booking.theexperientials.com Open in urlscan Pro
54.70.111.180  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response booking.theexperientials.com/	8 KB 4 KB	885ms 512ms	Document text/html	54.70.111.180 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://booking.theexperientials.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.70.111.180 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-70-111-180.us-west-2.compute.amazonaws.com Software nginx/1.16.1 / Express Resource Hash 625097035b483863aaf4825721dc1ec894f51d935d46ca56a98ef67373a24783 Security Headers Name Value Strict-Transport-Security max-age=600 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Tue, 07 Feb 2023 19:22:01 GMT ETag W/"21ff-HCOjH2yWJM7otMtqGHsBavHyL4M" Server nginx/1.16.1 Strict-Transport-Security max-age=600 Transfer-Encoding chunked X-Booking-Engine booking-engine-1 X-Powered-By Express
GET H2	200	js Show response www.googletagmanager.com/gtag/	239 KB 79 KB	79ms 36ms	Script application/javascript	2a00:1450:4001:80b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-DZF2BQ8W47 Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 605e638aa8ae248b0d4da3b2ac6f3efefc29245363134f5ed09c96a98d20ab95 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:01 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 80627 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 07 Feb 2023 19:22:01 GMT
GET H2	200	ladda.min.css cdnjs.cloudflare.com/ajax/libs/Ladda/1.0.0/	9 KB 2 KB	40ms 13ms	Stylesheet text/css	2606:4700::6811:190e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/Ladda/1.0.0/ladda.min.css Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 17811082013f7ce04e1ea11efd6ae21056e5675bba8e2c0e276edd3634ec04a0 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:01 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 2853262 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1241 last-modified Mon, 04 May 2020 16:04:00 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03cf0-23e0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofKOZ7y0k880i9WpKymqlhy%2BFIy1MZjvTaEPDZuE9%2BT2Ssg1FUxYX6nTUibcWRt1vgvcEGnp90cpgHIP0ictDuCqx6OCS4nz7DvSZ4HycUd8InxVfQhbhm%2BnsRio0VEdrop1poWL%2FNhyE9QmkLLbkKD6"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 795e7df09f502bca-FRA expires Sun, 28 Jan 2024 19:22:01 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	850 B 870 B	132ms 51ms	Script text/javascript	2a00:1450:400d:807::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:807::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 719dd9d08854f73d2ff4b8bd2516a8d9f247b28fea167d18db7e8a689257ed2c Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:01 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 550 x-xss-protection 1; mode=block expires Tue, 07 Feb 2023 19:22:01 GMT
GET H2	200	/ Show response js.stripe.com/v3/	435 KB 117 KB	50ms 7ms	Script text/javascript	151.101.192.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/ Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.192.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash a993d3c9559f6f4f13c0d9254b4f214c458ed072c7a2805ec003d8d401fddf60 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Tue, 07 Feb 2023 19:22:01 GMT via 1.1 varnish age 43 x-cache HIT content-length 119583 x-request-id 0154a355-73db-4704-81fa-de8809487cfb x-served-by cache-fra-eddf8230040-FRA last-modified Tue, 07 Feb 2023 18:17:23 GMT server Fastly etag "a55eaed63caeed91c7998f12b9fcc295" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 5
GET H2	200	bundle.css d2q3n06xhbi0am.cloudfront.net/	795 KB 442 KB	97ms 22ms	Stylesheet text/css	2600:9000:211a:aa00:d:cb8c:3f80:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d2q3n06xhbi0am.cloudfront.net/bundle.css?1675253761 Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:211a:aa00:d:cb8c:3f80:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash dcee2850d89cb0d48c9b900c2558b845aff9361f6411929b0f70ec01267927c5 Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 08:14:40 GMT x-amz-version-id uZF1YM0gGZXL933p4QvVpP7AquaJbfeg content-encoding gzip last-modified Mon, 20 Apr 2020 12:27:36 GMT server AmazonS3 via 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront) x-amz-cf-pop VIE50-C2 etag W/"0964256a73895af0722553316f5557ef" age 40042 vary Accept-Encoding x-cache Hit from cloudfront content-type text/css x-amz-cf-id w11M__2Y4hhzn487QGECgw2ciBXz0C0X0qv9zOc2nHXuZiSAO_iwsQ==
