alfursan.saudia.com Open in urlscan Pro
154.91.0.2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://alfursan.saudiairlines.com/
Effective URL:
https://alfursan.saudia.com/
Submission: On July 26 via manual (July 26th 2022, 12:47:53 pm UTC) from SA — Scanned from DE

Summary HTTP 75 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 75 HTTP transactions. The main IP is 154.91.0.2, located in Saudi Arabia and belongs to NOURNET-ASN, SA. The main domain is alfursan.saudia.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 20th 2022. Valid for: a year.

This is the only time alfursan.saudia.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	217.12.225.98 217.12.225.98	48932 (SV-TAMKEEN) (SV-TAMKEEN)
57	154.91.0.2 154.91.0.2	29684 (NOURNET-ASN) (NOURNET-ASN)
7	157.133.93.136 157.133.93.136	199928 (SAP_DC_RUH) (SAP_DC_RUH)
10	23.35.237.2 23.35.237.2	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.212.156.205 52.212.156.205	16509 (AMAZON-02) (AMAZON-02)
75	4

1 217.12.225.98 (Saudi Arabia) 1 redirects

ASN48932 (SV-TAMKEEN, SA)

alfursan.saudiairlines.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

57 154.91.0.2 (Saudi Arabia)

ASN29684 (NOURNET-ASN, SA)

alfursan.saudia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 157.133.93.136 (United States)

ASN199928 (SAP_DC_RUH, DE)

clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.35.237.2 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-2.deploy.static.akamaitechnologies.com

cdns.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdns.eu1.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.156.205 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-156-205.eu-west-1.compute.amazonaws.com

accounts.eu1.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	saudia.com alfursan.saudia.com	4 MB
11	gigya.com cdns.gigya.com — Cisco Umbrella Rank: 6449 cdns.eu1.gigya.com — Cisco Umbrella Rank: 16247 accounts.eu1.gigya.com — Cisco Umbrella Rank: 29306	295 KB
7	ondemand.com clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com	20 KB
1	saudiairlines.com 1 redirects alfursan.saudiairlines.com — Cisco Umbrella Rank: 82739	131 B
75	4

	Domain	Requested by
57	alfursan.saudia.com	alfursan.saudia.com
9	cdns.eu1.gigya.com	alfursan.saudia.com cdns.gigya.com cdns.eu1.gigya.com
7	clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com	alfursan.saudia.com
1	accounts.eu1.gigya.com	cdns.eu1.gigya.com
1	cdns.gigya.com	alfursan.saudia.com
1	alfursan.saudiairlines.com	1 redirects
75	6

This site contains links to these domains. Also see Links.

Domain
www.saudia.com
www.facebook.com
twitter.com

Subject Issuer	Validity	Valid
alfursan.saudia.com Sectigo RSA Domain Validation Secure Server CA	`2022-07-20` - `2023-07-20`	a year	crt.sh
*.dispatcher.sa1.hana.ondemand.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-03` - `2023-05-03`	a year	crt.sh
cdns.gigya.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-04`	a year	crt.sh
*.eu1.gigya.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-02` - `2023-03-05`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://alfursan.saudia.com/
Frame ID: A1E48BE1AE35E2387290D3245D8920AF
Requests: 66 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d&version=latest&build=13273
Frame ID: 09257E560A65CB0173A6B2D80A523A5B
Requests: 3 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273
Frame ID: B33993CEF83EBFCF169928D8441011EF
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273
Frame ID: 85D0F643F74C53F3DFCEF22308169EF7
Requests: 2 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273
Frame ID: CA94CEBD7CFD4FDD9023E000A29AE966
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

الصفحة الرئيسية | نسخة تجريبية | CLM Member Portal

Page URL History Show full URLs

http://alfursan.saudiairlines.com/ HTTP 302
https://alfursan.saudia.com/ Page URL

Detected technologies

SAP Customer Data Cloud Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

\.gigya\.com/JS/gigya\.js

Page Statistics

75
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

4
IPs

4
Countries

4371 kB
Transfer

7029 kB
Size

9
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.saudia.com/loyalty-program/alfursan-partners/alfursan-partners
Title: شركاء البرنامج

Search URL Search Domain Scan URL

URL: https://www.saudia.com/loyalty-program/news-and-offers/partner-offers
Title: عروض الشركاء

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SaudiArabianAirlines

Search URL Search Domain Scan URL

URL: https://twitter.com/saudi_airlines

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://alfursan.saudiairlines.com/ HTTP 302
https://alfursan.saudia.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

75 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
alfursan.saudia.com/
Redirect Chain

http://alfursan.saudiairlines.com/
https://alfursan.saudia.com/

4 KB
6 KB

399ms
95ms

Document
text/html

154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

f2da630e4328dcc63afcc3b9a9167b5a4023f993981e9d779c75816c8fdba2b9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Length: 3784
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Content-Type: text/html
Date: Tue, 26 Jul 2022 12:47:43 GMT
Expires: Wed, 12 Jan 1980 05:00:00 GMT
Keep-Alive: timeout=5, max=500
Last-Modified: Wed, 23 Mar 2022 13:01:12 GMT
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Pragma: no-cache
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Location: https://alfursan.saudia.com
Server: BigIP

GET
H/1.1 200
OK FrutigerLTStd%20Roman.otf
alfursan.saudia.com/assets/fonts/frutigerLTStd-Roman/ 27 KB
29 KB 94ms
93ms Font
font/otf 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/assets/fonts/frutigerLTStd-Roman/FrutigerLTStd%20Roman.otf

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

0c6449a1ab705eb93617f7400991cb90be26b681e5480f71ead2477918d53da1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://alfursan.saudia.com/
Origin: https://alfursan.saudia.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:43 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 27328
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Wed, 23 Mar 2022 13:01:12 GMT
Server: Apache
ETag: "6ac0-5dae252e8bf65"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: font/otf
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=499

GET
H/1.1 200
OK runtime-es2015.b4f2140d8f1c999ffe15.js Show response
alfursan.saudia.com/ 5 KB
5 KB 257ms
85ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/runtime-es2015.b4f2140d8f1c999ffe15.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

26eca746332599e8b5f4d79a9bfef4dd7852a4d53fb8d2c14675cdddc422ab71

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://alfursan.saudia.com/
Origin: https://alfursan.saudia.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 2407
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:04:21 GMT
Server: Apache
ETag: "967-5e2779de451a1"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=500

GET
H/1.1 200
OK polyfills-es2015.a2136f146314802d8bbc.js Show response
alfursan.saudia.com/ 68 KB
25 KB 277ms
92ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

a44738d6e38f66597bbf7a0bd1565758e095c1d23110270c87f0edb32796b06c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://alfursan.saudia.com/
Origin: https://alfursan.saudia.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 23165
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:04:21 GMT
Server: Apache
ETag: "5a7d-5e2779de40768"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=498

GET
H/1.1 200
OK scripts.efb3a561e703fb73c86a.js Show response
alfursan.saudia.com/ 149 KB
49 KB 273ms
98ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/scripts.efb3a561e703fb73c86a.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

1ddee4f29955dae8db980e28f1e022db1cdd6b1ce137307ef329e76ae22e92b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 47694
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:04:21 GMT
Server: Apache
ETag: "ba4e-5e2779de49021"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=500

