urlscan.io logo urlscan.io
SecurityTrails logo

exchange.sandbox.gemini.com Open in urlscan Pro
8.44.203.67  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://exchange.sandbox.gemini.com/
Effective URL: https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Submission: On October 11 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 8.44.203.67, located in United States and belongs to GEMINI-EXCHANGE, US. The main domain is exchange.sandbox.gemini.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on October 7th 2019. Valid for: 2 years.
This is the only time exchange.sandbox.gemini.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 8.44.203.67 203107 (GEMINI-EX...)
6 13.224.193.43 16509 (AMAZON-02)
1 1 184.25.217.53 20940 (AKAMAI-ASN1)
1 143.204.201.104 16509 (AMAZON-02)
2 130.211.34.183 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
11 6
2    8.44.203.67 (United States)

ASN203107 (GEMINI-EXCHANGE, US)
exchange.sandbox.gemini.com
6    13.224.193.43 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-43.fra2.r.cloudfront.net
static.sandbox.gemini.com
1    184.25.217.53 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a184-25-217-53.deploy.static.akamaitechnologies.com
cloud.typography.com
1    143.204.201.104 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-104.fra53.r.cloudfront.net
static.gemini.com
2    130.211.34.183 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 183.34.211.130.bc.googleusercontent.com
api.mixpanel.com
1    2a02:26f0:6c00:2bc::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
cdn.optimizely.com
Domain Requested by
6 static.sandbox.gemini.com exchange.sandbox.gemini.com
2 api.mixpanel.com static.sandbox.gemini.com
2 exchange.sandbox.gemini.com 1 redirects
1 cdn.optimizely.com static.sandbox.gemini.com
1 static.gemini.com exchange.sandbox.gemini.com
1 cloud.typography.com 1 redirects
11 6

This site contains links to these domains. Also see Links.

Domain
exchange.gemini.com
gemini.com
Subject Issuer Validity Valid
sandbox.gemini.com
GlobalSign RSA OV SSL CA 2018		 2019-10-07 -
2021-11-18		 2 years crt.sh
exchange.gemini.com
GlobalSign Extended Validation CA - SHA256 - G3		 2019-07-23 -
2021-09-23		 2 years crt.sh
*.mixpanel.com
GeoTrust RSA CA 2018		 2020-04-20 -
2022-04-21		 2 years crt.sh
cdn.optimizely.com
DigiCert SHA2 Secure Server CA		 2020-01-20 -
2021-03-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Frame ID: 9055F557D6E28C6B0B092731A2AF5D37
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://exchange.sandbox.gemini.com/ HTTP 307
    https://exchange.sandbox.gemini.com/ HTTP 303
    https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

11
Requests

100 %
HTTPS

17 %
IPv6

4
Domains

6
Subdomains

6
IPs

3
Countries

1080 kB
Transfer

2793 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://exchange.sandbox.gemini.com/ HTTP 307
    https://exchange.sandbox.gemini.com/ HTTP 303
    https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://cloud.typography.com/7630154/729946/css/fonts.css HTTP 302
  • https://static.gemini.com/fonts/342967/FD58BFE3B3A2C608A.css

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request signin
exchange.sandbox.gemini.com/
Redirect Chain
  • http://exchange.sandbox.gemini.com/
  • https://exchange.sandbox.gemini.com/
  • https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
5 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
8.44.203.67 , United States, ASN203107 (GEMINI-EXCHANGE, US),
Reverse DNS
Software
nginx /
Resource Hash
5b3ceb1f2b0a756498208002e6fd673f866ea18eab7e74e06f6cd0162becd8ed
Security Headers
Name Value
Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload;
X-Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
exchange.sandbox.gemini.com
:scheme
https
:path
/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PLAY_FLASH=eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InllbGxvdyI6IllvdSdsbCBuZWVkIHRvIHNpZ24gaW4gdG8gYWNjZXNzIHRoaXMgcGFnZS4ifSwibmJmIjoxNjAyNDI0MTk1LCJpYXQiOjE2MDI0MjQxOTV9.3sJwwOGql-sbojHUDLHnzkotmiQZ_MbzK1WZbnkJCh8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