GET H/1.1	200 OK	48732-xe7TJe0LCm7sBwR0pdCduR8g75ZmtmiszGLnOD7oVIQ-63a0dea92f854 hostaway-platform.s3.us-west-2.amazonaws.com/account/attachment/	96 KB 96 KB	626ms 243ms	Image image/png	52.92.149.242 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://hostaway-platform.s3.us-west-2.amazonaws.com/account/attachment/48732-xe7TJe0LCm7sBwR0pdCduR8g75ZmtmiszGLnOD7oVIQ-63a0dea92f854?rand=nsyuv33ygmp Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.92.149.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2-r-w.amazonaws.com Software AmazonS3 / Resource Hash eed0187e8f56f965239f2232881ee4f3adee09ef935de6b9618fc03b3beac30a Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Tue, 07 Feb 2023 19:22:03 GMT Last-Modified Mon, 19 Dec 2022 21:59:06 GMT Server AmazonS3 x-amz-request-id GMRNSENZKNA8N67D ETag "39975c22666661088e3973779670903d" Content-Type image/png x-amz-storage-class REDUCED_REDUNDANCY Accept-Ranges bytes Content-Length 98288 x-amz-id-2 znBNsPHwyVJF4LPfml4V6KhRLNMflk6VkBZNHe0SDG8BNNgrgSn22nRy1tjwLaVeurUI9S1wwYg=
GET H2	200	bundle.js Show response d2q3n06xhbi0am.cloudfront.net/	7 MB 2 MB	123ms 71ms	Script application/javascript	2600:9000:211a:aa00:d:cb8c:3f80:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:211a:aa00:d:cb8c:3f80:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ee6c8b7e02b22d067b1f2dd862c95e9c8dd420450bff54f86d4f44745432b613 Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-version-id 72_4FedsPPM0hfDPHu_ryxq966112ZY6 content-encoding gzip via 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront) date Tue, 07 Feb 2023 01:56:49 GMT last-modified Wed, 01 Feb 2023 12:16:02 GMT server AmazonS3 x-amz-cf-pop VIE50-C2 age 62713 etag W/"73e02a25708efbc0f89524ec7cdbd437" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id 5dWrcueSUlBQZjr29n_K3joXhgoAy2vx-Nr0SxKNGTw2OtO4cFdRdg==
POST H2	204	collect region1.google-analytics.com/g/	0 263 B	51ms 19ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-DZF2BQ8W47&gtm=45je3260&_p=707685797&cid=2006602337.1675797722&ul=en-us&sr=1600x1200&uaW=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1675797721&sct=1&seg=0&dl=https%3A%2F%2Fbooking.theexperientials.com%2F&dt=Book%20your%20next%20experience%20with%20Experientials%20%7C%20San%20Diego%2C%20Scottsdale&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-DZF2BQ8W47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Tue, 07 Feb 2023 19:22:01 GMT server Golfe2 content-type text/plain access-control-allow-origin https://booking.theexperientials.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/	406 KB 162 KB	64ms 22ms	Script text/javascript	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7100633cff808ec01559c4579130f2d6cef8d43e7f02c56d727ed33787d30fb9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://booking.theexperientials.com/ Origin https://booking.theexperientials.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:19:27 GMT content-encoding gzip x-content-type-options nosniff age 154 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 165540 x-xss-protection 0 last-modified Tue, 31 Jan 2023 02:51:47 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 07 Feb 2024 19:19:27 GMT
GET H2	200	booking.theexperientials.com Show response api.hostaway.com/bookingEngines/	5 KB 3 KB	755ms 332ms	Fetch application/json	44.239.220.144 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.hostaway.com/bookingEngines/booking.theexperientials.com Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.239.220.144 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-239-220-144.us-west-2.compute.amazonaws.com Software nginx / Resource Hash ae0e8e4f4c1e45ac12e7434687eeccd5ad69fad49c16c0be8f4d244dfe626a7f Request headers Accept application/json Referer https://booking.theexperientials.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:03 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin https://booking.theexperientials.com access-control-allow-credentials true access-control-allow-headers X-Requested-With, Authorization, Content-Type, jwt, accountId, Content-Encoding, User-Agent, Cache-Control, Accept-Encoding, Cookie, Accept-Language, Accept, Accept-Charset, Content-Length, Content-MD5, From, Host, Referrer, Connection,