GET
H/1.1 200
OK main-es2015.9256694c61491c98fbcf.js Show response
alfursan.saudia.com/ 2 MB
478 KB 279ms
89ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/main-es2015.9256694c61491c98fbcf.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

cfaaee0b1f780788e6b33cb3801a720352a1d3291835a85752d26a1848087191

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://alfursan.saudia.com/
Origin: https://alfursan.saudia.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 487224
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:38:45 GMT
Server: Apache
ETag: "76f38-5e27818ec54b6"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=500

GET
H/1.1 200
OK loader.df9d72d17bc36bc69486.css
alfursan.saudia.com/ 735 B
3 KB 296ms
104ms Stylesheet
text/css 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/loader.df9d72d17bc36bc69486.css

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

f33b263d91b4d754bddccf3d56585e2c7bf097cdbe17d5fce6c40986db617cbb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 366
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:38:45 GMT
Server: Apache
ETag: "16e-5e27818e6b730"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: text/css
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=500

GET
H/1.1 200
OK styles.4d2096e866e1d10bb079.css
alfursan.saudia.com/ 261 KB
31 KB 140ms
101ms Stylesheet
text/css 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/styles.4d2096e866e1d10bb079.css

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

c62645aca2551ed7823edd2b2f70ff083292c3378fa060c8d944c8ca5d14bf7b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 28763
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:04:20 GMT
Server: Apache
ETag: "705b-5e2779dd895a8"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: text/css
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=500

GET
H/1.1 200
OK runtime.json Show response
alfursan.saudia.com/assets/ 2 KB
4 KB 467ms
466ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/assets/runtime.json

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

8574ef85b8d07095312132795eb41daed52f63b83b08e2577242c33f0b0f5429

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 1829
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=499
Pragma: no-cache
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Wed, 23 Mar 2022 13:01:18 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Expires: Wed, 12 Jan 1980 05:00:00 GMT

GET
H/1.1 200
OK languagesConfiguration Show response
alfursan.saudia.com/ccms-api-mp/ 223 B
1 KB 93ms
92ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/languagesConfiguration

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

880c203fe71aae7a9fe9d509d797394405fb35d22d801b5236e8b558c1219788

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi01
Connection: Keep-Alive
Content-Length: 223
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"df-hcGY2Lkib5K6qL8ZOGgYKx6VNC0"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Keep-Alive: timeout=5, max=498

GET
H/1.1 200
OK parameters Show response
alfursan.saudia.com/ccms-api-mp/ 7 KB
8 KB 102ms
102ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/parameters

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

cb9c4f38cbde5e3fefef69ce893d4d7b4016f4b10f974a69c76ad635b433e999

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Connection: Keep-Alive
Content-Length: 6956
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"1b2c-mVmDA/Ko38eKebbDkAQ3trRrkgo"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Keep-Alive: timeout=5, max=499

GET
H/1.1 200 DATE_FORMAT_SHORT Show response
alfursan.saudia.com/b2c/parameters/ 124 B
3 KB 107ms
107ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/b2c/parameters/DATE_FORMAT_SHORT

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

0ca94d0cd943a7887651713e853988063690f9cbe1dcaf76c0a4fbb734f47d25

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Transfer-Encoding: chunked
X-CLM-API-Method-Name: getParameter
APPROADMAP: p02-b2c02
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
X-Server-Time: 2022-07-26T12:47:45.231Z[UTC]
X-CLM-API-Resource-Name: dictionaryResource
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-CLM-API-Service-Name: dictionary
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json;charset=UTF-8
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Keep-Alive: timeout=5, max=499
Expires: 0

GET
H/1.1 200 DATE_FORMAT_LONG Show response
alfursan.saudia.com/b2c/parameters/ 129 B
3 KB 112ms
112ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/b2c/parameters/DATE_FORMAT_LONG

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

98f302734ec7e5224c48973c03bdf9084ea38ce42877b2475f91c9e0fe85524e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Transfer-Encoding: chunked
X-CLM-API-Method-Name: getParameter
APPROADMAP: p01-b2c04
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
X-Server-Time: 2022-07-26T12:47:45.231Z[UTC]
X-CLM-API-Resource-Name: dictionaryResource
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-CLM-API-Service-Name: dictionary
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json;charset=UTF-8
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Keep-Alive: timeout=5, max=499
Expires: 0

GET
H/1.1 200
OK ar Show response
alfursan.saudia.com/ccms-api-mp/languages/ 101 KB
102 KB 114ms
114ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/languages/ar

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

314f7213bb930439ff85cf82612e19e2ecc524caa0908830c1fdfe0c95d586d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi02
Connection: Keep-Alive
Content-Length: 103541
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"19475-b+qUrxnu0yTI+bsVn6MuqRJY/Kg"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Keep-Alive: timeout=5, max=497

GET
H/1.1 200
OK 623-es2015.ff1db75b9f1e82cf521f.js Show response
alfursan.saudia.com/ 17 KB
7 KB 97ms
97ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/623-es2015.ff1db75b9f1e82cf521f.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/runtime-es2015.b4f2140d8f1c999ffe15.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

900ec7adf1dba063a784e036fd179190352b9e6283c6c8db0ca9491b4bcd8bdd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 4237
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:38:45 GMT
Server: Apache
ETag: "108d-5e27818e9a533"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=496

GET
H/1.1 200
OK 789-es2015.b54aa0018cdb24f37b12.js Show response
alfursan.saudia.com/ 31 KB
10 KB 117ms
116ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/789-es2015.b54aa0018cdb24f37b12.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/runtime-es2015.b4f2140d8f1c999ffe15.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

391d6931f5a3dda0a3c04379df2581742d63b79676d3b173c8e66e7d0532aff1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 7375
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:38:45 GMT
Server: Apache
ETag: "1ccf-5e27818eaa704"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=498

GET
H/1.1 200
OK 584-es2015.fe5cdf85dd23a626b83b.js Show response
alfursan.saudia.com/ 13 KB
6 KB 112ms
111ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/584-es2015.fe5cdf85dd23a626b83b.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/runtime-es2015.b4f2140d8f1c999ffe15.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

dca6b6debc4632b7325bf9967bb27a089385ea265242611e394b64a599d05cc0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 3510
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:04:21 GMT
Server: Apache
ETag: "db6-5e2779ddd5c57"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=498

GET
H/1.1 200
OK 206-es2015.1abdbadd3e3bb882e2af.js Show response
alfursan.saudia.com/ 41 KB
9 KB 106ms
105ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/206-es2015.1abdbadd3e3bb882e2af.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/runtime-es2015.b4f2140d8f1c999ffe15.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

a777bced46286fb8236d27d6bf6a237cf419f8002fd2fb069ba683e88360de2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 6759
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:04:20 GMT
Server: Apache
ETag: "1a67-5e2779ddb4144"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=498

GET
H/1.1 200
OK common-es2015.5008faa2ccf606cb007f.js Show response
alfursan.saudia.com/ 13 KB
6 KB 102ms
101ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/common-es2015.5008faa2ccf606cb007f.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/runtime-es2015.b4f2140d8f1c999ffe15.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

0d38724409a1f8caa54afe0c512ff1d794e43c93c49983f3aa5ffbbf1e56ad24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 3565
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:04:21 GMT
Server: Apache
ETag: "ded-5e2779de1f426"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=497

GET
H/1.1 200
OK 97-es2015.845b15a334d8b79522ca.js Show response
alfursan.saudia.com/ 41 KB
11 KB 95ms
95ms Script
application/javascript 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/97-es2015.845b15a334d8b79522ca.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/runtime-es2015.b4f2140d8f1c999ffe15.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

ae71a9e6566eccf13c04ec5ecda8fbc7e8e6dbd41b2aa31668eb136ffd416d32

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-encoding
Content-Length: 8639
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 28 Jun 2022 01:04:21 GMT
Server: Apache
ETag: "21bf-5e2779de18e95"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/javascript
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=499

