urlscan.io logo urlscan.io
SecurityTrails logo

www.bahn.de Open in urlscan Pro
104.109.90.218  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.bahnbonus.com/
Effective URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Submission: On August 12 via api from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 6 countries across 10 domains to perform 64 HTTP transactions. The main IP is 104.109.90.218, located in Netherlands and belongs to AKAMAI-ASN1, EU. The main domain is www.bahn.de.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 10th 2020. Valid for: a year.
This is the only time www.bahn.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.196.78.127 16509 (AMAZON-02)
35 104.109.90.218 20940 (AKAMAI-ASN1)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 52.207.49.197 14618 (AMAZON-AES)
1 104.108.58.15 16625 (AKAMAI-AS)
1 2.16.187.49 20940 (AKAMAI-ASN1)
1 104.108.68.187 16625 (AKAMAI-AS)
2 15.188.154.177 16509 (AMAZON-02)
2 81.200.197.91 34156 (BAHN-AS-BLN)
1 2 37.157.4.28 198622 (ADFORM)
2 37.157.5.71 198622 (ADFORM)
5 104.17.208.240 13335 (CLOUDFLAR...)
2 2600:9000:218... 16509 (AMAZON-02)
1 3 37.157.4.41 198622 (ADFORM)
3 104.109.92.47 20940 (AKAMAI-ASN1)
2 85.14.248.72 24961 (MYLOC-AS ...)
1 178.250.2.151 44788 (ASN-CRITE...)
2 3.225.183.105 14618 (AMAZON-AES)
64 17
1    18.196.78.127 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-78-127.eu-central-1.compute.amazonaws.com
www.bahnbonus.com
35    104.109.90.218 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-90-218.deploy.static.akamaitechnologies.com
www.bahn.de
1    2a02:26f0:6c00:19b::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
cdn.optimizely.com
1    52.207.49.197 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-49-197.compute-1.amazonaws.com
vis.optimizely.com
1    104.108.58.15 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-58-15.deploy.static.akamaitechnologies.com
cdn3.optimizely.com
1    2.16.187.49 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-187-49.deploy.static.akamaitechnologies.com
www.static-bahn.de
1    104.108.68.187 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-68-187.deploy.static.akamaitechnologies.com
a791773171.cdn.optimizely.com
2    15.188.154.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-154-177.eu-west-3.compute.amazonaws.com
st.bahn.de
2    81.200.197.91 (Germany)

ASN34156 (BAHN-AS-BLN, DE)
ps.bahn.de
2    37.157.4.28 (Denmark)

ASN198622 (ADFORM, DK)
dmp.adform.net
2    37.157.5.71 (Denmark)

ASN198622 (ADFORM, DK)
s2.adform.net
5    104.17.208.240 (United States)

ASN13335 (CLOUDFLARENET, US)
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
siteintercept.qualtrics.com
2    2600:9000:2182:4000:1e:7aca:b8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.m-pathy.com
3    37.157.4.41 (Denmark)

ASN198622 (ADFORM, DK)
a1.adform.net
3    104.109.92.47 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-92-47.deploy.static.akamaitechnologies.com
www.img-bahn.de
2    85.14.248.72 (Cologne, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
m.exactag.com
1    178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
sslwidget.criteo.com
2    3.225.183.105 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-183-105.compute-1.amazonaws.com
logx.optimizely.com
Domain Requested by
35 www.bahn.de www.bahn.de
4 siteintercept.qualtrics.com zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
3 www.img-bahn.de ps.bahn.de
3 a1.adform.net 1 redirects s2.adform.net
2 logx.optimizely.com cdn.optimizely.com
2 m.exactag.com www.bahn.de
m.exactag.com
2 cdn.m-pathy.com www.bahn.de
cdn.m-pathy.com
2 s2.adform.net www.bahn.de
2 dmp.adform.net 1 redirects s2.adform.net
2 ps.bahn.de www.bahn.de
www.img-bahn.de
2 st.bahn.de www.bahn.de
1 sslwidget.criteo.com www.bahn.de
1 zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com www.bahn.de
1 a791773171.cdn.optimizely.com cdn.optimizely.com
1 www.static-bahn.de www.bahn.de
1 cdn3.optimizely.com cdn.optimizely.com
1 vis.optimizely.com cdn.optimizely.com
1 cdn.optimizely.com www.bahn.de
1 www.bahnbonus.com 1 redirects
64 19
Subject Issuer Validity Valid
www.bahn.de
DigiCert SHA2 Extended Validation Server CA		 2020-01-10 -
2021-04-07		 a year crt.sh
cdn.optimizely.com
DigiCert SHA2 Secure Server CA		 2020-01-20 -
2021-03-20		 a year crt.sh
vis.optimizely.com
Amazon		 2020-05-26 -
2021-06-26		 a year crt.sh
*.optimizely.com
DigiCert SHA2 Secure Server CA		 2020-01-20 -
2021-03-20		 a year crt.sh
subsites.bahn.de
Let's Encrypt Authority X3		 2020-07-13 -
2020-10-11		 3 months crt.sh
*.cdn.optimizely.com
GeoTrust RSA CA 2018		 2020-03-05 -
2021-06-04		 a year crt.sh
st.bahn.de
DigiCert SHA2 High Assurance Server CA		 2020-03-02 -
2021-06-09		 a year crt.sh
ps.bahn.de
Let's Encrypt Authority X3		 2020-06-13 -
2020-09-11		 3 months crt.sh
track.adform.net
DigiCert SHA2 Secure Server CA		 2019-09-16 -
2021-09-20		 2 years crt.sh
*.qualtrics.com
DigiCert SHA2 Secure Server CA		 2018-10-08 -
2021-01-06		 2 years crt.sh
*.m-pathy.com
Amazon		 2020-01-28 -
2021-02-28		 a year crt.sh
www.img-bahn.de
DigiCert SHA2 Secure Server CA		 2020-02-19 -
2021-04-14		 a year crt.sh
*.exactag.com
Sectigo ECC Domain Validation Secure Server CA		 2019-08-28 -
2021-09-13		 2 years crt.sh
*.criteo.com
DigiCert ECC Secure Server CA		 2020-06-22 -
2020-09-20		 3 months crt.sh
logx.optimizely.com
DigiCert SHA2 High Assurance Server CA		 2018-10-01 -
2020-10-05		 2 years crt.sh

This page contains 6 frames:

Primary Page: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Frame ID: 7D38A56C30E3E787034A39BB62EBB607
Requests: 55 HTTP requests in this frame

Frame: https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html
Frame ID: 66A94C51434F3A9DF4FDC223A0FFA481
Requests: 1 HTTP requests in this frame

Frame: https://a791773171.cdn.optimizely.com/client_storage/a791773171.html
Frame ID: D96F89185B8A144D484E3CA14404DF11
Requests: 1 HTTP requests in this frame

Frame: https://ps.bahn.de/common/content/html/lmiframe.html
Frame ID: 80C67AD0F0ECDA4D6F4FFAD4CA43BB7C
Requests: 5 HTTP requests in this frame

Frame: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=ZK2E3bGPfIjl&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml%22%2C%22search%22%3A%22%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Content%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_bahncard_bahn-bonus%22%7D
Frame ID: 6CEA4591CCBB0BA32CA361CD15E0BAFF
Requests: 1 HTTP requests in this frame

Frame: https://m.exactag.com/px.aspx?id=907c63d75ab9479e82c7e936754554da
Frame ID: 20A6D8E3A996BC1A2721FA3DAB78F1AD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.bahnbonus.com/ HTTP 301
    https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /optimizely\.com.*\.js/i

Page Statistics

64
Requests

100 %
HTTPS

11 %
IPv6

10
Domains

19
Subdomains

17
IPs

6
Countries

1133 kB
Transfer

3360 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.bahnbonus.com/ HTTP 301
    https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40
  • https://dmp.adform.net/audiencetag/adformat.js HTTP 301
  • https://s2.adform.net/banners/scripts/audiencetag/adformat.js
Request Chain 44
  • https://a1.adform.net/serving/scripts/trackpoint/async/ HTTP 301
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js