status
200
server
nginx
date
Sun, 11 Oct 2020 13:49:56 GMT
content-type
text/html; charset=UTF-8
content-length
4813
vary
Accept, Refresh-Only
set-cookie
GEMINI_SESSION=eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImNzcmZUb2tlbiI6Ijc4MzI2OWRkYTAyOGExNDcwYjliYWIyYTRhNzFjZTgzNjk3ODcyNjYtMTYwMjQyNDE5NjI0OC0xN2IxMWE2MjM5ZmFlMzMzNGMyNTFmY2UifSwibmJmIjoxNjAyNDI0MTk2LCJpYXQiOjE2MDI0MjQxOTZ9.K_aSqWfh1t6-0UWg2OmYkZG-16CZ7zGN-oAnGJzO1I8; SameSite=Lax; Path=/; Secure; HTTPOnly PLAY_FLASH=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; Secure
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
strict-transport-security
max-age=15552000; includeSubDomains; preload;
x-content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

status
303
server
nginx
date
Sun, 11 Oct 2020 13:49:55 GMT
content-length
0
vary
Accept
location
/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
set-cookie
PLAY_FLASH=eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7InllbGxvdyI6IllvdSdsbCBuZWVkIHRvIHNpZ24gaW4gdG8gYWNjZXNzIHRoaXMgcGFnZS4ifSwibmJmIjoxNjAyNDI0MTk1LCJpYXQiOjE2MDI0MjQxOTV9.3sJwwOGql-sbojHUDLHnzkotmiQZ_MbzK1WZbnkJCh8; SameSite=Lax; Path=/; Secure; HTTPOnly
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
strict-transport-security
max-age=15552000; includeSubDomains; preload;
x-content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Tue, 03 Jul 2001 06:00:00 GMT
0.35fc58f5c556aee05a17.css
static.sandbox.gemini.com/js/ 		164 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.sandbox.gemini.com/js/0.35fc58f5c556aee05a17.css
Requested by
Host: exchange.sandbox.gemini.com
URL: https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.43 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-43.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
5b64cb6ba9c2de5b59e22881548f2cdf7458479f090a430b54f56f3ad547418a
Security Headers
Name Value
Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload;
X-Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 22:29:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
141616
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Jan 1980 00:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"988c1dadd9fe29b070bad9fe2b58ecc855015220"
strict-transport-security
max-age=15552000; includeSubDomains; preload;
content-type
text/css; charset=UTF-8
via
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
ZvWKO97rz_MqX0kvwkTti3P0acjhMlHVHZyCZtvCbzHbh25ItP7bXA==
x-content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
44.f9d7b9b690c9faba3e3f.css
static.sandbox.gemini.com/js/ 		20 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.sandbox.gemini.com/js/44.f9d7b9b690c9faba3e3f.css
Requested by
Host: exchange.sandbox.gemini.com
URL: https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.43 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-43.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
0630f66dfdae5a64edf0c1550c6791191d33765a67617cde050fb97bad1643eb
Security Headers
Name Value
Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload;
X-Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 22:29:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
141616
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Jan 1980 00:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"db847263d768ed82e50b3322bdeb28aef79cca85"
strict-transport-security
max-age=15552000; includeSubDomains; preload;
content-type
text/css; charset=UTF-8
via
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
kmHLvMAXPRQUzKhdykZEK3sspklJTUn-P-Wsv3C-KVJsxulBENUAPQ==
x-content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
FD58BFE3B3A2C608A.css
static.gemini.com/fonts/342967/
Redirect Chain
  • https://cloud.typography.com/7630154/729946/css/fonts.css
  • https://static.gemini.com/fonts/342967/FD58BFE3B3A2C608A.css
212 KB
161 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.gemini.com/fonts/342967/FD58BFE3B3A2C608A.css
Requested by
Host: exchange.sandbox.gemini.com
URL: https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.201.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-201-104.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ffd61dfd091eef607a4c6309bfa148ce98f447ea458685e80b467896806413cf