GET
H/1.1 200 attributes Show response
alfursan.saudia.com/b2c/ 2 B
3 KB 127ms
126ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/b2c/attributes?code=CMP_BASKET_ITEMS

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Transfer-Encoding: chunked
X-CLM-API-Method-Name: getAttributesDefinitions
APPROADMAP: p01-b2c02
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
X-Total-Count: 0
X-Server-Time: 2022-07-26T12:47:45.607Z[UTC]
X-CLM-API-Resource-Name: attributesResource
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-CLM-API-Service-Name: profile
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json;charset=UTF-8
Pragma: no-cache
X-Total-Count-Limited: false
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Keep-Alive: timeout=5, max=497
Expires: 0

GET
H/1.1 200 dictionaries Show response
alfursan.saudia.com/b2c/ 9 KB
11 KB 131ms
131ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/b2c/dictionaries?dic=%22COUNTRIES%22&dic=%22TITLES%22

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

2b915fcbb2141ef2c367aedf8c4001f1241b912e266516a1d8c1626bdcd68e28

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:44 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Transfer-Encoding: chunked
X-CLM-API-Method-Name: getDictionaries
APPROADMAP: p02-b2c02
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
X-Total-Count: 2
X-Server-Time: 2022-07-26T12:47:45.612Z[UTC]
X-CLM-API-Resource-Name: commonResource
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
X-CLM-API-Service-Name: dictionary
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json;charset=UTF-8
Pragma: no-cache
X-Total-Count-Limited: false
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Keep-Alive: timeout=5, max=497
Expires: 0

GET
H/1.1 200 programs Show response
alfursan.saudia.com/b2c/ 90 B
3 KB 109ms
108ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/b2c/programs?status=A

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

e13079b30e0f997bb0597e275b4f93446f8b226a6bb8f88f2970256782ff1a7d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Transfer-Encoding: chunked
X-CLM-API-Method-Name: getPrograms
APPROADMAP: p02-b2c01
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
X-Total-Count: 1
X-Server-Time: 2022-07-26T12:47:45.605Z[UTC]
X-CLM-API-Resource-Name: programsResource
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json;charset=UTF-8
Pragma: no-cache
X-Total-Count-Limited: false
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Keep-Alive: timeout=5, max=497
Expires: 0

GET
H/1.1 200 styles.css
clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/css/ 43 KB
7 KB 363ms
91ms Stylesheet
text/css 157.133.93.136
SAP_DC_RUH

General

Check archive.org

Show headers Download Go to

Full URL

https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/css/styles.css

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/main-es2015.9256694c61491c98fbcf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

157.133.93.136 , United States, ASN199928 (SAP_DC_RUH, DE),

Reverse DNS

Software

SAP /

Resource Hash

ee832d89a6340645aa8e2dc1182caa79c24937be3a893372428b99822febbf26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
Server: SAP
ETag: W/"cb4fd73ff6cd51ce5c289ddff69025939eca7295"
vary: accept-encoding
Content-Type: text/css
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Keep-Alive: timeout=20

GET
H/1.1 200 screensets-events.js Show response
clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/ 9 KB
3 KB 365ms
91ms Script
application/javascript 157.133.93.136
SAP_DC_RUH

General

Check archive.org

Show headers Download Go to

Full URL

https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/screensets-events.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/main-es2015.9256694c61491c98fbcf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

157.133.93.136 , United States, ASN199928 (SAP_DC_RUH, DE),

Reverse DNS

Software

SAP /

Resource Hash

1fcce48a158a3e9070827540ed37772a93fa4421eadfa61d8e29844e90d9a766

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
Server: SAP
ETag: W/"cb4fd73ff6cd51ce5c289ddff69025939eca7295"
vary: accept-encoding
Content-Type: application/javascript
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Keep-Alive: timeout=20

GET
H/1.1 200
OK member_menu Show response
alfursan.saudia.com/ccms-api-mp/navigations/name/ 2 KB
3 KB 106ms
106ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/navigations/name/member_menu?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

675496a70841edc52edd91520fe934bab10479c39b48662485b2d993efb4f23c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Connection: Keep-Alive
Content-Length: 2129
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"851-p4zyhk9BVob7PvoaGEWla10IR34"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=496

GET
H/1.1 200
OK header_menu Show response
alfursan.saudia.com/ccms-api-mp/navigations/name/ 705 B
2 KB 101ms
101ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/navigations/name/header_menu?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

a42962c2ecfb0be6dd865d813882a732417ca5b2b707e8911c6cb78ba3c1cd25

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi01
Connection: Keep-Alive
Content-Length: 705
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"2c1-LOpYYeF9A4DEKX4aK36z0LNkVCc"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=495

GET
H/1.1 200
OK homepage_menu Show response
alfursan.saudia.com/ccms-api-mp/navigations/name/ 1 KB
2 KB 100ms
100ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/navigations/name/homepage_menu?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

58cc08ea0a5c6ae8e25fc71f8d0772245828cc35def7cdad439c98e36e89be26

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Connection: Keep-Alive
Content-Length: 1035
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"40b-9Kzuvgq72xTZ+I8gc4KtKa2tuhk"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=498

GET
H/1.1 200
OK main-carousel Show response
alfursan.saudia.com/ccms-api-mp/carousels/alias/ 4 KB
5 KB 196ms
105ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/carousels/alias/main-carousel?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

d15703e2a3204d72ae269e8d634ff027347eb30b9564be3ff55524453914174f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Connection: Keep-Alive
Content-Length: 3912
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"f48-CdEDqUpeMMS6UWcZbLjWYqYkAh8"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=496

GET
H/1.1 200
OK cmp.svg Show response
alfursan.saudia.com/assets/svg/ 47 KB
49 KB 180ms
88ms XHR
image/svg+xml 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/assets/svg/cmp.svg

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

4663e78a16a0ea8f8b9938e6ad8e05e2d25033f3242784d5894972ae90a03200

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Wed, 23 Mar 2022 13:01:11 GMT
Server: Apache
ETag: "ba71-5dae252e87679"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Connection: Keep-Alive
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Content-Length: 47729
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=494

GET
H/1.1 200
OK carousel-background.jpg
alfursan.saudia.com/assets/images/homepage/ 51 KB
53 KB 169ms
87ms Image
image/jpeg 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/assets/images/homepage/carousel-background.jpg

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/styles.4d2096e866e1d10bb079.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

09dd722982137a484f45f555e1bd7e1bb17f7d54da8817ff0395b084db9774f6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/styles.4d2096e866e1d10bb079.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Wed, 23 Mar 2022 13:01:12 GMT
Server: Apache
ETag: "cb7a-5dae252e8bb7d"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Connection: Keep-Alive
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Content-Length: 52090
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=497

GET
H/1.1 200
OK ajax-loader.fb6f3c230cb846e25247.gif
alfursan.saudia.com/ 4 KB
6 KB 176ms
94ms Image
image/gif 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ajax-loader.fb6f3c230cb846e25247.gif

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/styles.4d2096e866e1d10bb079.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/styles.4d2096e866e1d10bb079.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Wed, 23 Mar 2022 13:01:12 GMT
Server: Apache
ETag: "1052-5dae252e8bb7d"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/gif
X-XSS-Protection: 1; mode=block
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Connection: Keep-Alive
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Content-Length: 4178
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=495

