sorare.com Open in urlscan Pro
2606:4700::6812:11 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sorare.com/
Effective URL:
https://sorare.com/
Submission: On July 07 via manual (July 7th 2024, 6:42:14 pm UTC) from IE — Scanned from DE

Summary HTTP 51 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 3 domains to perform 51 HTTP transactions. The main IP is 2606:4700::6812:11, located in United States and belongs to CLOUDFLARENET, US. The main domain is sorare.com. The Cisco Umbrella rank of the primary domain is 182980.
TLS certificate: Issued by GTS CA 1P5 on June 3rd 2024. Valid for: 3 months.

This is the only time sorare.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
37	2606:4700::68... 2606:4700::6812:11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	151.101.2.217 151.101.2.217	54113 (FASTLY) (FASTLY)
5	3.212.128.202 3.212.128.202	14618 (AMAZON-AES) (AMAZON-AES)
3	2606:4700::68... 2606:4700::6812:111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.86.8.175 99.86.8.175	16509 (AMAZON-02) (AMAZON-02)
1	3.33.235.18 3.33.235.18	16509 (AMAZON-02) (AMAZON-02)
51	7

37 2606:4700::6812:11 (United States)

ASN13335 (CLOUDFLARENET, US)

sorare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.sorare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wallet.sorare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
frontend-assets.sorare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.2.217 (San Francisco, United States)

ASN54113 (FASTLY, US)

app.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.212.128.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-128-202.compute-1.amazonaws.com

events.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:111 (United States)

ASN13335 (CLOUDFLARENET, US)

frontend-assets.sorare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.sorare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.235.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa1ba9bef7b18c265.awsglobalaccelerator.com

clientstream.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	sorare.com sorare.com — Cisco Umbrella Rank: 182980 frontend-assets.sorare.com — Cisco Umbrella Rank: 576555 api.sorare.com — Cisco Umbrella Rank: 383472 wallet.sorare.com — Cisco Umbrella Rank: 593300	4 MB
10	launchdarkly.com app.launchdarkly.com — Cisco Umbrella Rank: 837 events.launchdarkly.com — Cisco Umbrella Rank: 905 clientstream.launchdarkly.com — Cisco Umbrella Rank: 879	5 KB
1	segment.com cdn.segment.com — Cisco Umbrella Rank: 2151	2 KB
51	3

	Domain	Requested by
30	sorare.com	sorare.com
5	wallet.sorare.com	sorare.com wallet.sorare.com
5	events.launchdarkly.com	sorare.com
4	app.launchdarkly.com	sorare.com
3	frontend-assets.sorare.com	sorare.com
2	api.sorare.com	sorare.com
1	clientstream.launchdarkly.com
1	cdn.segment.com	sorare.com
51	8

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
www.reddit.com
www.tiktok.com
twitter.com
www.facebook.com
facebook.com
www.instagram.com
discord.gg

Subject Issuer	Validity	Valid
sorare.com GTS CA 1P5	`2024-06-03` - `2024-09-01`	3 months	crt.sh
app.launchdarkly.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-04-04` - `2025-05-06`	a year	crt.sh
events.launchdarkly.com Amazon ECDSA 256 M03	`2024-05-22` - `2025-06-21`	a year	crt.sh
*.segment.com Amazon RSA 2048 M03	`2023-11-14` - `2024-12-13`	a year	crt.sh
clientstream.launchdarkly.com Amazon RSA 2048 M02	`2023-08-09` - `2024-09-05`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://sorare.com/
Frame ID: E435DBF62E4B5B400D0C35343F3FB657
Requests: 41 HTTP requests in this frame

Frame: https://wallet.sorare.com/?allowedOrigin=https%3A%2F%2Fsorare.com&forcedEnv=
Frame ID: 2604EA071DC8F0F38C49F481CC47C538
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Play Sorare Rivals Leagues for the upcoming European Championship. Be the best to play with Zidane • Sorare

Page URL History Show full URLs

http://sorare.com/ HTTP 307
https://sorare.com/ Page URL

Page Statistics

51
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

8
Subdomains

7
IPs

1
Countries

4348 kB
Transfer

8289 kB
Size

3
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.youtube.com/watch?v=kD8Z8T8-7kc
Title: Watch trailer

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/Sorare

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@Sorare

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@sorare

Search URL Search Domain Scan URL

URL: https://twitter.com/sorare
Title: @Sorare

Search URL Search Domain Scan URL

URL: https://twitter.com/SorareMLB
Title: @SorareMLB

Search URL Search Domain Scan URL

URL: https://twitter.com/SorareNBA
Title: @SorareNBA

Search URL Search Domain Scan URL

URL: https://twitter.com/SorareSupport
Title: @SorareSupport

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SorareHQ/
Title: @Sorare

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SorareMLB/
Title: @SorareMLB