GET H2	200	css2 fonts.googleapis.com/	12 KB 1 KB	79ms 23ms	Stylesheet text/css	2a00:1450:4001:830::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Montserrat:wght@700;800&family=Open+Sans:wght@400;600;700&display=swap Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 648e77740152882778e1aa85655e0e8e730eca5f0f58545fbb110593d9693595 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 07 Feb 2023 19:22:02 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 07 Feb 2023 19:22:02 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 07 Feb 2023 19:22:02 GMT
GET H2	200	m-outer-93afeeb17bc37e711759584dbfc50d47.html Show response js.stripe.com/v3/ Frame 20CD	200 B 809 B	7ms 6ms	Document text/html	151.101.192.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.192.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://booking.theexperientials.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 3010175 cache-control max-age=31536000 content-encoding br content-length 122 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Tue, 07 Feb 2023 19:22:02 GMT etag "93afeeb17bc37e711759584dbfc50d47" last-modified Wed, 21 Dec 2022 18:20:45 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 174940 x-content-type-options nosniff x-request-id 00d8e943-ca52-43d0-9f71-ef8367d4c70a x-served-by cache-fra-eddf8230040-FRA
POST H2	200	csp-report q.stripe.com/ Frame 20CD	0 600 B	535ms 175ms	Other text/plain	54.187.119.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-119-242.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type application/csp-report Response headers date Tue, 07 Feb 2023 19:22:02 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-envoy-upstream-service-time 3 content-length 0 x-stripe-bg-intended-route-color blue pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type cache-control max-age=0, no-cache, no-store, must-revalidate x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
POST H2	200	csp-report q.stripe.com/ Frame 20CD	0 599 B	536ms 177ms	Other text/plain	54.187.119.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-119-242.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type application/csp-report Response headers date Tue, 07 Feb 2023 19:22:02 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-envoy-upstream-service-time 3 content-length 0 x-stripe-bg-intended-route-color blue pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type cache-control max-age=0, no-cache, no-store, must-revalidate x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
GET H2	200	m-outer-8cb24ab2d649fd36a488d04d8c457933.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 20CD	631 B 467 B	8ms 8ms	Script text/javascript	151.101.192.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.192.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Tue, 07 Feb 2023 19:22:02 GMT via 1.1 varnish age 7427832 x-cache HIT content-length 332 x-request-id c8691017-59fd-48a3-9637-1e4c350175ba x-served-by cache-fra-eddf8230040-FRA last-modified Sun, 13 Nov 2022 20:03:40 GMT server Fastly etag "f8f6a4584135f737b26927596ce6e0a7" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * x-cache-hits 144949
GET H2	200	inner.html Show response m.stripe.network/ Frame A8D5	930 B 2 KB	69ms 9ms	Document text/html	2600:9000:20eb:800:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:800:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35 Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 260 cache-control max-age=300, public content-length 930 content-security-policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Tue, 07 Feb 2023 19:18:18 GMT etag "fc2e029628f163bb59adc6fa5a31161c" last-modified Thu, 17 Mar 2022 19:03:12 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload vary Accept-Encoding via 1.1 c2a926ef1bafe1ab239d4761594a8098.cloudfront.net (CloudFront) x-amz-cf-id wTkFI0ujL589FiI3HwRECcerkjFr6TgHFEOvx5WHDp6B535FoZ-uJg== x-amz-cf-pop FRA2-C1 x-cache Hit from cloudfront x-content-type-options nosniff
POST H2	200	csp-report q.stripe.com/ Frame A8D5	0 373 B	445ms 176ms	Other text/plain	54.187.119.242 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: booking.theexperientials.com URL: https://booking.theexperientials.com/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-119-242.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type application/csp-report Response headers x-stripe-bg-intended-route-color blue pragma no-cache date Tue, 07 Feb 2023 19:22:02 GMT strict-transport-security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff server nginx cross-origin-opener-policy same-origin cache-control max-age=0, no-cache, no-store, must-revalidate x-envoy-upstream-service-time 3 x-robots-tag none content-length 0 expires 0