Request headers

Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Sat, 10 Oct 2020 20:58:39 GMT
content-encoding
gzip
last-modified
Fri, 08 Sep 2017 21:49:07 GMT
server
AmazonS3
age
60678
etag
W/"288d4b2e003e0cc0d41fc8976b0f5834"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
status
200
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
xNHYgAU5sKo8gMZHK_SxgLSm2ZVPh04TE_mQoHLvsNVizQ5N-dpruw==
via
1.1 25ffb5a941b5a46b102cd385a9cdbb50.cloudfront.net (CloudFront)

Redirect headers

Date
Sun, 11 Oct 2020 13:49:56 GMT
Last-Modified
Tue, 21 Jul 2015 00:02:57 GMT
Server
AkamaiNetStorage
ETag
"150927ddbfa2440dbf4b07a2d85b071b:1495906967"
Content-Type
text/html
Location
https://static.gemini.com/fonts/342967/FD58BFE3B3A2C608A.css
Cache-Control
must-revalidate, private
Connection
keep-alive
Content-Length
154
Expires
Sun, 11 October 2020 13:49:56 GMT
runtime.b1c05216fe547cfd7233.js
static.sandbox.gemini.com/js/ 		1 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.sandbox.gemini.com/js/runtime.b1c05216fe547cfd7233.js
Requested by
Host: exchange.sandbox.gemini.com
URL: https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.43 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-43.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
a9b6795b69a80d382012a46fe476b516cb908db6a8116b8616ff040ebbf9401e
Security Headers
Name Value
Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload;
X-Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 10:08:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
272515
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Jan 1980 00:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"57374c4dfa6b4cb875c99c83bfb8e19ec845e533"
strict-transport-security
max-age=15552000; includeSubDomains; preload;
content-type
application/javascript; charset=UTF-8
via
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
ng9e0PrFO5LFxSZl687Db0PEBw6-zmqtw-EU2kEhI9MyhHTCs2egsg==
x-content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
0.35fc58f5c556aee05a17.js
static.sandbox.gemini.com/js/ 		2 MB
788 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.sandbox.gemini.com/js/0.35fc58f5c556aee05a17.js
Requested by
Host: exchange.sandbox.gemini.com
URL: https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.43 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-43.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
63892a7d20e4f18c7bdee37042d9130d7a2ce5be2d1a36ab2598119b79693180
Security Headers
Name Value
Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload;
X-Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 22:29:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
141616
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Jan 1980 00:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"ab7684b880e047fcd7b040981eb5de2f0eca723c"
strict-transport-security
max-age=15552000; includeSubDomains; preload;
content-type
application/javascript; charset=UTF-8
via
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
-vdo-e2aNhUWoLUtGKmx6J7BP2XPTwfEMD4lzQ-QT7PCOKeMISuQtQ==
x-content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
4.ac46a67613275288f445.js
static.sandbox.gemini.com/js/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.sandbox.gemini.com/js/4.ac46a67613275288f445.js
Requested by
Host: exchange.sandbox.gemini.com
URL: https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.43 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-43.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
6a284abe23863943863e678efc4bbf55383c9349fd683a2f4cea71c549f229d0
Security Headers
Name Value
Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload;
X-Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 22:29:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
141615
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Jan 1980 00:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"b246f0648e5e4838282282940dd215482b0db44c"
strict-transport-security
max-age=15552000; includeSubDomains; preload;
content-type
application/javascript; charset=UTF-8
via
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
f4Lm8tS6YfTF_vdU5P7LiJ-c7U_Jad-OvV92MGiYNoiX5Mppl_jMfA==
x-content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
44.f9d7b9b690c9faba3e3f.js
static.sandbox.gemini.com/js/ 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.sandbox.gemini.com/js/44.f9d7b9b690c9faba3e3f.js
Requested by
Host: exchange.sandbox.gemini.com
URL: https://exchange.sandbox.gemini.com/signin?redirect=8227a3eea8a715f183c91e4bff3863af96cc137d-1602424195749-%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.193.43 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-193-43.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
503c5d71ff80fae3daf43a80ba2da7d82135a3311f705b8521ac95034563a9d7
Security Headers
Name Value
Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload;
X-Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Fri, 09 Oct 2020 22:29:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
141615
x-cache
Hit from cloudfront
status
200
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Jan 1980 00:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"1044467a54c4732bbd86d9406da99a061761595c"
strict-transport-security
max-age=15552000; includeSubDomains; preload;
content-type
application/javascript; charset=UTF-8
via
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
3WnIfubEHeiQEjW9CzmaaiNNXYJvWd88nogvoXEHBHJNS14OlboG-A==
x-content-security-policy
report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
/
api.mixpanel.com/decide/ 		65 B
140 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.mixpanel.com/decide/?verbose=1&version=1&lib=web&token=243d42ba79d0e2b0092adab1f2c044c2&ip=0&_=1602424196920
Requested by
Host: static.sandbox.gemini.com
URL: https://static.sandbox.gemini.com/js/0.35fc58f5c556aee05a17.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.34.183 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
183.34.211.130.bc.googleusercontent.com
Software
gunicorn/19.9.0 /
Resource Hash
5fcb16854bcf34558fc9100ea313b2f61a3394ca23e65719553f09c902b2476e