64 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request bahn-bonus.shtml
www.bahn.de/p/view/bahncard/
Redirect Chain
  • http://www.bahnbonus.com/
  • https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
60 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
d57b6eb29bd6ebfc50ecc56f92da2404ddec3d3735843a888922695fc18b1216
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.bahn.de
:scheme
https
:path
/p/view/bahncard/bahn-bonus.shtml
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
content-type
text/html
server
AmazonS3
x-amz-id-2
uVW5+zfdp9mF9vaSemZ98q+NP6RKgtnBmrsd3lz5t53odhDDKnA0sNT/n8jG5qlglzO/ug3HDM0=
x-amz-request-id
6756B9A47CF0F2BC
last-modified
Mon, 10 Aug 2020 07:05:54 GMT
etag
"230433064e1a807de388edac17b8c10e"
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=600
date
Wed, 12 Aug 2020 05:04:22 GMT
content-length
11887
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload

Redirect headers

Date
Wed, 12 Aug 2020 05:04:22 GMT
Content-Type
text/html
Content-Length
162
Connection
keep-alive
Server
nginx
Location
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
portal.min.css
www.bahn.de/common/view/static/58afb948/responsive/css/ 		470 KB
98 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
0eeb1970197799a537566bf5554142fcf91a1b04368c735d6319ed35a2f53f15
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
573CBCC9A4C17FEB
status
200
vary
Accept-Encoding
content-length
99778
x-amz-id-2
q3Nuvba8Jj/T63QexUXzCEWpnMkTOM6wTG9z7DO1DUgxcnat+d87T6ctZetdgwxl7duK9B3SPvo=
last-modified
Mon, 10 Aug 2020 06:33:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"cd49343dce1d376767f5e6ecb4f62323"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/css
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
softlogin.min.js
www.bahn.de/common/view/static/58afb948/responsive/js/ 		63 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/js/softlogin.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
63901B64DE6581A4
status
200
vary
Accept-Encoding
content-length
18289
x-amz-id-2
CqBzB6YCLbVJQtkt4mKgn9i2FPbFPVgpP+yBHCMGTHa1bn2n+UtON0JZdm4fntzjbIqlR36g6J4=
last-modified
Mon, 10 Aug 2020 06:33:33 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"e05b454dfa1d1468d94e0f903a8099f6"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
8033263973.js
cdn.optimizely.com/js/ 		826 KB
181 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/8033263973.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:19b::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
be3d7932b9e8ee217ba76d818d92d5f5c423d43dd4216f303b8d6795e61e3665
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
mS25ylXDHvzviAnqd1IflOibBPbw3KQT
content-encoding
gzip
etag
"47db426d30df2ce6346b6649b673365b"
x-amz-request-id
617295ABB0E61744
status
200
x-amz-replication-status
COMPLETED
access-control-allow-methods
GET, HEAD
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:19b::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
vary
Accept-Encoding
content-length
183859
x-amz-id-2
WvgWx43FaFWcZ6O2bn0lKdQJn8c0EJ+z1ivD+18B0nnVuG/EaOA19U1G8+YchjOZYE0RQDWmDEE=
last-modified
Tue, 11 Aug 2020 13:55:45 GMT
server
AmazonS3
date
Wed, 12 Aug 2020 05:04:22 GMT
access-control-max-age
86400
strict-transport-security
max-age=15768000
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=1200
x-amz-meta-revision
16731
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
modernizr-2.8.3.min.js
www.bahn.de/common/view/static/58afb948/js/lib/modernizr/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/58afb948/js/lib/modernizr/modernizr-2.8.3.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
A3A7FDCD346DD0A5
status
200
vary
Accept-Encoding
content-length
4530
x-amz-id-2
YA/8GLKvCFSZmzqZt4KG0eAnduOUiHk5L54dFw1GE2YtorPbTi1zLJfSOQ+AlFMMHHzT1nDwPG0=
last-modified
Mon, 10 Aug 2020 06:33:29 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"e5e402607e45feccd78c4f49b96938c3"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
db_em_rgb_100px.svg
www.bahn.de/common/view/static/v8/img/ 		828 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/v8/img/db_em_rgb_100px.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
BP4XBYDT4Q7ZBPAM
status
200
vary
Accept-Encoding
content-length
480
x-amz-id-2
w6qpjWz2bYLBxffadFpOz09NMrgPBs8WUvCy6Jvfd7yZ/44B5iXGJkzLQC84F9bE8UwADZOomps=
last-modified
Sat, 19 May 2018 09:41:10 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"595cfbce732795e1d7cb8cbec1934345"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
mdb_272569_db_bb_bahn_de_startseite_980x300_rechts_980x300.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 		25 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_272569_db_bb_bahn_de_startseite_980x300_rechts_980x300.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
4716f0fbc0c1d2c5bcb2720fb31ffc421fabcfe87b68556d517f36e7012d3b57
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
last-modified
Fri, 05 Jun 2020 08:00:28 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
content-type
image/jpeg
status
200
cache-control
private, no-transform, max-age=1393997
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
25922
x-xss-protection
1; mode=block
expires
Fri, 28 Aug 2020 08:17:40 GMT
mdb_270609_db_bb_eingangsseite_700x214_205x103_cp_376x8_700x170.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_270609_db_bb_eingangsseite_700x214_205x103_cp_376x8_700x170.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
4c5c2c8d2f8dcecb839f09bfe73858a79110819f99ae072ff734bb207f3a6492
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
450
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=1393229
last-modified
Fri, 05 Jun 2020 08:00:27 GMT
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
5632
x-xss-protection
1; mode=block
server
Akamai Image Manager
expires
Fri, 28 Aug 2020 08:04:52 GMT
mdb_287721_teaser_bahnbonuscom_700x200px_205x102_cp_300x0_700x200.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/app/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/app/mdb_287721_teaser_bahnbonuscom_700x200px_205x102_cp_300x0_700x200.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
e2ed37914090bfe23f1c5a3657ab6d1d3c562072f65e6c2a3cf21ea3d866897e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 Jul 2020 08:06:37 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=1393432
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
3328
x-xss-protection
1; mode=block
expires
Fri, 28 Aug 2020 08:08:15 GMT
mdb_270605_db_bb_sammelseite_700x214_280x140_cp_329x16_700x201.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_270605_db_bb_sammelseite_700x214_280x140_cp_329x16_700x201.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
d5e3c1bb498c77b3fb33a9e03c9aaeff5b000b948996b70fff3bee838ec2b4c9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
1120
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=1393540
last-modified
Fri, 05 Jun 2020 08:00:27 GMT
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
5362
x-xss-protection
1; mode=block
server
Akamai Image Manager
expires
Fri, 28 Aug 2020 08:10:03 GMT
mdb_272569_db_bb_bahn_de_startseite_980x300_rechts_205x103_cp_15x0_615x300.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_272569_db_bb_bahn_de_startseite_980x300_rechts_205x103_cp_15x0_615x300.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
21afc32fb925345e3790465fca964aa27897a880ee886ce7bf911aeb0ec5a98a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
1981
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=1393093
last-modified
Fri, 05 Jun 2020 08:00:28 GMT
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
2952
x-xss-protection
1; mode=block
server
Akamai Image Manager
expires
Fri, 28 Aug 2020 08:02:36 GMT
mdb_214153_bc_kreditkarte_2016_4zu1_980x241_cp_0x0_1000x246.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/kreditkarte/2016/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/bahncard/kreditkarte/2016/mdb_214153_bc_kreditkarte_2016_4zu1_980x241_cp_0x0_1000x246.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
9d9017b927fcfdb9ec8aaf24b8d3588ec787b75989b59b66afab9865525083cc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
last-modified
Fri, 05 Jun 2020 08:00:26 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=1393772
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
38544
x-xss-protection
1; mode=block
expires
Fri, 28 Aug 2020 08:13:55 GMT
mdb_270907_db_bb_marketingteaser_980x300_v2_280x140_cp_380x0_980x300.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_270907_db_bb_marketingteaser_980x300_v2_280x140_cp_380x0_980x300.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
2ab4d9b65ee3153e62d1ce1fdf21a2f54d9d4e4967cfbbe638bd36ea277591ba
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
last-modified
Fri, 05 Jun 2020 07:59:50 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=1393040
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
5202
x-xss-protection
1; mode=block
expires
Fri, 28 Aug 2020 08:01:43 GMT
mdb_265203_bahn_bonus_copyright_205x103_cp_0x0_1000x500.jpg
www.bahn.de/p/view/mdb/bahnintern/bilder_shooting_bahncard/bahncard_bahnbonus/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/bilder_shooting_bahncard/bahncard_bahnbonus/mdb_265203_bahn_bonus_copyright_205x103_cp_0x0_1000x500.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
2b93b628cb7d0fbd5ba6d71bd449d36683503642c64e160c55e340e584a1d283
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
last-modified
Fri, 05 Jun 2020 08:00:26 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=1393730
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
10022
x-xss-protection
1; mode=block
expires
Fri, 28 Aug 2020 08:13:13 GMT
mdb_267110_vorteilswelt_280x140_cp_385x0_979x297.jpg
www.bahn.de/p/view/mdb/bahnintern/startseite/startseite2015/visuals/2018/01_januar/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/startseite/startseite2015/visuals/2018/01_januar/mdb_267110_vorteilswelt_280x140_cp_385x0_979x297.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
2bde90dfcbdac6aeb8d8fb26aae3cd10ad0186d7d78b81173b9b6c253e2c090d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
432
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=1393336
last-modified
Fri, 05 Jun 2020 08:00:27 GMT
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
7224
x-xss-protection
1; mode=block
server
Akamai Image Manager
expires
Fri, 28 Aug 2020 08:06:39 GMT
portal-index.min.js
www.bahn.de/common/view/static/58afb948/responsive/js/ 		323 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/js/portal-index.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
c73f83311b82836d1f247cdb6ed7d7132caa7d41a24edfa29ed342ec7143a62e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
87C402CEA12F272C
status
200
vary
Accept-Encoding
content-length
94604
x-amz-id-2
iXqVbESsI91ntTbswFhcnninkXedBzTPaBvT+ljS40yFvm2FrROe2gKnJw27PZeoBzWlh36O+EE=
last-modified
Mon, 10 Aug 2020 06:33:33 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"4d21ea9768ec8730d87f447509346a86"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
s_code.min.js
www.bahn.de/common/view/static/58afb948/js/lib/omniture/ 		111 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/58afb948/js/lib/omniture/s_code.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
9bd75d01213161905c0278231326126f5066ae7753e9b492b999417e0c2cfbef
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
72737B2D2B13D5FB
status
200
vary
Accept-Encoding
content-length
37926
x-amz-id-2
VhQRtiEp8UrledC42JTpgj75+0AGcL4aPinJC9eStvgG4hdQNGCrnTq331E024+QSUG8cuzNtew=
last-modified
Mon, 10 Aug 2020 06:33:29 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"c12f54903e3a0b802d70539124a34902"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
oeu1597208663004r0.25141648491285484
vis.optimizely.com/api/targeting/8033263973/8512265067/ 		1 KB
621 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vis.optimizely.com/api/targeting/8033263973/8512265067/oeu1597208663004r0.25141648491285484
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.49.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-49-197.compute-1.amazonaws.com
Software
nginx / Express
Resource Hash
c79794c138e5fbd4cd7f71ff73fdf314f170a6cccb08b4a9e7180f996f376b24