GET H2	200	out-4.5.42.js Show response m.stripe.network/ Frame A8D5	86 KB 14 KB	10ms 9ms	Script text/javascript	2600:9000:20eb:800:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.42.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:800:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Tue, 07 Feb 2023 19:21:31 GMT last-modified Thu, 17 Mar 2022 19:03:12 GMT server Cloudfront via 1.1 c2a926ef1bafe1ab239d4761594a8098.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 etag W/"21df7244385e5c0bdf32da01d0dad6c0" age 86 vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript; charset=utf-8 cache-control max-age=300, public x-amz-cf-id l0d2czUj8ACahgIQz1VQVO1S4DdZmW9wS-x9KTOynZvDDKmAKn0qqw==
POST H2	200	6 Show response m.stripe.com/ Frame A8D5	156 B 552 B	1094ms 382ms	XHR application/json	34.209.12.98 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.42.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.209.12.98 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-209-12-98.us-west-2.compute.amazonaws.com Software nginx / Resource Hash a21249794e54c7fc6f006f5328e403fd147be8ea4dc708095ddd67626dd046fd Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-stripe-bg-intended-route-color green date Tue, 07 Feb 2023 19:22:03 GMT strict-transport-security max-age=31556926; includeSubDomains; preload x-content-type-options nosniff server nginx content-type application/json;charset=utf-8 access-control-allow-origin https://m.stripe.network access-control-allow-credentials true access-control-allow-headers Content-Type content-length 156
GET H/1.1	200 OK	48732-xe7TJe0LCm7sBwR0pdCduR8g75ZmtmiszGLnOD7oVIQ-63a0dea92f854 hostaway-platform.s3.us-west-2.amazonaws.com/account/attachment/	96 KB 96 KB	499ms 499ms	Image image/png	52.92.149.242 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://hostaway-platform.s3.us-west-2.amazonaws.com/account/attachment/48732-xe7TJe0LCm7sBwR0pdCduR8g75ZmtmiszGLnOD7oVIQ-63a0dea92f854?rand=nsyuv33ygmp Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.92.149.242 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2-r-w.amazonaws.com Software AmazonS3 / Resource Hash eed0187e8f56f965239f2232881ee4f3adee09ef935de6b9618fc03b3beac30a Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Tue, 07 Feb 2023 19:22:04 GMT Last-Modified Mon, 19 Dec 2022 21:59:06 GMT Server AmazonS3 x-amz-request-id DKYN953NKHM16ADG ETag "39975c22666661088e3973779670903d" Content-Type image/png x-amz-storage-class REDUCED_REDUNDANCY Accept-Ranges bytes Content-Length 98288 x-amz-id-2 mCC7rEbOe8vZLlmOdM4cVRPi/7b9vZIPfMSJDqb2ewUKXgHf3VeoVlQ5C+bIiuIRDQpx2M++78o=
GET H2	200	amenities Show response api.hostaway.com/bookingEngines/booking.theexperientials.com/	215 KB 12 KB	643ms 641ms	Fetch application/json	44.239.220.144 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.hostaway.com/bookingEngines/booking.theexperientials.com/amenities Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.239.220.144 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-239-220-144.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 5dcfd4162fce658436f07518787ce33fdc2d746aa6f5167d75935b7eac6299da Request headers Accept application/json Referer https://booking.theexperientials.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:03 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin https://booking.theexperientials.com access-control-allow-credentials true access-control-allow-headers X-Requested-With, Authorization, Content-Type, jwt, accountId, Content-Encoding, User-Agent, Cache-Control, Accept-Encoding, Cookie, Accept-Language, Accept, Accept-Charset, Content-Length, Content-MD5, From, Host, Referrer, Connection,
GET H2	200	categories Show response api.hostaway.com/bookingEngines/booking.theexperientials.com/	310 B 670 B	475ms 473ms	Fetch application/json	44.239.220.144 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.hostaway.com/bookingEngines/booking.theexperientials.com/categories Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.239.220.144 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-239-220-144.us-west-2.compute.amazonaws.com Software nginx / Resource Hash d39c9533d1f0b023baadb1f5d73554088bea128c2fbd8401d514cfcfbc2c2603 Request headers Accept application/json Referer https://booking.theexperientials.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:03 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin https://booking.theexperientials.com access-control-allow-credentials true access-control-allow-headers X-Requested-With, Authorization, Content-Type, jwt, accountId, Content-Encoding, User-Agent, Cache-Control, Accept-Encoding, Cookie, Accept-Language, Accept, Accept-Charset, Content-Length, Content-MD5, From, Host, Referrer, Connection,