GET
H/1.1 200
OK footer_menu Show response
alfursan.saudia.com/ccms-api-mp/navigations/name/ 1 KB
2 KB 183ms
109ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/navigations/name/footer_menu?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

90787df007542f7d28883d50da38bb5d93361972cce399b75f86f300ad302f10

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi01
Connection: Keep-Alive
Content-Length: 1043
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"413-jW5RNTvkyCv08QQ0xRz/mSNqhkM"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=496

GET
H/1.1 200
OK find-us-on-social-medias Show response
alfursan.saudia.com/ccms-api-mp/pages/alias/ 682 B
2 KB 183ms
104ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/pages/alias/find-us-on-social-medias?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

d92de5fdc9a8c4b7a0c32dc06d41af58c8dce78ab8be714bc72f7d56ceb2850f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Connection: Keep-Alive
Content-Length: 682
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"2aa-PTCll4XzOR7f/TzYBjkD8kh3rm4"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=496

GET
H/1.1 200
OK mobile-apps Show response
alfursan.saudia.com/ccms-api-mp/pages/alias/ 191 B
1 KB 251ms
91ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/pages/alias/mobile-apps?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

2e34126dc1490c8afcb799781658380add28250ca493f888501d4c96ffd5c82d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi02
Connection: Keep-Alive
Content-Length: 191
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"bf-Szy290389oYj3allXXQ/+0DhfDc"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=493

GET
H/1.1 200
OK logo-footer
alfursan.saudia.com/ccms-api-mp/attachments/download/ 4 KB
5 KB 252ms
103ms Image
image/png 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/logo-footer

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

b1c0277ea69dacd0d36dc672f33573456f692cba41093508f0abdc86cfde45c9

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Content-disposition: inline;filename*=UTF-8''saudia-logo-white.png
Connection: Keep-Alive
Content-Length: 3840
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=495
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK logo
alfursan.saudia.com/ccms-api-mp/attachments/download/ 4 KB
5 KB 248ms
101ms Image
image/png 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/logo

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

b1c0277ea69dacd0d36dc672f33573456f692cba41093508f0abdc86cfde45c9

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Content-disposition: inline;filename*=UTF-8''saudia-logo-white.png
Connection: Keep-Alive
Content-Length: 3840
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=494
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK reasons-to-join-section Show response
alfursan.saudia.com/ccms-api-mp/pages/alias/ 2 KB
3 KB 214ms
108ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/pages/alias/reasons-to-join-section?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

c186154be0ec958264ce9fc9e5a0cc8d4e13a172ac753ac33c5ea9a55f022a0c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi01
Connection: Keep-Alive
Content-Length: 1831
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"727-tM2XeUoOCk+bntW1T9BYv1U5cdo"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=495

GET
H/1.1 200
OK how-it-works-html-section Show response
alfursan.saudia.com/ccms-api-mp/pages/alias/ 3 KB
4 KB 209ms
105ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/pages/alias/how-it-works-html-section?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

8409d3109955831f2af3c99e1d7ed796475cd73398f1159cfb0e84249246947a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Connection: Keep-Alive
Content-Length: 3311
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"cef-dDFATNRCDbpGRvLqZkXMwFyg0Ns"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=495

GET
H/1.1 200
OK partner-html-section Show response
alfursan.saudia.com/ccms-api-mp/pages/alias/ 4 KB
5 KB 252ms
89ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/pages/alias/partner-html-section?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

461cca4ca2ed17f067ef01dbcf4c30761f5f47972816705513574bcfec7006bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Connection: Keep-Alive
Content-Length: 4214
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"1076-eCdXe3JUT5Bj4F9sZs9TUF/dR74"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=496

GET
H/1.1 200
OK elite-status-html-section Show response
alfursan.saudia.com/ccms-api-mp/pages/alias/ 10 KB
12 KB 260ms
91ms XHR
application/json 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://alfursan.saudia.com/ccms-api-mp/pages/alias/elite-status-html-section?language=ar-SA

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

e28bf96bb4aaa4e4b30bcfa19aa8a5462e15506ebcdb2f542bf3efdedce5118b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://alfursan.saudia.com/
Authorization: ccmsApiKey
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi02
Connection: Keep-Alive
Content-Length: 10618
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: W/"297a-rbRd/YrHr4hi6TGjftN3Ma9Sfsc"
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Language: ar-SA
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; form-action 'none'; child-src 'none'; object-src 'none'; connect-src 'self' ; base-uri 'self'; frame-ancestors 'none'; worker-src 'self'; frame-src 'none'; manifest-src 'self'; media-src 'self'; prefetch-src 'self'; upgrade-insecure-requests
Content-Type: application/json; charset=utf-8
Keep-Alive: timeout=5, max=492

GET
H/1.1 200
OK benifits-ar__large_.jpg
alfursan.saudia.com/ccms-api-mp/attachments/download/ 242 KB
243 KB 221ms
110ms Image
image/jpeg 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/benifits-ar__large_.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

6443505c4954c0b40c5274505d6b9d4cfdf6c056a5eb9d696b8846cce7ca1dc7

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Content-disposition: inline;filename*=UTF-8''Benifits-ar%20(Large).jpg
Connection: Keep-Alive
Content-Length: 247562
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=494
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK benifits2-ar__large_.jpg
alfursan.saudia.com/ccms-api-mp/attachments/download/ 319 KB
320 KB 191ms
100ms Image
image/jpeg 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/benifits2-ar__large_.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

920019e5c314b6ca5b43eae9d3297d70fe214a1b51c0213644cf8c386c0a7cff

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Content-disposition: inline;filename*=UTF-8''Benifits2-ar%20(Large).jpg
Connection: Keep-Alive
Content-Length: 326786
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=493
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK family-ar__large_.jpg
alfursan.saudia.com/ccms-api-mp/attachments/download/ 259 KB
260 KB 208ms
114ms Image
image/jpeg 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/family-ar__large_.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

721c43c2d1c508325ef50619687b7a8e2bc60c47660df709f8a7a99496c3bdd2

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Content-disposition: inline;filename*=UTF-8''Family-ar%20(Large).jpg
Connection: Keep-Alive
Content-Length: 264859
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=494
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK right-arrow.svg
alfursan.saudia.com/assets/images/svg/ 337 B
3 KB 234ms
122ms Image
image/svg+xml 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/assets/images/svg/right-arrow.svg

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/styles.4d2096e866e1d10bb079.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

b409fca76771b37ad3becb86dc013d2c224e33e833da1a735e2d2932282fcb88

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/styles.4d2096e866e1d10bb079.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Wed, 23 Mar 2022 13:01:11 GMT
Server: Apache
ETag: "151-5dae252e85738"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Connection: Keep-Alive
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Content-Length: 337
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=494

GET
H/1.1 200
OK left-arrow.svg
alfursan.saudia.com/assets/images/svg/ 332 B
3 KB 238ms
85ms Image
image/svg+xml 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/assets/images/svg/left-arrow.svg

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/styles.4d2096e866e1d10bb079.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

a1c1950ed304c62e808ec4efcecefe5d071acb8e9d3cc618d66c8822f7cfbac1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/styles.4d2096e866e1d10bb079.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Wed, 23 Mar 2022 13:01:12 GMT
Server: Apache
ETag: "14c-5dae252e8bb7d"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=()
Content-Security-Policy: frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://*.gigya.com https://paypages.payment.amadeus.com; child-src https://*.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://*.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Connection: Keep-Alive
Access-Control-Allow-Headers: x-requested-with,authorization,content-type,program_id,X-CLM-Program-Id,X-CLM-Program-Code,X-CLM-Channel,X-CLM-OTP-Token,id_token
Content-Length: 332
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=495