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 12 Aug 2020 05:04:23 GMT
Content-Encoding
gzip
ETag
W/"-1045647723"
Server
nginx
X-Powered-By
Express
Vary
Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
284
geo2.js
cdn3.optimizely.com/js/ 		290 B
697 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn3.optimizely.com/js/geo2.js
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.58.15 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-58-15.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
b14701931e145ec735d777345c0ece29b81ffcd16d3faa1157e66b203422b42a

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
Y1BKPK.c9lIaZx2uYj8JMWZye_vJfrh9
Server
AmazonS3
x-amz-request-id
58F91F709437393D
ETag
"adadfc5d7afd13e353d9d52cec1c7827"
Content-Type
application/javascript
Cache-Control
max-age=36958
Date
Wed, 12 Aug 2020 05:04:23 GMT
Connection
keep-alive
Content-Length
290
x-amz-id-2
Phn5k+QjLByfMD8t9FT8zSNZWClJ3+nxhXLTY5wx/QecmQtaAvbMffypFSTaQAElH17cGsDf1yg=
svg-sprites.svg
www.bahn.de/common/view/static/58afb948/responsive/img/ 		324 KB
88 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/img/svg-sprites.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
BFD6B3ECACAADF83
status
200
vary
Accept-Encoding
content-length
89114
x-amz-id-2
zVTUiBKVNMZVt2PN1CK7HVB4KmjTyrj5su6hrHvk9WKXKJeo2J2mLfh4ThvbAs8K8z6FeTIxHdU=
last-modified
Mon, 10 Aug 2020 06:33:33 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"5897c322752528b7f1b3c668589924bb"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
icon-s73bc5bf69c.png
www.bahn.de/common/view/static/58afb948/responsive/img/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/img/icon-s73bc5bf69c.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-amz-request-id
407160CD5E1072E3
status
200
content-length
54236
x-amz-id-2
C4WPa9vDH/4dW92IzEdymCtWNaWcUofCyhP5h3xzhBx6V6YTxAU6+o9QF17xYFAJkALxsu0RUXI=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"aeea28ca3930a6dcf8000d07b505436f"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
bg_nav_active_left.png
www.bahn.de/common/view/static/58afb948/responsive/img/ 		132 B
734 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/img/bg_nav_active_left.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a231b219fd33beeca8baa0abecbb684d31fe0d154a25a092510d607a38637ea8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-amz-request-id
74E49C05FBA6A3F9
status
200
content-length
132
x-amz-id-2
4W3SPABRzvgAnr1CC58kZpVi10NHwhmY79C3DQom6zOX0DT4XxdQgWLuK+6VKvT3dBc7wXju9ks=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"098d59e7f12383ee5f816b3ae8c12453"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
bg_nav_active_right.png
www.bahn.de/common/view/static/58afb948/responsive/img/ 		132 B
734 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/img/bg_nav_active_right.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e5e2c4c5288a46af5b587fe4b6ed5c881dfc8faaf4d76a08c5c2c5fcd74238b3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-amz-request-id
D08C34AB65390A3D
status
200
content-length
132
x-amz-id-2
jI8UlZBYgv/xO16cQCW4oSr9HUatZI0GUVw9qqx1IQAtawKj2qPtp4Kn1WBKtl+ipVfDdy82pR4=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"157df68f54b882b853b4d0efe4d1b688"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
logo-s56974c59c7.png
www.bahn.de/common/view/static/58afb948/responsive/img/ 		87 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/img/logo-s56974c59c7.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-amz-request-id
D162544BA1E73AF7
status
200
content-length
89271
x-amz-id-2
I9xK1p396WZ4+5ZThEvgoGlnMfv4nchZpl9j+WbV3PGx60hGXBYdNQyZ8nrZnH+qEGbhcAb6GBQ=
last-modified
Mon, 10 Aug 2020 06:33:32 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"16c145f3dc47144568268b324ce7d863"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
dbsan03-webfont.woff
www.bahn.de/common/view/static/58afb948/responsive/fonts/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/fonts/dbsan03-webfont.woff
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a39881eeb2cc948083b29f436b57600451670f1d10e390306af0693d2eb44f74
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Origin
https://www.bahn.de

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-amz-request-id
F267E3EBC2E54D77
status
200
content-length
48820
x-amz-id-2
/zDrxa/xOKYCCWE4dKR7vC7XZYtaNrKD/3FkevwOHglnwLP4HFTy30VUUVwNYYb9S8Yt3KbWGD8=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"ee22058781511177b60092028f12eea2"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
binary/octet-stream
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
db-icons.woff
www.bahn.de/common/view/static/58afb948/responsive/fonts/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/fonts/db-icons.woff?de5f8900bd1b6298cc0ca94466418537
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
09cd6e2e4909e4ec15b7ca38adbff5b37405b4347b1ce0d7b977aee46b005377
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Origin
https://www.bahn.de

