmGzfvB8ftOZ1Hl6K%2BnEcbq02%2BW%2BW%2FQpWrHjSV92MEm43JtfeB7c%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 806a04471f441c97-FRA
GET H2	200	amd.min.js Show response cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/extras/	2 KB 1 KB	36ms 20ms	Script application/javascript	2606:4700::6810:5714 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/extras/amd.min.js Requested by Host: origin.goodleap.com URL: https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0d4fb1b44c663281b646f71734a9655cb49ae083857eb7cc704c5fadfd2b47a9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 9367257 x-jsd-version 6.8.3 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230026-FRA, cache-yyz4534-YYZ x-jsd-version-type version server cloudflare etag W/"665-BQHyV2OT0XsgsHcuM1F7Bi7HRVI" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZyitXJuTlSE90EWhFlFoOFEqrxFF5HDi4zmAPgGgWNEXVMEhnY0KHT%2F7cQG1l%2Fy%2Bkf9dymqlF2jBjXiyYvhaUD%2F%2BaU1pJCRjFOLq5yQxpgtHSpYKdB%2FU61mki0irAAHAhbNkJXEZXOUU9EDSXZY%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 806a04471f451c97-FRA
GET H2	200	js Show response maps.googleapis.com/maps/api/	190 KB 65 KB	76ms 55ms	Script text/javascript	2a00:1450:4001:830::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/js?key=AIzaSyB7OE1UF0s8-7a-zQ_-cdDGUWhMwxm8UkM&libraries=places&callback=Function.prototype Requested by Host: origin.goodleap.com URL: https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash a2966ef0bde26dec1926240bec4237b2c48bf031221f0b3aa3b71896568de8c6 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT content-encoding gzip x-content-type-options nosniff server scaffolding on HTTPServer2 vary Accept-Language, Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control public, max-age=1800 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 65737 x-xss-protection 0
GET H2	200	feedback.js Show response vercel.live/_next-live/feedback/	588 KB 95 KB	63ms 26ms	Script application/javascript	76.76.21.9 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vercel.live/_next-live/feedback/feedback.js Requested by Host: origin.goodleap.com URL: https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 76.76.21.9 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash 35b556be250f9ec0c2b50190f1cf8e4757f9ca0ef2539884f82d73d88aa34f90 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT content-encoding br strict-transport-security max-age=63072000 server Vercel x-vercel-id fra1::n68t4-1694709049535-2f8ccd90fe0d age 150 x-matched-path /_next-live/feedback/feedback.js etag W/"cabca8f5c6bb48edf9f5513dc203119e" x-vercel-cache HIT content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public,max-age=60,stale-while-revalidate=600 content-disposition inline; filename="feedback.js" x-robots-tag noindex
GET H2	200	importmap.prod.json Show response origin.goodleap.com/	1 KB 506 B	9ms 9ms	Fetch application/json	76.76.21.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://origin.goodleap.com/importmap.prod.json?t=1694582040870 Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash e0af273f3618ba44248c195dca937583fe562c14431a49b23222b762a0e2e1ef Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT content-encoding br strict-transport-security max-age=63072000 server Vercel x-vercel-id fra1::6vwzs-1694709049500-5dbc26f9dc58 age 126142 etag W/"90db955d5cbce8ffa5e9ef9b8b8b459c" x-vercel-cache HIT content-type application/json; charset=utf-8 access-control-allow-origin * cache-control public, max-age=0, must-revalidate content-disposition inline; filename="importmap.prod.json"
GET H2	200	gtm.js Show response www.googletagmanager.com/	113 KB 44 KB	42ms 21ms	Script application/javascript	2a00:1450:4001:812::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-N26SS29 Requested by Host: origin.goodleap.com URL: https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 40e0e19ec3ffc2c02bddf07b959cd56215231bde0e434af9f2b87fb25a52ec76 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 45023 x-xss-protection 0 last-modified Thu, 14 Sep 2023 15:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 14 Sep 2023 16:30:49 GMT
GET H2	200	pendo.js Show response cdn.pendo.io/agent/static/635ebd9b-d463-42ac-78a6-f0e23cb2f861/	452 KB 149 KB	161ms 110ms	Script application/javascript	2600:9000:223f:1400:1f:aa31:7740:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.pendo.io/agent/static/635ebd9b-d463-42ac-78a6-f0e23cb2f861/pendo.js Requested by Host: origin.goodleap.com URL: https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223f:1400:1f:aa31:7740:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software UploadServer / Resource Hash 858d22e639e9890bd82f36860d16b22752fb59ce71cb913b167a52313c456e16 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT content-encoding gzip via 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P5 x-guploader-uploadid