GET H2	200	pages Show response api.hostaway.com/bookingEngines/booking.theexperientials.com/	18 KB 6 KB	474ms 473ms	Fetch application/json	44.239.220.144 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.hostaway.com/bookingEngines/booking.theexperientials.com/pages Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.239.220.144 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-239-220-144.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 7726aaee96d3552493105c01aa6745e35daf6252746f5c835f019b44da79a1e1 Request headers Accept application/json Referer https://booking.theexperientials.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:03 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin https://booking.theexperientials.com access-control-allow-credentials true access-control-allow-headers X-Requested-With, Authorization, Content-Type, jwt, accountId, Content-Encoding, User-Agent, Cache-Control, Accept-Encoding, Cookie, Accept-Language, Accept, Accept-Charset, Content-Length, Content-MD5, From, Host, Referrer, Connection,
GET H2	200	css2 fonts.googleapis.com/	7 KB 877 B	27ms 26ms	Stylesheet text/css	2a00:1450:4001:830::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@700;800&family=Roboto+Condensed:wght@400;600;700&display=swap Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash c77bc4d53339cc566d50d04ec24fde6618c3cba1db1d07fd2e8cd2e158d583ee Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 07 Feb 2023 19:22:03 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 07 Feb 2023 19:22:03 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 07 Feb 2023 19:22:03 GMT
GET H/1.1	200 OK	48732-logoUrl.jpg bookingengine-production.s3.us-west-2.amazonaws.com/	202 KB 203 KB	884ms 242ms	Image image/jpeg	52.218.228.169 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://bookingengine-production.s3.us-west-2.amazonaws.com/48732-logoUrl.jpg?rand=zc2mpe2ii1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.218.228.169 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-us-west-2-r-w.amazonaws.com Software AmazonS3 / Resource Hash d21f5fd9c41081517e8b777b1e260c4811831bb2ac8cd3686260fb34faa525d6 Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Tue, 07 Feb 2023 19:22:05 GMT Last-Modified Thu, 29 Dec 2022 23:56:00 GMT Server AmazonS3 x-amz-request-id K3Y9C1BRSN3DRJMH ETag "bd2ae63966ad5471adea12a510b08de3" Content-Type image/jpeg x-amz-storage-class REDUCED_REDUNDANCY Accept-Ranges bytes Content-Length 207086 x-amz-id-2 4MxTSd/EZn00SWaBaFmhfrcAQlXEHqNVWLpUixupKEEAivgKJA+aQq7vgZiSq+Nj4OdvgXQpvvc=
GET H2	200	ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2 fonts.gstatic.com/s/robotocondensed/v25/	15 KB 16 KB	50ms 13ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@700;800&family=Roboto+Condensed:wght@400;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://booking.theexperientials.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Wed, 01 Feb 2023 13:09:52 GMT x-content-type-options nosniff age 540731 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15660 x-xss-protection 0 last-modified Tue, 19 Apr 2022 18:42:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 01 Feb 2024 13:09:52 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	13 KB 13 KB	64ms 31ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@700;800&family=Roboto+Condensed:wght@400;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://booking.theexperientials.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Mon, 06 Feb 2023 13:57:36 GMT x-content-type-options nosniff age 105867 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12924 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:02:31 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 06 Feb 2024 13:57:36 GMT
GET H2	200	ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 fonts.gstatic.com/s/robotocondensed/v25/	15 KB 15 KB	45ms 17ms	Font font/woff2	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@700;800&family=Roboto+Condensed:wght@400;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://booking.theexperientials.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Wed, 01 Feb 2023 05:00:54 GMT x-content-type-options nosniff age 570069 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15700 x-xss-protection 0 last-modified Tue, 19 Apr 2022 18:51:55 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 01 Feb 2024 05:00:54 GMT