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-amz-request-id
F0F875985E377712
status
200
content-length
29320
x-amz-id-2
Yvj6ABlI6EefDs7i8l05ADaxv6P5+wxVXC4q04sAlO4UA9FWLgD8TdOpukPy7SEJU8BTtBs2ixE=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"2ee679e77cd50b24e96de14b9e9f44fa"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
binary/octet-stream
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
dbsan06-webfont.woff
www.bahn.de/common/view/static/58afb948/responsive/fonts/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/fonts/dbsan06-webfont.woff
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
298669d559f331c5ac67d881d450cea831ca81576e88cb4663cc315dc91444c7
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Origin
https://www.bahn.de

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
x-content-type-options
nosniff
x-amz-request-id
6E2793C912DEF457
status
200
content-length
48880
x-amz-id-2
IsQ4RZe3cOx4ZXFf/270V6G5w3ISjgnOYmnF5DbyypJCQqYrN0Jtcu8zZ7DxroMf9XZuWZowJws=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"df5cd4cd4e41ddfaf7017f95765d6308"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
binary/octet-stream
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
skyscraper.html
www.static-bahn.de/media/view/mdb/media/w/skyscraper/ Frame 66A9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.187.49 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-187-49.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

:method
GET
:authority
www.static-bahn.de
:scheme
https
:path
/media/view/mdb/media/w/skyscraper/skyscraper.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml

Response headers

status
200
content-type
text/html
server
Apache
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
etag
"fe-59a0cafaa1e40"
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-length
186
cache-control
max-age=600
date
Wed, 12 Aug 2020 05:04:23 GMT
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
a791773171.html
a791773171.cdn.optimizely.com/client_storage/ Frame D96F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://a791773171.cdn.optimizely.com/client_storage/a791773171.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.108.68.187 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-68-187.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

:method
GET
:authority
a791773171.cdn.optimizely.com
:scheme
https
:path
/client_storage/a791773171.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml

Response headers

status
200
x-amz-id-2
3hOTkseG1lrD+82iiAAN06eHXTqFl031i8aC4B9pessZnt3qBta6DgYEKxrFgWybuUHZ0vSwrjo=
x-amz-request-id
B23DE530865CDAAB
x-amz-replication-status
COMPLETED
last-modified
Tue, 11 Aug 2020 15:28:34 GMT
etag
"3702f849e569d1e026868ac28473f8c0"
x-amz-meta-pci_enabled
False
content-encoding
gzip
x-amz-version-id
ntENUYfCtnsN_.DM9Sg_iFwQLlCwP5nn
accept-ranges
bytes
content-type
text/html; charset=utf-8
content-length
773
server
AmazonS3
vary
Accept-Encoding
cache-control
max-age=120
date
Wed, 12 Aug 2020 05:04:23 GMT
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="9";dur=0,cdnip;desc="104.108.68.187";dur=0,cdnmap;desc="a4343.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security
max-age=15768000
id
st.bahn.de/ 		48 B
482 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://st.bahn.de/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&mid=91008706040149796731809682172800298676&ts=1597208663192
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/js/lib/omniture/s_code.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.154.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-154-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
36bc1cdf97e6cdfc458991f7f83195d18d2b81b87867aa5e7e551107de513038
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Wed, 12 Aug 2020 05:04:22 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7447d85976-bgzkx
vary
Origin
x-c
master-1315.Ia06625.M0-426
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bahn.de
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
utag.js
www.bahn.de/media/view/tms/ 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
dd481714f00cbe6dced106a6acf686d6955b3e33886d6e36da84af48c7911e40
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
14477
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"cae1-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
getjson.pl
www.bahn.de/pbin/ 		104 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/pbin/getjson.pl?name=nav_p&callback=jQuery1110008765568938852564_1597208663176&_=1597208663177
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/js/portal-index.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
aa4705e33c03c8486182d66f1f29b768a21b24d4c95a0215af96e2f85b06968f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
max-age=180
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
content-length
15896
x-xss-protection
1; mode=block
Cookie set lmiframe.html
ps.bahn.de/common/content/html/ Frame 80C6 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ps.bahn.de/common/content/html/lmiframe.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/js/softlogin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
81.200.197.91 , Germany, ASN34156 (BAHN-AS-BLN, DE),
Reverse DNS
Software
Apache /
Resource Hash
a42b9362f2fe150b5cffcb26398b7bd45fd2e694756ada973e6646e820105508
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Host
ps.bahn.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
optimizelyEndUserId=oeu1597208663004r0.25141648491285484; AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg=-408604571%7CMCIDTS%7C18487%7CMCMID%7C91008706040149796731809682172800298676%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml

Response headers

Date
Wed, 12 Aug 2020 05:04:23 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
2209
Connection
keep-alive
Set-Cookie
AWSALB=BrS8JXq3xaguf+0+s/gHVIq9ZH0eV7422lq3GWuWoXR1wPim5Tqz7FfwGpVOgKQFKP6hNJjjhnW3g1zpUNILMBU1OpMDZQfP6qHFJD1jUhWEGVnXw5GdfY7J2bgg; Expires=Wed, 19 Aug 2020 05:04:23 GMT; Path=/ AWSALBCORS=BrS8JXq3xaguf+0+s/gHVIq9ZH0eV7422lq3GWuWoXR1wPim5Tqz7FfwGpVOgKQFKP6hNJjjhnW3g1zpUNILMBU1OpMDZQfP6qHFJD1jUhWEGVnXw5GdfY7J2bgg; Expires=Wed, 19 Aug 2020 05:04:23 GMT; Path=/; SameSite=None; Secure
Server
Apache
Last-Modified
Fri, 31 Jul 2020 22:35:45 GMT
Accept-Ranges
bytes
Strict-Transport-Security
max-age=16070400; includeSubDomains
utag.140.js
www.bahn.de/media/view/tms/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.140.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
66227fc364238ca273877dfbe23ba2c093031eb78c22eec7a67d41e03f7eddf3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
1366
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"a82-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.85.js
www.bahn.de/media/view/tms/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
463fb89d98e79b11dc5a730062c0c81b81454c2ab5be3b1575af45c9c34dfd26
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
1337
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"a5f-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.74.js
www.bahn.de/media/view/tms/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
df3269972a11c7faf8efe845fc3cbf842029d97d917e3e4fe6020260e776ec75
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
1134
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"8d2-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.138.js
www.bahn.de/media/view/tms/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.138.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8b3cec808989d41567109531d70a5c5afdfd4d08594be29a6fc328300f01eaeb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
1968
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"11fe-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.163.js
www.bahn.de/media/view/tms/ 		15 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.163.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3ec68785b9f903df013559cf1280ff816b0c3c527168791a1e7c1f3551583337
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
3634
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"3db7-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.160.js
www.bahn.de/media/view/tms/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.160.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d9ae25abc89c41af37dd531997af5e425b711e1661d1e6a3e66498b565f3ca6b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
4291
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"3e8f-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.159.js
www.bahn.de/media/view/tms/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.159.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
65cd533a76b7b1b930887d91c9d915d45fc3a2e274884f35123aeb123183ce41
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
3484
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"2a29-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
s91674672239624
st.bahn.de/b/ss/dbbahnprod/1/JS-2.20.0/ 		43 B
549 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://st.bahn.de/b/ss/dbbahnprod/1/JS-2.20.0/s91674672239624?AQB=1&ndh=1&pf=1&t=12%2F7%2F2020%207%3A4%3A23%203%20-120&mid=91008706040149796731809682172800298676&ce=UTF-8&ns=deutschebahn&cdp=2&pageName=BAHN_PVE_DEU_DE_bahncard_bahn-bonus&g=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml&c.&Rendering=Desktop&Orientierung=Landscape&page_info=0%7C0%2C0x0%2C0x0%2C0%2C&first_page_of_visit=true&load_time=4&.c&cc=EUR&ch=BAHN_PVE_DEU_DE&events=event45%2Cevent46&h1=PVE%3Ebahncard&c4=BAHN_PVE_DEU_DE&v4=BAHN_PVE_DEU_DE&c22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml&v22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml&c24=D%3DpageName&v24=D%3DpageName&c69=logout&v69=logout&v74=D%3DpageName&c75=D%3Dv75&v75=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&AQE=1
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.154.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-154-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:22 GMT
x-content-type-options
nosniff
x-c
master-1315.Ia06625.M0-426
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 13 Aug 2020 05:04:23 GMT
server
jag
xserver
anedge-7447d85976-xqrcr
etag
3429979486321737728-4614297423983824339
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 11 Aug 2020 05:04:23 GMT
adformat.js
s2.adform.net/banners/scripts/audiencetag/
Redirect Chain
  • https://dmp.adform.net/audiencetag/adformat.js
  • https://s2.adform.net/banners/scripts/audiencetag/adformat.js
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s2.adform.net/banners/scripts/audiencetag/adformat.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
1c540d0b0157c62f231f4787d5cef5ab466a790b2480bf1d7fa381b50ba16bd0