ADPycdsbYcdKQHPa3mB7Gx5pdcL7G4WsXIRpOi-rQjbjs0OcZ_H3bbny12z64jpQxTAGLFVRc21z6fac0k-Ni1EJhkGybti6zLOP x-cache RefreshHit from cloudfront x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding gzip content-length 151420 last-modified Mon, 11 Sep 2023 19:07:31 GMT server UploadServer etag "38476f1e5a42d3898ca34ddf88148cdb" vary Accept-Encoding x-goog-generation 1694459251493819 content-type application/javascript access-control-allow-origin * x-goog-hash crc32c=BiwWrg==, md5=OEdvHlpC04mMo03fiBSM2w== access-control-expose-headers * cache-control max-age=450 x-goog-stored-content-length 151420 accept-ranges bytes x-amz-cf-id sugxdDQEsidJo7_VUpDzKb4GLAUr2iqqW3BBcxwKTrrxXYU_h5FvKA== expires Thu, 14 Sep 2023 16:38:19 GMT
GET H2	200	goodleap-origin-shell.js Show response origin.goodleap.com/	18 KB 6 KB	9ms 9ms	Script application/javascript	76.76.21.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://origin.goodleap.com/goodleap-origin-shell.js?t=1694582040870 Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash e3b422b14cc7bc913fbe852c8d1f4bde3ec0d47f1c7ce8800e6fd148e8bd115c Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT content-encoding br strict-transport-security max-age=63072000 server Vercel x-vercel-id fra1::6vwzs-1694709049511-9bea7257a781 age 126142 etag W/"001ad6e1cb48137ac189c3db9177fa10" x-vercel-cache HIT content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=0, must-revalidate content-disposition inline; filename="goodleap-origin-shell.js"
GET H3	200	single-spa.min.js Show response cdn.jsdelivr.net/npm/single-spa@5.9.3/lib/system/	20 KB 7 KB	34ms 22ms	Script application/javascript	2606:4700::6810:5714 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/single-spa@5.9.3/lib/system/single-spa.min.js Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 286a8fbf1188c97fb1574a646b6d2af554ac2ea32b071fb2921ca4cd482a5fe6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://origin.goodleap.com/ Origin https://origin.goodleap.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 6861479 x-jsd-version 5.9.3 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230116-FRA, cache-yyz4568-YYZ x-jsd-version-type version server cloudflare etag W/"5059-6mV7BcBdT9y8Iy4rAJ9TJE/TIbw" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTLtlH0TKSlL7twnpJ3XzlnOjmfYQuDdzq3iXNvWTj%2FailkbtzaTT8611VMmOv9K0eE6YeKMudCOvpnUubsMERPUfIJZTHPBMwnvhFIPL1X%2FPjXOaHwYyQUDCla3XrVCfKwjBIRqPLGFrjmm0WY%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 806a0447993d3830-FRA
GET H2	200	js Show response www.googletagmanager.com/gtag/	237 KB 83 KB	27ms 26ms	Script application/javascript	2a00:1450:4001:812::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-60K3KSPKHN&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-N26SS29 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 3c95e5b7190e91daf774dc758dc1a63f9af8372b72911c4ac60d855d6d664342 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 84800 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 14 Sep 2023 16:30:49 GMT
GET H2	404	goodleap-origin-mfe.js origin-mfe.goodleap.com/	0 0	661ms 564ms	Script application/xml	18.165.242.128 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://origin-mfe.goodleap.com/goodleap-origin-mfe.js?t=1694582040870 Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.165.242.128 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-165-242-128.lhr61.r.cloudfront.net Software AmazonS3 / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self';font-src 'self' fonts.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: data.pendo.io *.amazonaws.com *.gstatic.com *.googleapis.com *.googletagmanager.com;frame-ancestors 'self';child-src 'self' *.medallia.com *.amazoncognito.com *.pendo.io;connect-src 'self' data: ws: blob: *.goodleap.services *.alfax-blue.local *.alfax-green.local *.loanpal.services *.loanpal.com *.goodleap.com *.pndsn.com *.launchdarkly.com *.cloudfront.net *.googleapis.com *.gstatic.com *.google-analytics.com *.pendo.io *.amazonaws.com *.bugsnag.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:* *.googletagmanager.com *.googleapis.com *.pendo.io cdn.jsdelivr.net;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:* *.googletagmanager.com *.googleapis.com *.pendo.io cdn.jsdelivr.net *.goodleap.com *.launchdarkly.com; Request headers Referer https://origin.goodleap.com/ Origin https://origin.goodleap.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT via 1.1 a3f6a09ce0b2cec8cd66e141dd4234ba.cloudfront.net (CloudFront) content-security-policy default-src 'self';font-src 'self' fonts.gstatic.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: data.pendo.io *.amazonaws.com *.gstatic.com *.googleapis.com *.googletagmanager.com;frame-ancestors 'self';child-src 'self' *.medallia.com *.amazoncognito.com *.pendo.io;connect-src 'self' data: ws: blob: *.goodleap.services *.alfax-blue.local *.alfax-green.local *.loanpal.services *.loanpal.com *.goodleap.com *.pndsn.com *.launchdarkly.com *.cloudfront.net *.googleapis.com *.gstatic.com *.google-analytics.com *.pendo.io *.amazonaws.com *.bugsnag.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:* *.googletagmanager.com *.googleapis.com *.pendo.io cdn.jsdelivr.net;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:* *.googletagmanager.com *.googleapis.com *.pendo.io cdn.jsdelivr.net *.goodleap.com *.launchdarkly.com; server AmazonS3 x-amz-cf-pop LHR61-P6 x-cache Error from cloudfront content-type application/xml access-control-allow-origin * x-amz-cf-id oUPgVn43l52qcFhN8DmY-GHTBbmAVhpU2P4vkuHGXPRr7SffGUJKqw==