GET
H/1.1 200
OK footer-facebook
alfursan.saudia.com/ccms-api-mp/attachments/download/ 559 B
1 KB 99ms
99ms Image
image/png 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/footer-facebook

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

71c81abc729e0fb59aa5291202e16020123cbe863e045a7fde23303b61bb770e

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Content-disposition: inline;filename*=UTF-8''footer-facebook.png
Connection: Keep-Alive
Content-Length: 559
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=494
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK footer-facebook-hover
alfursan.saudia.com/ccms-api-mp/attachments/download/ 694 B
2 KB 91ms
90ms Image
image/png 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/footer-facebook-hover

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

f6d6c371e6febf623f1356c632602ae4d2c99666af348540f1187ff391c2ce0b

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Content-disposition: inline;filename*=UTF-8''footer-facebook-hover.png
Connection: Keep-Alive
Content-Length: 694
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=493
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK footer-twitter
alfursan.saudia.com/ccms-api-mp/attachments/download/ 673 B
2 KB 95ms
94ms Image
image/png 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/footer-twitter

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

f235ba5668976e21c9a6b8a145d3a07ef9ea7222766e4d288bcab88a1ce5fa94

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Content-disposition: inline;filename*=UTF-8''footer-twitter.png
Connection: Keep-Alive
Content-Length: 673
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=492
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK footer-twitter-hover
alfursan.saudia.com/ccms-api-mp/attachments/download/ 810 B
2 KB 92ms
92ms Image
image/png 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/footer-twitter-hover

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

c25aa0979250029ec77672463c5a3ca0913ec6abc356fd9de86ef0cfa6f9c3fb

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Content-disposition: inline;filename*=UTF-8''footer-twitter-hover.png
Connection: Keep-Alive
Content-Length: 810
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=491
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK how-it-works-arabic.webp
alfursan.saudia.com/ccms-api-mp/attachments/download/ 47 KB
48 KB 110ms
109ms Image
image/webp 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/how-it-works-arabic.webp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

1d89337d2f770330764da7803eefb04ee524136908dda59e4e3206111dad608a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Content-disposition: inline;filename*=UTF-8''how-it-works-arabic.webp
Connection: Keep-Alive
Content-Length: 47926
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=493
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK mazaya_saudia_633__large_.webp
alfursan.saudia.com/ccms-api-mp/attachments/download/ 337 KB
338 KB 128ms
95ms Image
image/webp 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/mazaya_saudia_633__large_.webp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

7fe2b6c977e06dbcfc5a83b2440404f834ce204de03835c200f20afeb5ae18c9

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi01
Content-disposition: inline;filename*=UTF-8''Mazaya%20SAUDIA_633%20(Large).webp
Connection: Keep-Alive
Content-Length: 345266
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=491
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK cards__large_.webp
alfursan.saudia.com/ccms-api-mp/attachments/download/ 172 KB
173 KB 221ms
116ms Image
image/webp 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/cards__large_.webp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

b46da40fd67c551b57e731ea940339c0ad60e8bbd4c499dd798cf48eac9b5080

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi02
Content-disposition: inline;filename*=UTF-8''Cards%20(Large).webp
Connection: Keep-Alive
Content-Length: 176262
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=493
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK family_img_1600_01__large_.webp
alfursan.saudia.com/ccms-api-mp/attachments/download/ 606 KB
607 KB 93ms
93ms Image
image/webp 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/family_img_1600_01__large_.webp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

a8e7ad4e420a9cdad0dfa4dca47e6077f89f6bc2c326090fc29470b0a3a87245

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Content-disposition: inline;filename*=UTF-8''Family%20IMG_1600%2001%20(Large).webp
Connection: Keep-Alive
Content-Length: 621050
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=490
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK partners_opt_1_shutterstock_677230816__large_.webp
alfursan.saudia.com/ccms-api-mp/attachments/download/ 498 KB
499 KB 123ms
123ms Image
image/webp 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/partners_opt_1_shutterstock_677230816__large_.webp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

5f0bb75bcae95f7701b2a994771d57d2f7c88251bd78b6c1fcccee9ce9431468

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p01-ccmsapi02
Content-disposition: inline;filename*=UTF-8''Partners%20Opt%201%20shutterstock_677230816%20(Large).webp
Connection: Keep-Alive
Content-Length: 509924
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=492
X-Content-Security-Policy: sandbox

GET
H/1.1 200 screensets-tfa.js Show response
clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/ 3 KB
1 KB 94ms
94ms Script
application/javascript 157.133.93.136
SAP_DC_RUH

General

Check archive.org

Show headers Download Go to

Full URL

https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/screensets-tfa.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/main-es2015.9256694c61491c98fbcf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

157.133.93.136 , United States, ASN199928 (SAP_DC_RUH, DE),

Reverse DNS

Software

SAP /

Resource Hash

f1df11bd824fbb7529d339e63dc78479c21aef36d6499522d8a634ded2ca9450

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
Server: SAP
ETag: W/"cb4fd73ff6cd51ce5c289ddff69025939eca7295"
vary: accept-encoding
Content-Type: application/javascript
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Keep-Alive: timeout=20

GET
H/1.1 200
OK how-it-works-partners-arabic.webp
alfursan.saudia.com/ccms-api-mp/attachments/download/ 46 KB
46 KB 116ms
116ms Image
image/webp 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/how-it-works-partners-arabic.webp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

bbf1b617055f4b6fdbbf18d8c3c46bbbbee90912020bd7666fc823c1df1b92e3

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Content-disposition: inline;filename*=UTF-8''how-it-works-partners-arabic.webp
Connection: Keep-Alive
Content-Length: 46674
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=492
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK blue_shutterstock_1900491103__large_.webp
alfursan.saudia.com/ccms-api-mp/attachments/download/ 267 KB
268 KB 109ms
109ms Image
image/webp 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/blue_shutterstock_1900491103__large_.webp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

b9847cefe2db4c20b214d5b331b21a3e77aaeb00df2a55a68c28335b26f5a46e

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Content-disposition: inline;filename*=UTF-8''Blue%20shutterstock_1900491103%20(Large).webp
Connection: Keep-Alive
Content-Length: 273572
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=492
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK silver_shutterstock_2008657103__large_.webp
alfursan.saudia.com/ccms-api-mp/attachments/download/ 142 KB
142 KB 105ms
104ms Image
image/webp 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/silver_shutterstock_2008657103__large_.webp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

946b5da6ee5403adc831c822054ed607e0c9a7ee5b8e125e173603e5319afa81

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi02
Content-disposition: inline;filename*=UTF-8''Silver%20shutterstock_2008657103%20(Large).webp
Connection: Keep-Alive
Content-Length: 144916
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=491
X-Content-Security-Policy: sandbox

GET
H/1.1 200
OK gold_shutterstock_2006394125__large_.webp
alfursan.saudia.com/ccms-api-mp/attachments/download/ 128 KB
129 KB 95ms
95ms Image
image/webp 154.91.0.2
NOURNET-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alfursan.saudia.com/ccms-api-mp/attachments/download/gold_shutterstock_2006394125__large_.webp