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
last-modified
Thu, 09 Jul 2020 13:08:55 GMT
server
nginx
etag
W/"5f0716e7-c6a"
x-cache-status
HIT
status
200
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript

Redirect headers

status
301
date
Wed, 12 Aug 2020 05:04:23 GMT
server
nginx
location
https://s2.adform.net/banners/scripts/audiencetag/adformat.js
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/html
/
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/ 		51 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml&t=1597208663405
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.46.202007280644
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5d170eb20eaf730083dd359268d5bd0dac93c3fad5510315e1e29b4632424ded
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
525798
cf-polished
origSize=53500
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
0482a72da20000fa181606e200000001
cf-bgj
minify
server
cloudflare
x-powered-by
Express
etag
W/"d0fc-uimkkh6aGgnVagR8t4rmdImK+Hw"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
cf-ray
5c17a7c2998cfa18-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
a2987.js
cdn.m-pathy.com/js/ 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.m-pathy.com/js/a2987.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.46.202007280644
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:4000:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
6f32435186ce1af6c992d73ffb615c10938ce79ebe1f7e7f023b844a466c1b66

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Origin
https://www.bahn.de

Response headers

date
Wed, 12 Aug 2020 04:25:00 GMT
content-encoding
gzip
age
2363
x-cache
Hit from cloudfront
status
200
content-length
6109
access-control-allow-origin
*
last-modified
Wed, 12 Aug 2020 04:19:24 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"57ba-5aca67e218be4-gzip"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 dc81a30f5f4fc309ae9445723779b894.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
NNuH9zVUyZHE36uA5vAbW-asc_1Mv5c9mW1sB24Hu5RX08Wp-0B0KQ==
expires
Wed, 12 Aug 2020 05:25:00 GMT
exactag.js
www.bahn.de/media/view/tms/js/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/js/exactag.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
5428
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"321a-59a0cafaa1e40"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
trackpoint-async.js
s2.adform.net/banners/scripts/st/
Redirect Chain
  • https://a1.adform.net/serving/scripts/trackpoint/async/
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js
78 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
49db29c192d6483c1a023d885acfd928678347cdec9c208d7f78a949c9cf3458

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
last-modified
Thu, 09 Jul 2020 12:15:04 GMT
server
nginx
etag
W/"5f070a48-13780"
x-cache-status
HIT
status
200
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript

Redirect headers

status
301
date
Wed, 12 Aug 2020 05:04:23 GMT
server
nginx
location
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/html
criteo.js
www.bahn.de/media/view/tms/js/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/js/criteo.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c0ef355534d040550952aac49f300f771c3dcc0d5cd99008015d9d59378bff44
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
5403
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"3802-59a0cafaa1e40"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
es6-promise.js
www.img-bahn.de/s3/prod/es//js/ Frame 80C6 		32 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.img-bahn.de/s3/prod/es//js/es6-promise.js
Requested by
Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.92.47 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-92-47.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708

Request headers

Referer
https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 12 Aug 2020 05:04:23 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Jul 2020 07:07:18 GMT
Server
AmazonS3
x-amz-request-id
54E359DB4AA9C0DE
ETag
"c833d9c873652af4a666772e9930b031"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6686
x-amz-id-2
itG9Wm0Zifyi3dd8ZGEHer9l8xTcc/T6FnWW/rUplB1RhII2RhHVnXa895CHwM9dNRjvFw3r8+E=
Expires
Wed, 12 Aug 2020 05:19:23 GMT
common.js
www.img-bahn.de/s3/prod/es//js/ Frame 80C6 		29 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.img-bahn.de/s3/prod/es//js/common.js
Requested by
Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.92.47 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-92-47.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2b79c36a7e8a9a7a94b717e60cb5a79976e7ac6c1b899aa02536ee460c9723fa

Request headers

Referer
https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 12 Aug 2020 05:04:23 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Jul 2020 07:07:17 GMT
Server
AmazonS3
x-amz-request-id
CF37B41762F9FFB1
ETag
"34057f636668a1f6f1d15a4de2bc090c"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5489
x-amz-id-2
L2BOWYnCJWF4xQ2c7aUmkUgC5A3a90NmlEi2eDNZhE7MBw7MLtCOZZyUYsUu8vTNQsNBETBTuxM=
Expires
Wed, 12 Aug 2020 05:19:23 GMT
softlogin.js
www.img-bahn.de/s3/prod/es//js/ Frame 80C6 		117 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.img-bahn.de/s3/prod/es//js/softlogin.js
Requested by
Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.92.47 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-92-47.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a8160cea3ba2e014812ec78ec43b763df6113778f33a59a2387753db538bfbf5

Request headers

Referer
https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 12 Aug 2020 05:04:23 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Jul 2020 07:07:18 GMT
Server
AmazonS3
x-amz-request-id
C11430D28EFDB314
ETag
"3ebf8ff5b6e21de20c8220a58d8889f1"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21165
x-amz-id-2
WzCVTzBunhlfq4YnD6mkCKQU6gX7TN739bekBdECblVJZmzwJyJwkVndCDs3/8HraDRIwbVEtNg=
Expires
Wed, 12 Aug 2020 05:19:23 GMT
pi.aspx
m.exactag.com/ Frame 6CEA 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=ZK2E3bGPfIjl&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml%22%2C%22search%22%3A%22%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Content%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_bahncard_bahn-bonus%22%7D
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/js/exactag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
85.14.248.72 Cologne, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
c17af0d9fa495c6c2ad1342c278a29931cc369a430a3470215757038bf3e175c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR", policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection
close
Pragma
no-cache
X-ET-Code
0
Last-Modified
Mi, 12 Aug 2020 05:04:23 GMT,Mi, 12 Aug 2020 05:04:23 GMT
Server
Microsoft-IIS/8.5
Date
Wed, 12 Aug 2020 05:04:22 GMT
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
X-ET-Camp
1053
Expires
-1
event
sslwidget.criteo.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sslwidget.criteo.com/event?a=16780&v=4.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh%26ui_db_page%3DBAHN_PVE_DEU_DE_bahncard_bahn-bonus&p2=e%3Ddis&adce=1
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/js/criteo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c2f93fbf0ae7befd0ea3fef64ee9fe1f8addea7c777e4bbe9fd7b862a3942e0e

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 05:04:22 GMT
content-encoding
gzip
server
Microsoft-IIS/10.0
timing-allow-origin
*
x-powered-by
ASP.NET
vary
Accept-Encoding
p3p
NON DSP COR CURa PSA PSD OUR BUS NAV STA
status
200
cache-control
no-cache
server-processing-duration-in-ticks
6957
content-type
application/x-javascript
content-length
863
expires
0
loader.js
cdn.m-pathy.com/modules/4.16-164/ 		43 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.m-pathy.com/modules/4.16-164/loader.js
Requested by
Host: cdn.m-pathy.com
URL: https://cdn.m-pathy.com/js/a2987.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2182:4000:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
f06f336560e920dc53969b0e1867da27449b77ffd3f0437b742614de56421062