GET H2	200	facets Show response api.hostaway.com/bookingEngines/booking.theexperientials.com/listing/	104 B 547 B	434ms 433ms	Fetch application/json	44.239.220.144 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.hostaway.com/bookingEngines/booking.theexperientials.com/listing/facets Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.239.220.144 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-239-220-144.us-west-2.compute.amazonaws.com Software nginx / Resource Hash b51d807dcff16ce38b1690df1616df0cbcd5b947281c68bdd7d284c7ebdddace Request headers Accept application/json Referer https://booking.theexperientials.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:04 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin https://booking.theexperientials.com access-control-allow-credentials true access-control-allow-headers X-Requested-With, Authorization, Content-Type, jwt, accountId, Content-Encoding, User-Agent, Cache-Control, Accept-Encoding, Cookie, Accept-Language, Accept, Accept-Charset, Content-Length, Content-MD5, From, Host, Referrer, Connection,
GET H2	200	130402 Show response api.hostaway.com/bookingEngines/booking.theexperientials.com/listings/	51 KB 8 KB	425ms 423ms	Fetch application/json	44.239.220.144 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.hostaway.com/bookingEngines/booking.theexperientials.com/listings/130402 Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.239.220.144 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-239-220-144.us-west-2.compute.amazonaws.com Software nginx / Resource Hash d055dbe421cc2ad5a632ba8cf7dc0db96c406d9ae9bfb0f0ae705ce3ce73fc71 Request headers Accept application/json Referer https://booking.theexperientials.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:04 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin https://booking.theexperientials.com access-control-allow-credentials true access-control-allow-headers X-Requested-With, Authorization, Content-Type, jwt, accountId, Content-Encoding, User-Agent, Cache-Control, Accept-Encoding, Cookie, Accept-Language, Accept, Accept-Charset, Content-Length, Content-MD5, From, Host, Referrer, Connection,
GET H2	200	130403 Show response api.hostaway.com/bookingEngines/booking.theexperientials.com/listings/	92 KB 14 KB	593ms 592ms	Fetch application/json	44.239.220.144 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.hostaway.com/bookingEngines/booking.theexperientials.com/listings/130403 Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.239.220.144 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-239-220-144.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 09868a40bdf39a3b05ffa7b4dbf7d1bad4d55704d76bbcb064def94c071528eb Request headers Accept application/json Referer https://booking.theexperientials.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:04 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin https://booking.theexperientials.com access-control-allow-credentials true access-control-allow-headers X-Requested-With, Authorization, Content-Type, jwt, accountId, Content-Encoding, User-Agent, Cache-Control, Accept-Encoding, Cookie, Accept-Language, Accept, Accept-Charset, Content-Length, Content-MD5, From, Host, Referrer, Connection,
GET H2	200	130404 Show response api.hostaway.com/bookingEngines/booking.theexperientials.com/listings/	79 KB 12 KB	487ms 486ms	Fetch application/json	44.239.220.144 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.hostaway.com/bookingEngines/booking.theexperientials.com/listings/130404 Requested by Host: d2q3n06xhbi0am.cloudfront.net URL: https://d2q3n06xhbi0am.cloudfront.net/bundle.js?1675253761 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.239.220.144 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-44-239-220-144.us-west-2.compute.amazonaws.com Software nginx / Resource Hash c81657491804d49110d412e470a9ff038e4fe95c342e85faccbd910f7b6bcd37 Request headers Accept application/json Referer https://booking.theexperientials.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Tue, 07 Feb 2023 19:22:04 GMT content-encoding gzip server nginx vary Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin https://booking.theexperientials.com access-control-allow-credentials true access-control-allow-headers X-Requested-With, Authorization, Content-Type, jwt, accountId, Content-Encoding, User-Agent, Cache-Control, Accept-Encoding, Cookie, Accept-Language, Accept, Accept-Charset, Content-Length, Content-MD5, From, Host, Referrer, Connection,