Search URL Search Domain Scan URL

URL: https://facebook.com/SorareNBA
Title: @SorareNBA

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sorare
Title: @Sorare

Search URL Search Domain Scan URL

URL: https://www.instagram.com/soraremlb
Title: @SorareMLB

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sorarenba
Title: @SorareNBA

Search URL Search Domain Scan URL

URL: https://discord.gg/so5mlfooter
Title: Sorare Football

Search URL Search Domain Scan URL

URL: https://discord.gg/99BNrkTXZG
Title: Sorare MLB

Search URL Search Domain Scan URL

URL: https://discord.gg/STdWv5Dr79
Title: Sorare NBA

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sorare.com/ HTTP 307
https://sorare.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

51 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sorare.com/
Redirect Chain

http://sorare.com/
https://sorare.com/

18 KB
6 KB

271ms
76ms

Document
text/html

2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sorare.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26cc2aa1e324d2cfa151e34fd8b59dcdbf24214f4b3af3ea2d06e75aedbe10e5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age: 8
cache-control: public, max-age=60
cf-cache-status: HIT
cf-ray: 89f9f903e9d29012-FRA
content-encoding: br
content-security-policy: frame-ancestors 'self'
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-type: text/html
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 07 Jul 2024 18:42:08 GMT
document-policy: js-profiling
last-modified: Fri, 05 Jul 2024 21:19:06 GMT
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
x-amz-id-2: HohfFl01ak8AnPC1nyIb9lOlp7VSzLeW9d8TCX29EVeTJ31klTnSy382Z2SeksekB8XT+Hxnav8=
x-amz-request-id: Q12493Q7VAKV9M4M
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

Redirect headers

Location: https://sorare.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 index-KjGY6hBv.js Show response
sorare.com/assets/ 2 MB
418 KB 62ms
62ms Script
application/javascript 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sorare.com/assets/index-KjGY6hBv.js

Requested by

Host: sorare.com
URL: https://sorare.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63c598f16a42d3f64c5cbf54f41bff1a54b21452cab6a5248a6aa8be1ed961a0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:08 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 163381
x-amz-request-id: XGJBQW5D2X5848F7
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: hMgDvA9BFQQjxOzD/KuFowhIon+G8zRIu7e3RLx76xCxvGVvOx3mNTCeD6PI1V8Uyib/0sPI1FQ=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 05 Jul 2024 21:18:56 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"fd8a6efdce7b04bc0b62df8ec25f652c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f9047a819012-FRA

GET
H2 200 vendor-feXAIkf-.js Show response
sorare.com/assets/ 2 MB
572 KB 103ms
103ms Script
application/javascript 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sorare.com/assets/vendor-feXAIkf-.js

Requested by

Host: sorare.com
URL: https://sorare.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eafddaf474ce0d4ebd54aef3e26cba05b6366c40c522d350c9a0dcfc882b3a56

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:08 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 163335
x-amz-request-id: Q124X2EZH8NBXHHG
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: +8cI5bkvlKNz8vM9VGLbQwI0EafMf/v3EijlP/bLx1YyL97Gwe2JjuosnsrdsYwH9su6W9toTF0=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 05 Jul 2024 21:19:04 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"a53c6f8344f8246cb1a50bc50f0fdd6c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f9047a839012-FRA

GET
H2 200 index-mFIoTptG.css
sorare.com/assets/ 15 KB
5 KB 65ms
64ms Stylesheet
text/css 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sorare.com/assets/index-mFIoTptG.css

Requested by

Host: sorare.com
URL: https://sorare.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5985626fa42db79de0f25008e1f551ecc8750791fb4308b7837df650775548eb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:08 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 35023
x-amz-request-id: K1YVPNZNHR4TRG2R
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: PKD14T1sJ0sxsyElIyJG3J/WBmitHTcs24Q3+nK2BRkYovMra6UMF5C35pSIrY6C5KhpBpynDno=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 05 Jul 2024 08:57:50 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"63782e60092fe7999fd63ff7da652e34"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f9047a809012-FRA

OPTIONS
H2 200 615984517c98d925849c7de4
app.launchdarkly.com/sdk/goals/ Frame 0
0 131ms
37ms Preflight 151.101.2.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/615984517c98d925849c7de4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method: GET
Origin: https://sorare.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
age: 0
allow: GET, OPTIONS, HEAD
content-encoding: gzip
content-length: 23
date: Sun, 07 Jul 2024 18:42:09 GMT
ld-region: us-east-1
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 2
x-served-by: cache-fra-etou8220090-FRA
x-timer: S1720377729.289555,VS0,VE0

OPTIONS
H2 204 615984517c98d925849c7de4
events.launchdarkly.com/events/diagnostic/ Frame 0
0 350ms
115ms Preflight 3.212.128.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/diagnostic/615984517c98d925849c7de4

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.212.128.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-128-202.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method: POST
Origin: https://sorare.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-max-age: 300
date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 page-wmilnaYh.js Show response
sorare.com/assets/ 3 KB
2 KB 75ms
74ms Script
application/javascript 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sorare.com/assets/page-wmilnaYh.js