Request headers

Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Sun, 11 Oct 2020 13:49:59 GMT
via
1.1 google
server
gunicorn/19.9.0
access-control-allow-headers
X-Requested-With
status
200
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://exchange.sandbox.gemini.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
alt-svc
clear
/
api.mixpanel.com/track/ 		1 B
327 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.mixpanel.com/track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRjdXJyZW50X3VybCI6ICJodHRwczovL2V4Y2hhbmdlLnNhbmRib3guZ2VtaW5pLmNvbS9zaWduaW4%2FcmVkaXJlY3Q9ODIyN2EzZWVhOGE3MTVmMTgzYzkxZTRiZmYzODYzYWY5NmNjMTM3ZC0xNjAyNDI0MTk1NzQ5LSUyRiIsIiRicm93c2VyX3ZlcnNpb24iOiA4MywiJHNjcmVlbl9oZWlnaHQiOiAxMjAwLCIkc2NyZWVuX3dpZHRoIjogMTYwMCwibXBfbGliIjogIndlYiIsIiRsaWJfdmVyc2lvbiI6ICIyLjIyLjQiLCJkaXN0aW5jdF9pZCI6ICIxNzUxN2VjY2YzNTU1My0wNjZjODY2ZjAzNTVhNS1mN2QxMjNlLTFkNGMwMC0xNzUxN2VjY2YzNjc4MyIsIiRpbml0aWFsX3JlZmVycmVyIjogIiRkaXJlY3QiLCIkaW5pdGlhbF9yZWZlcnJpbmdfZG9tYWluIjogIiRkaXJlY3QiLCJtcF9wYWdlIjogImh0dHBzOi8vZXhjaGFuZ2Uuc2FuZGJveC5nZW1pbmkuY29tL3NpZ25pbj9yZWRpcmVjdD04MjI3YTNlZWE4YTcxNWYxODNjOTFlNGJmZjM4NjNhZjk2Y2MxMzdkLTE2MDI0MjQxOTU3NDktJTJGIiwibXBfYnJvd3NlciI6ICJDaHJvbWUiLCJtcF9wbGF0Zm9ybSI6ICJXaW5kb3dzIiwidG9rZW4iOiAiMjQzZDQyYmE3OWQwZTJiMDA5MmFkYWIxZjJjMDQ0YzIifX0%3D&ip=0&_=1602424196925
Requested by
Host: static.sandbox.gemini.com
URL: https://static.sandbox.gemini.com/js/0.35fc58f5c556aee05a17.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.34.183 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
183.34.211.130.bc.googleusercontent.com
Software
envoy /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Sun, 11 Oct 2020 13:49:56 GMT
via
1.1 google
server
envoy
access-control-allow-headers
X-Requested-With
status
200
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://exchange.sandbox.gemini.com
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
alt-svc
clear
content-length
1
Wnjm8Romn7vp6Hiq3xwXXL.json
cdn.optimizely.com/datafiles/ 		30 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/datafiles/Wnjm8Romn7vp6Hiq3xwXXL.json
Requested by
Host: static.sandbox.gemini.com
URL: https://static.sandbox.gemini.com/js/0.35fc58f5c556aee05a17.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:2bc::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
18727bf1a906847b58b31f6aca3dfccfa659af0b3fada94de9480a310acc4ce6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
application/json, text/plain, */*
Referer
https://exchange.sandbox.gemini.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
GSRaSUn52diZoHh_ZmWAzHYZYsEa4gxW
content-encoding
gzip
etag
"af5c35a8f42f3dbf2b100768acbb569b"
x-amz-request-id
63AE1FB39FA0FA92
x-amz-server-side-encryption
AES256
status
200
x-amz-replication-status
PENDING
access-control-allow-methods
GET, HEAD, OPTIONS
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="2a02:26f0:6c00:2bc::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
vary
Accept-Encoding
content-length
5002
x-amz-id-2
rEtX0AVgFi4d6zxceLSR9nsww/x0MOCnVxX03KoD+I/9IMssNkoWVbeg9f7mssVgTADIUq3ryQg=
last-modified
Fri, 09 Oct 2020 16:02:21 GMT
server
AmazonS3
date
Sun, 11 Oct 2020 13:49:57 GMT
access-control-max-age
604800
strict-transport-security
max-age=15768000
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=118
access-control-allow-credentials
false
x-amz-meta-revision
1258
accept-ranges
bytes
access-control-allow-headers
*
truncated
/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1db57907f5db4d815576f4e9dec208b9dce3a8bd20d235d40e920fe003689907