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

154.91.0.2 , Saudi Arabia, ASN29684 (NOURNET-ASN, SA),

Reverse DNS

Software

Apache /

Resource Hash

65fe465c07b6b74f67b0b4392cc366e4600ebda0e9844bacbdab721be84ba3b1

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
APPROADMAP: p02-ccmsapi01
Content-disposition: inline;filename*=UTF-8''Gold%20shutterstock_2006394125%20(Large).webp
Connection: Keep-Alive
Content-Length: 131096
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Headers: Origin, Content-Type, Authorization, X-total-count, Content-Language
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Download-Options: noopen
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Access-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE,OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: https://alfursan.saudia.com
Access-Control-Expose-Headers: X-total-count,
Content-Security-Policy: script-src 'none'
Keep-Alive: timeout=5, max=489
X-Content-Security-Policy: sandbox

GET
H/1.1 200 screensets.js Show response
clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/ 3 KB
1 KB 90ms
90ms Script
application/javascript 157.133.93.136
SAP_DC_RUH

General

Check archive.org

Show headers Download Go to

Full URL

https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/screensets.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/main-es2015.9256694c61491c98fbcf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

157.133.93.136 , United States, ASN199928 (SAP_DC_RUH, DE),

Reverse DNS

Software

SAP /

Resource Hash

ae00cd391b370c3388bcefcb0505782feb11f82ab70de03a707389c336d907af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
Server: SAP
ETag: W/"cb4fd73ff6cd51ce5c289ddff69025939eca7295"
vary: accept-encoding
Content-Type: application/javascript
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Keep-Alive: timeout=20

GET
H/1.1 200 interface.js Show response
clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/ 17 KB
6 KB 93ms
92ms Script
application/javascript 157.133.93.136
SAP_DC_RUH

General

Check archive.org

Show headers Download Go to

Full URL

https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/interface.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/main-es2015.9256694c61491c98fbcf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

157.133.93.136 , United States, ASN199928 (SAP_DC_RUH, DE),

Reverse DNS

Software

SAP /

Resource Hash

7f8eddecfdb6c6c1a5f7f1b3cab54fe75c80bcbbe2c04882a37ef0a188154f39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
Server: SAP
ETag: W/"cb4fd73ff6cd51ce5c289ddff69025939eca7295"
vary: accept-encoding
Content-Type: application/javascript
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Keep-Alive: timeout=20

GET
H/1.1 200 main.js Show response
clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/Util/ 314 B
613 B 93ms
93ms Script
application/javascript 157.133.93.136
SAP_DC_RUH

General

Check archive.org

Show headers Download Go to

Full URL

https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/Util/main.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/main-es2015.9256694c61491c98fbcf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

157.133.93.136 , United States, ASN199928 (SAP_DC_RUH, DE),

Reverse DNS

Software

SAP /

Resource Hash

393b38f8a5c6149dbea5f6f81487048eaeb9a3c2cdebcb0abae8c7d8f6dfb09c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Server: SAP
ETag: W/"cb4fd73ff6cd51ce5c289ddff69025939eca7295"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: application/javascript
Connection: keep-alive
Keep-Alive: timeout=20
Content-Length: 314

GET
H/1.1 200 alfursan-gigya.js Show response
clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/ 1 KB
880 B 92ms
91ms Script
application/javascript 157.133.93.136
SAP_DC_RUH

General

Check archive.org

Show headers Download Go to

Full URL

https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com/UtilJS/alfursan-gigya.js

Requested by

Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/main-es2015.9256694c61491c98fbcf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

157.133.93.136 , United States, ASN199928 (SAP_DC_RUH, DE),

Reverse DNS

Software

SAP /

Resource Hash

c8afa5c69b7991d50c5ef87dd8353d1d0c20e24e048015898878b37e9cf9fcf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:45 GMT
Content-Encoding: gzip
Server: SAP
ETag: W/"cb4fd73ff6cd51ce5c289ddff69025939eca7295"
vary: accept-encoding
Content-Type: application/javascript
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Keep-Alive: timeout=20

GET
H/1.1 200
OK gigya.js Show response
cdns.gigya.com/js/ 463 KB
152 KB 43ms
8ms Script
text/javascript 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.gigya.com/js/gigya.js?apikey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d
Requested by: Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/main-es2015.9256694c61491c98fbcf.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-2.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 920a8bb7b315d7b8da474a098361b5261bb65a38203981ae4d1c86395baadebf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
x-soa: true, Gator
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin: *
x-callid: 50347d782de24af5a5d478dfe83bcf3e
Cache-Control: public, max-age=900, s-maxage=3600
x-server: us1d-nomad-g22
Connection: keep-alive
x-robots-tag: none
Content-Length: 154929
Expires: Tue, 26 Jul 2022 13:02:46 GMT

GET
H/1.1 200
OK sdk.config.get Show response
cdns.eu1.gigya.com/ 2 KB
1 KB 102ms
8ms Fetch
text/javascript 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d&httpStatusCodes=true
Requested by: Host: alfursan.saudia.com
URL: https://alfursan.saudia.com/polyfills-es2015.a2136f146314802d8bbc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-2.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1354c2b20c6bd59f5a719e74f2ebd3135e088449c0a2395c6dad8ee1749d8f34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://alfursan.saudia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
x-soa: true, Gator
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin: *
x-callid: 45cd291d93f24acb9422037d295834f6
Cache-Control: public, max-age=86400, s-maxage=900
x-server: us1d-nomad-g25
Connection: keep-alive
Accept-Ranges: bytes
x-robots-tag: none
Content-Length: 1039

GET
H/1.1 200
OK Api.aspx Show response
cdns.eu1.gigya.com/gs/webSdk/ Frame 0925 116 KB
41 KB 30ms
7ms Document
text/html 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d&version=latest&build=13273

Requested by

Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apikey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-35-237-2.deploy.static.akamaitechnologies.com

Software

Resource Hash

7dd3cc164ac9744a9f61aeff7b0fbf4ce476a40e6e6fc1c30df10f83a5459722

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://alfursan.saudia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400, s-maxage=3600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 41847
Content-Type: text/html; charset=utf-8
Date: Tue, 26 Jul 2022 12:47:46 GMT
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-callid: 0f97f066a03d4296920aca10cf0a980c
x-robots-tag: none
x-server: us1d-nomad-g12
x-soa: true, Gator

GET
H/1.1 200
OK sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 0925 2 KB
1 KB 8ms
7ms Fetch
text/javascript 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d&version=latest&build=13273
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-2.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1354c2b20c6bd59f5a719e74f2ebd3135e088449c0a2395c6dad8ee1749d8f34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d&version=latest&build=13273
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:46 GMT
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
x-soa: true, Gator
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin: *
x-callid: 45cd291d93f24acb9422037d295834f6
Cache-Control: public, max-age=86400, s-maxage=900
x-server: us1d-nomad-g25
Connection: keep-alive
Accept-Ranges: bytes
x-robots-tag: none
Content-Length: 1039

GET
H/1.1 200
OK accounts.webSdkBootstrap Show response
accounts.eu1.gigya.com/ Frame 0925 199 B
1 KB 244ms
43ms XHR
text/javascript 52.212.156.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.eu1.gigya.com/accounts.webSdkBootstrap?apiKey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d&pageURL=https%3A%2F%2Falfursan.saudia.com%2F&sdk=js_latest&sdkBuild=13273&format=json
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d&version=latest&build=13273
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.212.156.205 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-156-205.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: bafa2b45502b414f827732e002359046874821f4237aa7f278af60408a4f2d24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 12:47:46 GMT
content-encoding: gzip
x-soa: true, Gator
x-robots-tag: none
vary: Origin, Accept-Encoding
access-control-allow-methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin: https://cdns.eu1.gigya.com
x-callid: 1fdf2d82359d4969ab81385e1c917821
access-control-max-age: 86400
cache-control: private
x-server: eu1b-nomad-g7
access-control-allow-credentials: true
content-type: text/javascript; charset=utf-8
content-length: 168