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Origin
https://www.bahn.de

Response headers

date
Wed, 12 Aug 2020 04:25:27 GMT
content-encoding
gzip
age
2336
x-cache
Hit from cloudfront
status
200
content-length
15101
access-control-allow-origin
*
last-modified
Mon, 02 Mar 2020 12:42:50 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"acff-59fde8666e680-gzip"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 dc81a30f5f4fc309ae9445723779b894.cloudfront.net (CloudFront)
cache-control
max-age=2419200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
MWzSp41jzOOUI31oPfR2GZX7MJZ2KUFOBTo8FvmlgLvHeIUxtv2eHg==
expires
Wed, 09 Sep 2020 04:25:27 GMT
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		50 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0lxkzEthotizcTX&Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml&t=1597208663405
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ddf0094bb07ce7f9e15ef601907f2c4e21064b51d4a44c12322dd309551aadd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
https://www.bahn.de
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
5c17a7c2f9edfa18-AMS
vary
Accept-Encoding
cf-request-id
0482a72dd70000fa181606f200000001
Texte
ps.bahn.de/webservices/rest/resource/ Frame 80C6 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ps.bahn.de/webservices/rest/resource/Texte?r=51ea7d86
Requested by
Host: www.img-bahn.de
URL: https://www.img-bahn.de/s3/prod/es//js/softlogin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
81.200.197.91 , Germany, ASN34156 (BAHN-AS-BLN, DE),
Reverse DNS
Software
Apache /
Resource Hash
3d851e7348aca9b49ba8bf6d6fc6ac9f3b6722a0d9c28675d848f838f2779878
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Referer
https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 12 Aug 2020 05:04:23 GMT
Server
Apache
Connection
keep-alive
Content-Length
1333
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/json
px.aspx
m.exactag.com/ Frame 20A6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://m.exactag.com/px.aspx?id=907c63d75ab9479e82c7e936754554da
Requested by
Host: m.exactag.com
URL: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=ZK2E3bGPfIjl&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml%22%2C%22search%22%3A%22%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Content%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_bahncard_bahn-bonus%22%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
85.14.248.72 Cologne, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Host
m.exactag.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
exactag_new_gk=3f3cae1371234c8db473e7719ce61102%7c11.10.2020+05%3a04%3a23; exactag_new_uk=84a4a3213c3a489a9bcb2fb0f382846c%7c; session_session=0f6b6cc2153444818873bd0a; exactag_new_user=1053%7c2%7c0f6b6cc2153444818873bd0a%7c01.01.0001+00%3a00%3a00%7c12.08.2020+05%3a04%3a23%7c0f6b6cc2153444818873bd0a%7c68537%7c1753%7cFalse
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml

Response headers

Cache-Control
no-cache
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
-1
Server
Microsoft-IIS/8.5
X-ET-Code
0
X-ET-Camp
1053
Strict-Transport-Security
max-age=31536000
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Date
Wed, 12 Aug 2020 05:04:23 GMT
Connection
close
Transfer-Encoding
chunked
Content-Encoding
gzip
cookiesegments
dmp.adform.net/audiencetag/ 		2 B
236 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmp.adform.net/audiencetag/cookiesegments?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJBZGZvcm0uRE1QLkNsYWltczo6RGF0YVByb3ZpZGVycyI6IlsxMDU4MV0iLCJpc3MiOiJkbXAtYXBpLmFkZm9ybS5jb20iLCJhdWQiOiJhdWRpZW5jZV90YWdfY29uc3VtZXJfdjEiLCJleHAiOjE4NDY0NzkyOTksIm5iZiI6MTUzMTExOTIzOX0.FJQj3NEIHLPLagWbUeSDroGlMNqPApSp4JsfF5qhvxA
Requested by
Host: s2.adform.net
URL: https://s2.adform.net/banners/scripts/audiencetag/adformat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json
Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
server
nginx
status
200
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bahn.de
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
/
a1.adform.net/Serving/TrackPoint/ 		19 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a1.adform.net/Serving/TrackPoint/?pm=646062&ADFPageName=%7Bwww.bahn.de%7D%7C%7BBAHN_PVE_DEU_DE%7D%7C%7BBAHN_PVE_DEU_DE_bahncard_bahn-bonus%7D&ADFdivider=%7C&ord=961831843928&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&itm=eyJzdjkiOiJ7d3d3LmJhaG4uZGV9fHtCQUhOX1BWRV9ERVVfREV9fHtCQUhOX1BWRV9ERVVfREVfYmFobmNhcmRfYmFobi1ib251c30ifQ&loc=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml
Requested by
Host: s2.adform.net
URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.41 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
13e6313eb52dad030ba56e76f37ef7317f1d5999024f329dd36e79a23c5d12ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
server
nginx
status
200
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
8941
expires
-1
CoreModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		87 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml&t=1597208663405
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
695a90257ebaa0d4053d262d7da44710544c15d1f8da70080ac200fa7cacb1de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
526025
cf-polished
origSize=89652
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
0482a72e790000fa1816077200000001
last-modified
Wed, 29 Jul 2020 20:50:37 GMT
server
cloudflare
x-powered-by
Express
etag
W/"15e34-1739c575948"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c17a7c3fafcfa18-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
/
a1.adform.net/wpf/v2/Fla44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2ieQTNHkdn.MqgXK_Pmtd0SHp815LyjaY2.rINj.rINM6uJ6o6e0T.5yjaY1WMsiZRPrwX... 		169 B
632 B 		Script
General
Check archive.org
Download Go to
Full URL
https://a1.adform.net/wpf/v2/Fla44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2ieQTNHkdn.MqgXK_Pmtd0SHp815LyjaY2.rINj.rINM6uJ6o6e0T.5yjaY1WMsiZRPrwXC_JEkNgvlE4yy2XElgebiYMpztNKscKsoUs_43wuZPup_nH2t05oaYAhrcpMxE6DBUr5xj6Kkveara3g9Rk4xf7_OLgiPFMtrs1OeyjaY1vSiwujAUrtnf5jaY2ftckuyPBDjaY2.rINVQdg4Cq_K2p.07Dlf_i.uJtHoqvynx9MsFyxYM914Ve_clrJLy.25.eaDdlK69WK2iyKz14ydEl7pp0iJ3A0KFgBFY5BNlrAp5BNlVn_hs1Y5CCsGrilSHlF4XVA4.L9.gJ0Nc1lF1f4.90PgJ.e_elFCUC68mlFCUC68mlF1VLf4.90PgJ.huy..xo/serving/trackpoint/?pm=646062&ADFPageName=%7bwww.bahn.de%7d%7c%7bBAHN_PVE_DEU_DE%7d%7c%7bBAHN_PVE_DEU_DE_bahncard_bahn-bonus%7d&ADFdivider=%7c&ord=961831843928&Set1=en-US%7cen-US%7c1600x1200%7c24&ADFtpmode=2&itm=eyJzdjkiOiJ7d3d3LmJhaG4uZGV9fHtCQUhOX1BWRV9ERVVfREV9fHtCQUhOX1BWRV9ERVVfREVfYmFobmNhcmRfYmFobi1ib251c30ifQ&loc=https%3a%2f%2fwww.bahn.de%2fp%2fview%2fbahncard%2fbahn-bonus.shtml&catdt=0
Requested by
Host: s2.adform.net
URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.41 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
62acd2aca441d3c131188ed2714e574600b79eabdac626a79f5e4bb5353a640b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
gzip
server
nginx
status
200
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
226
expires
-1
12.0da2f5012e49e065e383.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		2 KB
877 B 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/12.0da2f5012e49e065e383.chunk.js?Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml&t=1597208663405
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
70bf6b2e8fbb9f31e314cc3ff4df9f34f453ada4d0bb7b4362591e30799c74de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
526025
cf-polished
origSize=2639
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
0482a72eb70000fa181607e200000001
last-modified
Wed, 29 Jul 2020 20:50:37 GMT
server
cloudflare
x-powered-by
Express
etag
W/"a4f-1739c575948"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c17a7c45b9bfa18-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
1.2d7df593a54f23d86743.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/1.2d7df593a54f23d86743.chunk.js?Q_CLIENTVERSION=1.31.3&Q_CLIENTTYPE=web
Requested by
Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml&t=1597208663405
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
6823a0f37f2714ae274b147668fe526449deda0d791f6f08505b6e71e21fe4a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 12 Aug 2020 05:04:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
526025
cf-polished
origSize=26960
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
0482a72eb80000fa181607f200000001
last-modified
Wed, 29 Jul 2020 20:50:37 GMT
server
cloudflare
x-powered-by
Express
etag
W/"6950-1739c575948"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c17a7c45b9ffa18-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
events
logx.optimizely.com/v1/ 		0
356 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.183.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-183-105.compute-1.amazonaws.com
Software
nginx/1.17.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 12 Aug 2020 05:04:24 GMT
Server
nginx/1.17.2
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Expose-Headers
X-Results-Data-Source
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-Request-Id
30b0e39f-d538-4694-9284-ceea55ded578
events
logx.optimizely.com/v1/ 		0
356 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.183.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-183-105.compute-1.amazonaws.com
Software
nginx/1.17.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bahn.de/p/view/bahncard/bahn-bonus.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 12 Aug 2020 05:04:25 GMT
Server
nginx/1.17.2
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Expose-Headers
X-Results-Data-Source
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-Request-Id
c5cf1ca3-96fd-4d90-a45c-2d5ad96940b6