OPTIONS H2	204	/ origin.goodleap.com/	0 0	12ms 11ms	Fetch	76.76.21.123 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://origin.goodleap.com/ Requested by Host: vercel.live URL: https://vercel.live/_next-live/feedback/feedback.js Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/loan-form/f6d7b61f6631419b8a75e06c15e80f34 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT cache-control public, max-age=0, must-revalidate strict-transport-security max-age=63072000 server Vercel content-disposition inline x-vercel-id fra1::zsf2w-1694709049585-4a0bd11acc65 x-vercel-cache MISS
GET H3	200	gen_204 Show response maps.googleapis.com/maps/api/mapsjs/	3 B 45 B	40ms 26ms	XHR application/json	2a00:1450:4001:830::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyB7OE1UF0s8-7a-zQ_-cdDGUWhMwxm8UkM&libraries=places&callback=Function.prototype Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers date Thu, 14 Sep 2023 16:30:49 GMT content-encoding gzip x-content-type-options nosniff server scaffolding on HTTPServer2 vary Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type application/json; charset=UTF-8 access-control-allow-origin https://origin.goodleap.com access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23 x-xss-protection 0
POST H2	204	collect region1.google-analytics.com/g/	0 256 B	35ms 14ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-60K3KSPKHN&gtm=45je39b0&_p=802067703&cid=291106385.1694709050&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1694709049&sct=1&seg=0&dl=https%3A%2F%2Forigin.goodleap.com%2Floan-form%2Ff6d7b61f6631419b8a75e06c15e80f34&dt=&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-60K3KSPKHN&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://origin.goodleap.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.187 Safari/537.36 Response headers pragma no-cache date Thu, 14 Sep 2023 16:30:49 GMT server Golfe2 content-type text/plain access-control-allow-origin https://origin.goodleap.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| runtime object| regeneratorRuntime object| System function| define object| dataLayer object| pendo object| google_tag_manager object| google_tag_data function| singleSpaNavigate object| google object| module$exports$mapsapi$geometry$spherical object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView function| onYouTubeIframeAPIReady object| gaGlobal

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.goodleap.com/	1970-01-21 00:21:09	Name: _ga Value: GA1.1.291106385.1694709050
			.goodleap.com/	1970-01-21 00:21:09	Name: _ga_60K3KSPKHN Value: GS1.1.1694709049.1.0.1694709049.0.0.0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://origin-mfe.goodleap.com/goodleap-origin-mfe.js?t=1694582040870 Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdn.pendo.io
fonts.googleapis.com
maps.googleapis.com
origin-mfe.goodleap.com
origin.goodleap.com
region1.google-analytics.com
vercel.live
www.googletagmanager.com
18.165.242.128
2001:4860:4802:32::36
2600:9000:223f:1400:1f:aa31:7740:93a1
2606:4700::6810:5714
2a00:1450:4001:812::2008
2a00:1450:4001:830::200a
2a00:1450:4001:831::200a
76.76.21.123
76.76.21.9
0d4fb1b44c663281b646f71734a9655cb49ae083857eb7cc704c5fadfd2b47a9
1dc58b0df87f755f2bf13ec00edaa368fa643a35b8ee276632c709b621e4d37b
286a8fbf1188c97fb1574a646b6d2af554ac2ea32b071fb2921ca4cd482a5fe6
2a6d7a06a4458b56f188177654688a18648aaf4800feee0a4a09a858f46bc920
35b556be250f9ec0c2b50190f1cf8e4757f9ca0ef2539884f82d73d88aa34f90
3c95e5b7190e91daf774dc758dc1a63f9af8372b72911c4ac60d855d6d664342
40e0e19ec3ffc2c02bddf07b959cd56215231bde0e434af9f2b87fb25a52ec76
587bbee639da5a2f097ba99b12ffd33e10a64378b29624945b8ab3a5514d5107
858d22e639e9890bd82f36860d16b22752fb59ce71cb913b167a52313c456e16
a2966ef0bde26dec1926240bec4237b2c48bf031221f0b3aa3b71896568de8c6
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d1252b23b5ba7cd633182ea88889403fbaa292ba571ff676844e75a512cbb604
e0af273f3618ba44248c195dca937583fe562c14431a49b23222b762a0e2e1ef
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b422b14cc7bc913fbe852c8d1f4bde3ec0d47f1c7ce8800e6fd148e8bd115c
faf458dcada028341e6c98a52f71067328fb710a51d0f3acb69df9dbe93619af