Request headers

Origin
https://exchange.sandbox.gemini.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

Content-Type
application/x-font-woff
truncated
/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f5cc93ca80dbd546de42d3bf04c9b3e86bd83e7b9389b35a5e615d53b5e12bfa

Request headers

Origin
https://exchange.sandbox.gemini.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

Content-Type
application/x-font-woff

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| webpackJsonp object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| __SENTRY__ function| sprintf function| vsprintf function| jQuery function| $ function| debugTool object| initialData function| gtag function| twq function| fbq function| applyFocusVisiblePolyfill

2 Cookies

Domain/Path Name / Value
.gemini.com/ Name: mp_243d42ba79d0e2b0092adab1f2c044c2_mixpanel
Value: %7B%22distinct_id%22%3A%20%2217517eccf35553-066c866f0355a5-f7d123e-1d4c00-17517eccf36783%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
exchange.sandbox.gemini.com/ Name: GEMINI_SESSION
Value: eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImNzcmZUb2tlbiI6Ijc4MzI2OWRkYTAyOGExNDcwYjliYWIyYTRhNzFjZTgzNjk3ODcyNjYtMTYwMjQyNDE5NjI0OC0xN2IxMWE2MjM5ZmFlMzMzNGMyNTFmY2UifSwibmJmIjoxNjAyNDI0MTk2LCJpYXQiOjE2MDI0MjQxOTZ9.K_aSqWfh1t6-0UWg2OmYkZG-16CZ7zGN-oAnGJzO1I8

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload;
X-Content-Security-Policy report-uri /collect-csp; script-src 'self' https://static.gemini.com https://www.google-analytics.com https://cdn.sift.com/s.js https://connect.facebook.net https://try.access.worldpay.com https://access.worldpay.com https://www.googletagmanager.com/ static.sandbox.gemini.com; font-src 'self' data: https://static.gemini.com static.sandbox.gemini.com; connect-src 'self' https://api.mixpanel.com/ https://cdn.optimizely.com/ https://logx.optimizely.com/v1/events https://api.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com wss://api.sandbox.gemini.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://static.gemini.com static.sandbox.gemini.com; object-src 'self'; default-src 'self'; frame-src 'self' https://connect.facebook.net https://www.facebook.com https://try.access.worldpay.com https://access.worldpay.com https://secure-test.worldpay.com/ https://centinelapi.cardinalcommerce.com; img-src 'self' data: blob: https://static.gemini.com https://www.google-analytics.com https://hexagon-analytics.com https://www.facebook.com static.sandbox.gemini.com static.sandbox.gemini.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block