Verdicts & Comments Add Verdict or Comment

138 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| DDTools object| digitalData object| bahn object| $jscomp object| de object| ES6Promise object| softlogin undefined| _ object| optimizely object| bahn_customer_id function| optimizely_url_contains function| optimizely_get_param function| optimizelyTracking object| html5 object| Modernizr number| browserWidth function| createSkyframe object| cid string| gFSUGGEST number| gFSuggestInstanceCounter object| gFSuggestInstances string| FSuggestVersion string| FSuggestLastMod object| FSuggestFilter function| FSuggest function| reinitializeFSuggest function| checkForMatches object| SLs function| checkHWAIUsage object| breakpoints function| BackToTop function| LanguageSelector function| TabNav function| Stage function| Tabs function| Folder function| TimeInput function| Datepicker function| Rangeslider function| FavIconMenu function| ProfileIconMenu function| ResponsiveImage function| ResponsiveLink function| QuickfinderReisendenauswahl function| Quickfinder function| QuickfinderAuskunft function| QuickfinderSparpreis function| QuickfinderPuenklichkeit function| LoginForm function| MainNav function| Carousel function| Dropdown function| Newsletter object| SCRAMBLE object| CMF function| $ function| jQuery boolean| bodySelect object| topCities function| Autocomplete object| Mustache string| view string| s_account string| trackingServer string| secureTrackingServer string| visitorNameSpace string| reportSuite function| e string| s_rsaccount object| s number| inHeadTS function| s_getLoadTime function| AppMeasurement_Module_Media function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq object| adobe function| Visitor object| s_c_il number| s_c_in number| s_loadT number| s_objectID number| s_giq function| getCookieValue function| getWebtrackingLoginStatus function| setOmnitureProperties object| utag_data object| jQuery1110008765568938852564 undefined| jQuery1110008765568938852564_1597208663176 object| cl object| selected_fields boolean| utag_condload undefined| items undefined| total undefined| qtys undefined| prices undefined| qty undefined| fulfillment undefined| product_parts undefined| product_item_parts undefined| product_name object| cart_item undefined| item undefined| verbindung undefined| reiseAbschnitt undefined| index undefined| r undefined| step object| utag boolean| __tealium_twc_switch function| ParseUserAgent object| gUtil object| s_Obj string| s_PPVid function| s_PPVevent number| s_PPVi number| s_PPVt string| max_initial_percent string| screen_res string| browser_dim number| pixel_dens string| device_ort object| s_i_dbbahnprod object| Mpathy object| exactag object| _adftrack object| criteo_q object| oldQueue boolean| mpathy_loaded object| QSI object| WAFQualtricsWebpackJsonP-cloud-1.31.3 object| Adform function| AdformAT object| KJUR object| adf object| _qsie object| fortyone

21 Cookies

Domain/Path Name / Value
m.exactag.com/ Name: exactag_new_user
Value: 1053%7c2%7c0f6b6cc2153444818873bd0a%7c01.01.0001+00%3a00%3a00%7c12.08.2020+05%3a04%3a23%7c0f6b6cc2153444818873bd0a%7c68537%7c1753%7cFalse
m.exactag.com/ Name: exactag_new_gk
Value: 3f3cae1371234c8db473e7719ce61102%7c11.10.2020+05%3a04%3a23
ps.bahn.de/ Name: AWSALBCORS
Value: +fGBDsg2ysPx4dBZVTSUB85EjKWnLUBXHyLx4iiCvIQ9deFEvo0FtwIq1xv488mCX/iHBg9uLPByjnAedRtRG9Ok/iAaGki6cGOx3YW9zXy+RAcXJJXhkGGP07sn
www.bahn.de/ Name: QSI_HistorySession
Value: https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Fbahn-bonus.shtml~1597208663662
.bahn.de/ Name: s_ppvl
Value: BAHN_PVE_DEU_DE_bahncard_bahn-bonus%2C56%2C56%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.bahn.de/ Name: et_gk
Value: 3f3cae1371234c8db473e7719ce61102|11.10.2020 05:04:23
.bahn.de/ Name: et_uk
Value: 84a4a3213c3a489a9bcb2fb0f382846c
m.exactag.com/ Name: session_session
Value: 0f6b6cc2153444818873bd0a
.bahn.de/ Name: mpt_cookieForErrSites
Value: 0|1598418263474
.bahn.de/ Name: mpt_followpage
Value: 0|1598418263474
.bahn.de/ Name: mpt_rate_comparator_3372
Value: 1.1885608793972269|1599800663468
.bahn.de/ Name: mpt_vid
Value: 159720866347672266|1660280663476
.bahn.de/ Name: utag_main
Value: v_id:0173e10e14ef0016e33e8bcd0ee900078003407000b08$_sn:1$_se:1$_ss:1$_st:1597210463280$ses_id:1597208663280%3Bexp-session$_pn:1%3Bexp-session$ls:undefined%3Bexp-session
.bahn.de/ Name: s_cc
Value: true
.bahn.de/ Name: sc_vis
Value: true
.bahn.de/ Name: s_ecid
Value: MCMID%7C91008706040149796731809682172800298676
.bahn.de/ Name: AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: -408604571%7CMCIDTS%7C18487%7CMCMID%7C91008706040149796731809682172800298676%7CMCAID%7CNONE%7CMCOPTOUT-1597215863s%7CNONE%7CvVersion%7C4.6.0
ps.bahn.de/ Name: AWSALB
Value: +fGBDsg2ysPx4dBZVTSUB85EjKWnLUBXHyLx4iiCvIQ9deFEvo0FtwIq1xv488mCX/iHBg9uLPByjnAedRtRG9Ok/iAaGki6cGOx3YW9zXy+RAcXJJXhkGGP07sn
.bahn.de/ Name: s_ppv
Value: BAHN_PVE_DEU_DE_bahncard_bahn-bonus%2C56%2C56%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.bahn.de/ Name: AMCVS_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 1
.bahn.de/ Name: optimizelyEndUserId
Value: oeu1597208663004r0.25141648491285484