GET
H/1.1 200
OK sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame B339 87 KB
31 KB 8ms
8ms Document
text/html 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273

Requested by

Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apikey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-35-237-2.deploy.static.akamaitechnologies.com

Software

Resource Hash

511851618a0371aa58ea64bbf6c5d432bdb1c144c9f1a6a2f17d753ec7ddb2e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://alfursan.saudia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400, s-maxage=3600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 31181
Content-Type: text/html; charset=utf-8
Date: Tue, 26 Jul 2022 12:47:46 GMT
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-callid: cfddb6678b374d56a310765ac3f50639
x-robots-tag: none
x-server: us1d-nomad-g25
x-soa: true, Gator

GET
H/1.1 200
OK sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame 85D0 87 KB
31 KB 10ms
8ms Document
text/html 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273

Requested by

Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apikey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-35-237-2.deploy.static.akamaitechnologies.com

Software

Resource Hash

511851618a0371aa58ea64bbf6c5d432bdb1c144c9f1a6a2f17d753ec7ddb2e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://alfursan.saudia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400, s-maxage=3600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 31181
Content-Type: text/html; charset=utf-8
Date: Tue, 26 Jul 2022 12:47:46 GMT
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-callid: cfddb6678b374d56a310765ac3f50639
x-robots-tag: none
x-server: us1d-nomad-g25
x-soa: true, Gator

GET
H/1.1 200
OK sdk.config.get Show response
cdns.eu1.gigya.com/ Frame B339 2 KB
1 KB 7ms
7ms Fetch
text/javascript 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-2.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 59a385ceb2c0ef13eb446bd06b087f77af3e78d4237970325d937049e624a7b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:47 GMT
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
x-soa: true, Gator
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin: *
x-callid: 3f6e334b8bf8473287e7bf703f49533b
Cache-Control: public, max-age=86400, s-maxage=900
x-server: us1d-nomad-g25
Connection: keep-alive
Accept-Ranges: bytes
x-robots-tag: none
Content-Length: 1037

GET
H/1.1 200
OK sdk.config.get Show response
cdns.eu1.gigya.com/ Frame 85D0 2 KB
1 KB 7ms
7ms Fetch
text/javascript 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-2.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 59a385ceb2c0ef13eb446bd06b087f77af3e78d4237970325d937049e624a7b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:47 GMT
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
x-soa: true, Gator
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin: *
x-callid: 3f6e334b8bf8473287e7bf703f49533b
Cache-Control: public, max-age=86400, s-maxage=900
x-server: us1d-nomad-g25
Connection: keep-alive
Accept-Ranges: bytes
x-robots-tag: none
Content-Length: 1037

GET
H/1.1 200
OK sso.htm Show response
cdns.eu1.gigya.com/gs/ Frame CA94 87 KB
31 KB 7ms
7ms Document
text/html 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273

Requested by

Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apikey=3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-35-237-2.deploy.static.akamaitechnologies.com

Software

Resource Hash

511851618a0371aa58ea64bbf6c5d432bdb1c144c9f1a6a2f17d753ec7ddb2e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://alfursan.saudia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400, s-maxage=3600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 31181
Content-Type: text/html; charset=utf-8
Date: Tue, 26 Jul 2022 12:47:47 GMT
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-callid: cfddb6678b374d56a310765ac3f50639
x-robots-tag: none
x-server: us1d-nomad-g25
x-soa: true, Gator

GET
H/1.1 200
OK sdk.config.get Show response
cdns.eu1.gigya.com/ Frame CA94 2 KB
1 KB 7ms
7ms Fetch
text/javascript 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.eu1.gigya.com/sdk.config.get?apiKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&httpStatusCodes=true
Requested by: Host: cdns.eu1.gigya.com
URL: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-2.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 59a385ceb2c0ef13eb446bd06b087f77af3e78d4237970325d937049e624a7b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf&ssoSegment=web&version=latest&build=13273
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Tue, 26 Jul 2022 12:47:47 GMT
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
x-soa: true, Gator
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin: *
x-callid: 3f6e334b8bf8473287e7bf703f49533b
Cache-Control: public, max-age=86400, s-maxage=900
x-server: us1d-nomad-g25
Connection: keep-alive
Accept-Ranges: bytes
x-robots-tag: none
Content-Length: 1037

Verdicts & Comments Add Verdict or Comment

265 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.alfursan.saudia.com/	1969-12-31 23:59:59	Name: gig_canary Value: false
.alfursan.saudia.com/	1969-12-31 23:59:59	Name: gig_canary_ver Value: 13318-3-27647310
.cdns.eu1.gigya.com/	1970-01-20 13:32:55	Name: apiDomain_3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf Value: eu1.gigya.com
.gigya.com/	1970-01-20 13:32:55	Name: gmid Value: gmid.ver4.AcbH3OTVEA.WrNaDq0IVMyeMjPUB0s5Ck9k5UqkGPwmeE0NO_WAmbVcmPwwkmEyzliWSiUx_GsY.Jlh1Eath6U8-ZWIvtBgWLQGhIaH8nbgmVkzGSH92KSVtLWfr9reCoTv6qJCaYOzOq8Z_v4_Vr7UjUu-o_a6lsA.sc3
.gigya.com/	1970-01-20 13:32:55	Name: ucid Value: UJSKO8Ln1KkKhsiYvXmILA
.gigya.com/	1970-01-20 09:12:20	Name: hasGmid Value: ver4
.saudia.com/	1970-01-20 13:32:55	Name: gig_bootstrap_3_r8xbZ7eaGz9KK1upIHQi00non8bznB0cyh3rEQS7zKpcyJXTYhltKU-OTIJaQS_d Value: _gigya_ver4
.cdns.eu1.gigya.com/	1970-01-20 13:32:55	Name: gig_canary_3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf_web Value: false
.cdns.eu1.gigya.com/	1970-01-20 13:32:55	Name: gig_canary_ver_3_DSxhnCDQV4W0NSdbMmeYrdZ50C1bsgqu1xJyWel2sj4X1r5gs0spAgJ0GNkkasgf_web Value: 13318-3-27647310