POST H2	204	collect region1.google-analytics.com/g/	0 54 B	26ms 18ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-DZF2BQ8W47&gtm=45je3260&_p=707685797&cid=2006602337.1675797722&ul=en-us&sr=1600x1200&uaW=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1675797721&sct=1&seg=0&dl=https%3A%2F%2Fbooking.theexperientials.com%2F&dt=Book%20your%20next%20experience%20with%20Experientials%20%7C%20San%20Diego%2C%20Scottsdale&en=scroll&epn.percent_scrolled=90&_et=7 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-DZF2BQ8W47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://booking.theexperientials.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Tue, 07 Feb 2023 19:22:06 GMT server Golfe2 content-type text/plain access-control-allow-origin https://booking.theexperientials.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange function| gtag object| dataLayer object| webpackChunkStripeJSouter function| noop function| Stripe object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| __REACT_ERROR_OVERLAY_GLOBAL_HOOK__ object| __SVG_SPRITE__

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.theexperientials.com/	1970-01-20 19:05:57	Name: _ga Value: GA1.1.2006602337.1675797722
			.theexperientials.com/	1970-01-20 19:05:57	Name: _ga_DZF2BQ8W47 Value: GS1.1.1675797721.1.0.1675797721.0.0.0
			m.stripe.com/	1970-01-20 19:05:57	Name: m Value: 2c412d02-3ed6-4841-8b56-5c26bc31df69491c0e
			.booking.theexperientials.com/	1970-01-20 18:15:33	Name: __stripe_mid Value: 55a9028b-8ae8-4035-a212-83217e7ff3a135045f
			.booking.theexperientials.com/	1970-01-20 09:29:59	Name: __stripe_sid Value: 5cf17ed2-c45d-4b87-8432-c8f607963d29f8062a

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=600

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hostaway.com
booking.theexperientials.com
bookingengine-production.s3.us-west-2.amazonaws.com
cdnjs.cloudflare.com
d2q3n06xhbi0am.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
hostaway-platform.s3.us-west-2.amazonaws.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com
region1.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
151.101.192.176
2001:4860:4802:32::36
2600:9000:20eb:800:19:7d10:bd80:93a1
2600:9000:211a:aa00:d:cb8c:3f80:21
2606:4700::6811:190e
2a00:1450:4001:800::2003
2a00:1450:4001:80b::2008
2a00:1450:4001:810::2003
2a00:1450:4001:830::200a
2a00:1450:400d:807::2004
34.209.12.98
44.239.220.144
52.218.228.169
52.92.149.242
54.187.119.242
54.70.111.180
09868a40bdf39a3b05ffa7b4dbf7d1bad4d55704d76bbcb064def94c071528eb
17811082013f7ce04e1ea11efd6ae21056e5675bba8e2c0e276edd3634ec04a0
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
5dcfd4162fce658436f07518787ce33fdc2d746aa6f5167d75935b7eac6299da
605e638aa8ae248b0d4da3b2ac6f3efefc29245363134f5ed09c96a98d20ab95
625097035b483863aaf4825721dc1ec894f51d935d46ca56a98ef67373a24783
648e77740152882778e1aa85655e0e8e730eca5f0f58545fbb110593d9693595
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
7100633cff808ec01559c4579130f2d6cef8d43e7f02c56d727ed33787d30fb9
719dd9d08854f73d2ff4b8bd2516a8d9f247b28fea167d18db7e8a689257ed2c
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
7726aaee96d3552493105c01aa6745e35daf6252746f5c835f019b44da79a1e1
a21249794e54c7fc6f006f5328e403fd147be8ea4dc708095ddd67626dd046fd
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
a993d3c9559f6f4f13c0d9254b4f214c458ed072c7a2805ec003d8d401fddf60
ae0e8e4f4c1e45ac12e7434687eeccd5ad69fad49c16c0be8f4d244dfe626a7f
b51d807dcff16ce38b1690df1616df0cbcd5b947281c68bdd7d284c7ebdddace
c77bc4d53339cc566d50d04ec24fde6618c3cba1db1d07fd2e8cd2e158d583ee
c81657491804d49110d412e470a9ff038e4fe95c342e85faccbd910f7b6bcd37
d055dbe421cc2ad5a632ba8cf7dc0db96c406d9ae9bfb0f0ae705ce3ce73fc71
d21f5fd9c41081517e8b777b1e260c4811831bb2ac8cd3686260fb34faa525d6
d39c9533d1f0b023baadb1f5d73554088bea128c2fbd8401d514cfcfbc2c2603
dcee2850d89cb0d48c9b900c2558b845aff9361f6411929b0f70ec01267927c5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
ee6c8b7e02b22d067b1f2dd862c95e9c8dd420450bff54f86d4f44745432b613
eed0187e8f56f965239f2232881ee4f3adee09ef935de6b9618fc03b3beac30a
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083