32 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.optimizely.com/js/8033263973.js(Line 2733)
Message:
null
console-api log URL: https://cdn.optimizely.com/js/8033263973.js(Line 2733)
Message:
null - customerID should be set
console-api log URL: https://ps.bahn.de/common/content/html/lmiframe.html(Line 14)
Message:
IFr Begin
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
Constructing IframeMain
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[StateM] Reading IframeState from cache: null
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://ps.bahn.de/common/content/html/lmiframe.html(Line 40)
Message:
IFr End
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
Incoming message 'init'
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
init(https://www.bahn.de:443)
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] checkClientOrigin successsful.
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Examining cookies...
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[iLogic] slstat = null
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[iLogic] hlstat = null
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] LoginState is Anonymous
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Login state remains Anonymous .
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Checking whether resources need to be loaded eagerly.
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[StateM] Writing IframeState to cache: [object Object]
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
Incoming message 'load'
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
load(Texte)
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Connectivity is Connected
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Data is not in cache.
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] -> loading it from server.
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Ajax call load(Texte).
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
Processing AJAX response for load(Texte)
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[iLogic] response = [object Object]
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[Cache] Wrote Texte to cache (storage): {"login.hardlogin.logout.value":"Logout","meinestrecken.speichern.keine":"Um Strecken zu speichern, geben Sie in den Feldern \"Von\" und \"Nach\" eine Verbindung ein.","login.hardlogin.begruessung":"Sie sind angemeldet, {0} {1} {2}","meinestrecken.loeschen.tooltip":"Strecke löschen","login.hardlogin.logout.tooltip":"Logout","titel.3":"Prof. Dr.","titel.2":"Prof.","titel.1":"Dr.","titel.0":"","login.softlogin.begruessung":"Herzlich Willkommen, {0} {1} {2}!","meinestrecken.keine.anonym":"Sie haben keine Strecken gespeichert. Im Bereich Meine Bahn können Sie Ihre wichtigsten Strecken hinterlegen und hier abrufen.","meinestrecken.via":"Über","anrede.1":"Frau","login.softlogin.logout.link.tooltip":"Hier melden Sie sich von \"Angemeldet bleiben\" ab und verzichten auf persönliche Angebote und Services.","anrede.0":"Herr","meinestrecken.speichern.gespeichert":"Strecke gespeichert","login.softlogin.logout.link.text":"Abmelden","login.softlogin.logout.value":"Sie sind nicht {0} {1} {2}?","login.softlogin.logout.tooltip":"Durch diesen Klick löschen Sie Ihre Cookies zur Personalisierung auf bahn.de. Mehr Informationen erhalten Sie in unseren Datenschutzhinweisen.","meinestrecken.bearbeiten":"Bearbeiten","meinestrecken.speichern":"Strecke speichern","meinestrecken.speichern.max":"Strecke speichern (max. {0} Strecken)"}
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[StateM] Writing IframeState to cache: [object Object]
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1.adform.net
a791773171.cdn.optimizely.com
cdn.m-pathy.com
cdn.optimizely.com
cdn3.optimizely.com
dmp.adform.net
logx.optimizely.com
m.exactag.com
ps.bahn.de
s2.adform.net
siteintercept.qualtrics.com
sslwidget.criteo.com
st.bahn.de
vis.optimizely.com
www.bahn.de
www.bahnbonus.com
www.img-bahn.de
www.static-bahn.de
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
104.108.58.15
104.108.68.187
104.109.90.218
104.109.92.47
104.17.208.240
15.188.154.177
178.250.2.151
18.196.78.127
2.16.187.49
2600:9000:2182:4000:1e:7aca:b8c0:93a1
2a02:26f0:6c00:19b::13b8
3.225.183.105
37.157.4.28
37.157.4.41
37.157.5.71
52.207.49.197
81.200.197.91
85.14.248.72
09cd6e2e4909e4ec15b7ca38adbff5b37405b4347b1ce0d7b977aee46b005377
0eeb1970197799a537566bf5554142fcf91a1b04368c735d6319ed35a2f53f15
13e6313eb52dad030ba56e76f37ef7317f1d5999024f329dd36e79a23c5d12ca
1c540d0b0157c62f231f4787d5cef5ab466a790b2480bf1d7fa381b50ba16bd0
21afc32fb925345e3790465fca964aa27897a880ee886ce7bf911aeb0ec5a98a
26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931
298669d559f331c5ac67d881d450cea831ca81576e88cb4663cc315dc91444c7
2ab4d9b65ee3153e62d1ce1fdf21a2f54d9d4e4967cfbbe638bd36ea277591ba
2b79c36a7e8a9a7a94b717e60cb5a79976e7ac6c1b899aa02536ee460c9723fa
2b93b628cb7d0fbd5ba6d71bd449d36683503642c64e160c55e340e584a1d283
2bde90dfcbdac6aeb8d8fb26aae3cd10ad0186d7d78b81173b9b6c253e2c090d
2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1
36bc1cdf97e6cdfc458991f7f83195d18d2b81b87867aa5e7e551107de513038
3d851e7348aca9b49ba8bf6d6fc6ac9f3b6722a0d9c28675d848f838f2779878
3ec68785b9f903df013559cf1280ff816b0c3c527168791a1e7c1f3551583337
463fb89d98e79b11dc5a730062c0c81b81454c2ab5be3b1575af45c9c34dfd26
4716f0fbc0c1d2c5bcb2720fb31ffc421fabcfe87b68556d517f36e7012d3b57
49db29c192d6483c1a023d885acfd928678347cdec9c208d7f78a949c9cf3458
4c5c2c8d2f8dcecb839f09bfe73858a79110819f99ae072ff734bb207f3a6492
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e
5d170eb20eaf730083dd359268d5bd0dac93c3fad5510315e1e29b4632424ded
62acd2aca441d3c131188ed2714e574600b79eabdac626a79f5e4bb5353a640b
63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9
65cd533a76b7b1b930887d91c9d915d45fc3a2e274884f35123aeb123183ce41
66227fc364238ca273877dfbe23ba2c093031eb78c22eec7a67d41e03f7eddf3
6823a0f37f2714ae274b147668fe526449deda0d791f6f08505b6e71e21fe4a7
695a90257ebaa0d4053d262d7da44710544c15d1f8da70080ac200fa7cacb1de
6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722
6f32435186ce1af6c992d73ffb615c10938ce79ebe1f7e7f023b844a466c1b66
70bf6b2e8fbb9f31e314cc3ff4df9f34f453ada4d0bb7b4362591e30799c74de
7ddf0094bb07ce7f9e15ef601907f2c4e21064b51d4a44c12322dd309551aadd
82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708
8b3cec808989d41567109531d70a5c5afdfd4d08594be29a6fc328300f01eaeb
9bd75d01213161905c0278231326126f5066ae7753e9b492b999417e0c2cfbef
9d9017b927fcfdb9ec8aaf24b8d3588ec787b75989b59b66afab9865525083cc
a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a231b219fd33beeca8baa0abecbb684d31fe0d154a25a092510d607a38637ea8
a39881eeb2cc948083b29f436b57600451670f1d10e390306af0693d2eb44f74
a42b9362f2fe150b5cffcb26398b7bd45fd2e694756ada973e6646e820105508
a8160cea3ba2e014812ec78ec43b763df6113778f33a59a2387753db538bfbf5
aa4705e33c03c8486182d66f1f29b768a21b24d4c95a0215af96e2f85b06968f
b14701931e145ec735d777345c0ece29b81ffcd16d3faa1157e66b203422b42a
be3d7932b9e8ee217ba76d818d92d5f5c423d43dd4216f303b8d6795e61e3665
c0ef355534d040550952aac49f300f771c3dcc0d5cd99008015d9d59378bff44
c17af0d9fa495c6c2ad1342c278a29931cc369a430a3470215757038bf3e175c
c2f93fbf0ae7befd0ea3fef64ee9fe1f8addea7c777e4bbe9fd7b862a3942e0e
c73f83311b82836d1f247cdb6ed7d7132caa7d41a24edfa29ed342ec7143a62e
c79794c138e5fbd4cd7f71ff73fdf314f170a6cccb08b4a9e7180f996f376b24
d57b6eb29bd6ebfc50ecc56f92da2404ddec3d3735843a888922695fc18b1216
d5e3c1bb498c77b3fb33a9e03c9aaeff5b000b948996b70fff3bee838ec2b4c9
d9ae25abc89c41af37dd531997af5e425b711e1661d1e6a3e66498b565f3ca6b
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
dd481714f00cbe6dced106a6acf686d6955b3e33886d6e36da84af48c7911e40
df3269972a11c7faf8efe845fc3cbf842029d97d917e3e4fe6020260e776ec75
e2ed37914090bfe23f1c5a3657ab6d1d3c562072f65e6c2a3cf21ea3d866897e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e2c4c5288a46af5b587fe4b6ed5c881dfc8faaf4d76a08c5c2c5fcd74238b3
f06f336560e920dc53969b0e1867da27449b77ffd3f0437b742614de56421062