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'conversion-measurement'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'focus-without-user-activation'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'sync-script'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'trust-token-redemption'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors https://saudiaapp.saudia.com ionic://saudiaapp.saudia.com; upgrade-insecure-requests; default-src 'self' https://alfursan.saudia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; style-src 'self' 'unsafe-inline' https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; object-src 'none'; frame-src https://.gigya.com https://paypages.payment.amadeus.com; child-src https://.gigya.com https://paypages.payment.amadeus.com; img-src 'self' https://alfursan.saudia.com data: https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; font-src 'self'; connect-src 'self' https://alfursan.saudia.com https://.gigya.com https://clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com https://paypages.payment.amadeus.com; manifest-src 'self'; base-uri 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.eu1.gigya.com
alfursan.saudia.com
alfursan.saudiairlines.com
cdns.eu1.gigya.com
cdns.gigya.com
clmjsapp-f506b74s7f.dispatcher.sa1.hana.ondemand.com
154.91.0.2
157.133.93.136
217.12.225.98
23.35.237.2
52.212.156.205
09dd722982137a484f45f555e1bd7e1bb17f7d54da8817ff0395b084db9774f6
0c6449a1ab705eb93617f7400991cb90be26b681e5480f71ead2477918d53da1
0ca94d0cd943a7887651713e853988063690f9cbe1dcaf76c0a4fbb734f47d25
0d38724409a1f8caa54afe0c512ff1d794e43c93c49983f3aa5ffbbf1e56ad24
1354c2b20c6bd59f5a719e74f2ebd3135e088449c0a2395c6dad8ee1749d8f34
1d89337d2f770330764da7803eefb04ee524136908dda59e4e3206111dad608a
1ddee4f29955dae8db980e28f1e022db1cdd6b1ce137307ef329e76ae22e92b1
1fcce48a158a3e9070827540ed37772a93fa4421eadfa61d8e29844e90d9a766
26eca746332599e8b5f4d79a9bfef4dd7852a4d53fb8d2c14675cdddc422ab71
2b915fcbb2141ef2c367aedf8c4001f1241b912e266516a1d8c1626bdcd68e28
2e34126dc1490c8afcb799781658380add28250ca493f888501d4c96ffd5c82d
314f7213bb930439ff85cf82612e19e2ecc524caa0908830c1fdfe0c95d586d4
391d6931f5a3dda0a3c04379df2581742d63b79676d3b173c8e66e7d0532aff1
393b38f8a5c6149dbea5f6f81487048eaeb9a3c2cdebcb0abae8c7d8f6dfb09c
461cca4ca2ed17f067ef01dbcf4c30761f5f47972816705513574bcfec7006bd
4663e78a16a0ea8f8b9938e6ad8e05e2d25033f3242784d5894972ae90a03200
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
511851618a0371aa58ea64bbf6c5d432bdb1c144c9f1a6a2f17d753ec7ddb2e6
58cc08ea0a5c6ae8e25fc71f8d0772245828cc35def7cdad439c98e36e89be26
59a385ceb2c0ef13eb446bd06b087f77af3e78d4237970325d937049e624a7b7
5f0bb75bcae95f7701b2a994771d57d2f7c88251bd78b6c1fcccee9ce9431468
6443505c4954c0b40c5274505d6b9d4cfdf6c056a5eb9d696b8846cce7ca1dc7
65fe465c07b6b74f67b0b4392cc366e4600ebda0e9844bacbdab721be84ba3b1
675496a70841edc52edd91520fe934bab10479c39b48662485b2d993efb4f23c
71c81abc729e0fb59aa5291202e16020123cbe863e045a7fde23303b61bb770e
721c43c2d1c508325ef50619687b7a8e2bc60c47660df709f8a7a99496c3bdd2
7dd3cc164ac9744a9f61aeff7b0fbf4ce476a40e6e6fc1c30df10f83a5459722
7f8eddecfdb6c6c1a5f7f1b3cab54fe75c80bcbbe2c04882a37ef0a188154f39
7fe2b6c977e06dbcfc5a83b2440404f834ce204de03835c200f20afeb5ae18c9
8409d3109955831f2af3c99e1d7ed796475cd73398f1159cfb0e84249246947a
8574ef85b8d07095312132795eb41daed52f63b83b08e2577242c33f0b0f5429
880c203fe71aae7a9fe9d509d797394405fb35d22d801b5236e8b558c1219788
900ec7adf1dba063a784e036fd179190352b9e6283c6c8db0ca9491b4bcd8bdd
90787df007542f7d28883d50da38bb5d93361972cce399b75f86f300ad302f10
920019e5c314b6ca5b43eae9d3297d70fe214a1b51c0213644cf8c386c0a7cff
920a8bb7b315d7b8da474a098361b5261bb65a38203981ae4d1c86395baadebf
946b5da6ee5403adc831c822054ed607e0c9a7ee5b8e125e173603e5319afa81
98f302734ec7e5224c48973c03bdf9084ea38ce42877b2475f91c9e0fe85524e
a1c1950ed304c62e808ec4efcecefe5d071acb8e9d3cc618d66c8822f7cfbac1
a42962c2ecfb0be6dd865d813882a732417ca5b2b707e8911c6cb78ba3c1cd25
a44738d6e38f66597bbf7a0bd1565758e095c1d23110270c87f0edb32796b06c
a777bced46286fb8236d27d6bf6a237cf419f8002fd2fb069ba683e88360de2f
a8e7ad4e420a9cdad0dfa4dca47e6077f89f6bc2c326090fc29470b0a3a87245
ae00cd391b370c3388bcefcb0505782feb11f82ab70de03a707389c336d907af
ae71a9e6566eccf13c04ec5ecda8fbc7e8e6dbd41b2aa31668eb136ffd416d32
b1c0277ea69dacd0d36dc672f33573456f692cba41093508f0abdc86cfde45c9
b409fca76771b37ad3becb86dc013d2c224e33e833da1a735e2d2932282fcb88
b46da40fd67c551b57e731ea940339c0ad60e8bbd4c499dd798cf48eac9b5080
b9847cefe2db4c20b214d5b331b21a3e77aaeb00df2a55a68c28335b26f5a46e
bafa2b45502b414f827732e002359046874821f4237aa7f278af60408a4f2d24
bbf1b617055f4b6fdbbf18d8c3c46bbbbee90912020bd7666fc823c1df1b92e3
c186154be0ec958264ce9fc9e5a0cc8d4e13a172ac753ac33c5ea9a55f022a0c
c25aa0979250029ec77672463c5a3ca0913ec6abc356fd9de86ef0cfa6f9c3fb
c62645aca2551ed7823edd2b2f70ff083292c3378fa060c8d944c8ca5d14bf7b
c8afa5c69b7991d50c5ef87dd8353d1d0c20e24e048015898878b37e9cf9fcf5
cb9c4f38cbde5e3fefef69ce893d4d7b4016f4b10f974a69c76ad635b433e999
cfaaee0b1f780788e6b33cb3801a720352a1d3291835a85752d26a1848087191
d15703e2a3204d72ae269e8d634ff027347eb30b9564be3ff55524453914174f
d92de5fdc9a8c4b7a0c32dc06d41af58c8dce78ab8be714bc72f7d56ceb2850f
dca6b6debc4632b7325bf9967bb27a089385ea265242611e394b64a599d05cc0
e13079b30e0f997bb0597e275b4f93446f8b226a6bb8f88f2970256782ff1a7d
e28bf96bb4aaa4e4b30bcfa19aa8a5462e15506ebcdb2f542bf3efdedce5118b
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
ee832d89a6340645aa8e2dc1182caa79c24937be3a893372428b99822febbf26
f1df11bd824fbb7529d339e63dc78479c21aef36d6499522d8a634ded2ca9450
f235ba5668976e21c9a6b8a145d3a07ef9ea7222766e4d288bcab88a1ce5fa94
f2da630e4328dcc63afcc3b9a9167b5a4023f993981e9d779c75816c8fdba2b9
f33b263d91b4d754bddccf3d56585e2c7bf097cdbe17d5fce6c40986db617cbb
f6d6c371e6febf623f1356c632602ae4d2c99666af348540f1187ff391c2ce0b

alfursan.saudia.com Open in urlscan Pro 154.91.0.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

75 Requests

100 %HTTPS

0 %IPv6

4 Domains

6 Subdomains

4 IPs

4 Countries

4371 kBTransfer

7029 kBSize

9 Cookies

4 Outgoing links

Page URL History

Redirected requests

75 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

alfursan.saudia.com Open in urlscan Pro
154.91.0.2 Public Scan

Screenshot
Live screenshot

Full Image

75
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

4
IPs

4
Countries

4371 kB
Transfer

7029 kB
Size

9
Cookies

75 HTTP transactions
0 data transactions