Requested by

Host: sorare.com
URL: https://sorare.com/assets/index-KjGY6hBv.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cad769a3072af1ebafa5b9b36e1fb64f609b05543670c5ba1d6dd4b5a233bc3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 163332
x-amz-request-id: 3F664P5568JKDVQ8
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: pGxSVG/EXp3ZzJr18RoHpEQJHnJw2YoaqzTi/KXwK/efPA1zm5oa9/57ujnnS5D0QeekuyJ84C8=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 05 Jul 2024 21:19:02 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"5565f42882f5dded9752b66202d7632f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f9076e979012-FRA

GET
H2 200 layout-RDMJ5y7i.js Show response
sorare.com/assets/ 19 KB
8 KB 71ms
71ms Script
application/javascript 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sorare.com/assets/layout-RDMJ5y7i.js

Requested by

Host: sorare.com
URL: https://sorare.com/assets/index-KjGY6hBv.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfbf86572dac1ed44636ba6b345f0336bc9b8b5ac1db206229ff3d427738b1da

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 163381
x-amz-request-id: MYSKDDQEKQDYAMCW
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: T7qvDfUidOVefnzDnLJy0+DOMNBXNdGC3g3zB0NPLWrHrngAXGpNYgwJE6pF6STz7+pkcHpjQ40=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 05 Jul 2024 21:18:58 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"ad64ce8bf39aff8aec41d6bf13a023d0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f9076e9b9012-FRA

OPTIONS
H2 200 eyJraW5kIjoidXNlciIsImtleSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9
app.launchdarkly.com/sdk/evalx/615984517c98d925849c7de4/contexts/ Frame 0
0 130ms
37ms Preflight 151.101.2.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/evalx/615984517c98d925849c7de4/contexts/eyJraW5kIjoidXNlciIsImtleSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method: GET
Origin: https://sorare.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
age: 0
allow: GET, OPTIONS, HEAD
content-encoding: gzip
content-length: 23
date: Sun, 07 Jul 2024 18:42:09 GMT
ld-region: us-east-1
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 3
x-served-by: cache-fra-etou8220090-FRA
x-timer: S1720377729.289649,VS0,VE0

GET
H2 200 en.json.gz Show response
frontend-assets.sorare.com/i18n/fd59273f265945d5d179c4669de063e434d2f1de/ 323 KB
89 KB 184ms
89ms Fetch
application/json 2606:4700::6812:111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frontend-assets.sorare.com/i18n/fd59273f265945d5d179c4669de063e434d2f1de/en.json.gz
Requested by: Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32a49b8cb178834097cecce2283adf695cefea3b08752cd38f342fee6f655034

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: MYSJJP9XP75MCXJR
age: 279
content-length: 90643
x-amz-id-2: v7SJ1nvpBqXJxliGAgTqO5yuu523E1eT6VwoMEy/2kJ8p1jULa2sZJCEh5WLx9nw7HhIyRduZmc=
last-modified: Fri, 05 Jul 2024 20:57:08 GMT
server: cloudflare
etag: "11cb1c44bff27cb43b63492fb24b3fed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 89f9f907fcfa972c-FRA
expires: Sun, 07 Jul 2024 18:47:09 GMT

GET
H2 200 615984517c98d925849c7de4 Show response
app.launchdarkly.com/sdk/goals/ 2 B
179 B 37ms
37ms XHR
application/json 151.101.2.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/615984517c98d925849c7de4

Requested by

Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
X-LaunchDarkly-User-Agent: JSClient/3.1.4
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer: https://sorare.com/
X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
via: 1.1 varnish
date: Sun, 07 Jul 2024 18:42:09 GMT
content-md5: d751713988987e9331980363e24189ce
age: 0
x-cache: HIT
content-length: 26
x-served-by: cache-fra-etou8220090-FRA
x-timer: S1720377729.327397,VS0,VE0
etag: "d751713988987e9331980363e24189ce"
ld-region: us-east-1
access-control-max-age: 300
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=0
vary: Accept-Encoding
accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
x-cache-hits: 5

POST
H2 202 615984517c98d925849c7de4 Show response
events.launchdarkly.com/events/diagnostic/ 0
358 B 115ms
115ms XHR
application/json 3.212.128.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/diagnostic/615984517c98d925849c7de4

Requested by

Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.212.128.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-128-202.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
X-LaunchDarkly-User-Agent: JSClient/3.1.4
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://sorare.com/
X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 300
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length: 0

GET
H2 200 eyJraW5kIjoidXNlciIsImtleSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9 Show response
app.launchdarkly.com/sdk/evalx/615984517c98d925849c7de4/contexts/ 20 KB
4 KB 38ms
38ms XHR
application/json 151.101.2.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/evalx/615984517c98d925849c7de4/contexts/eyJraW5kIjoidXNlciIsImtleSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9

Requested by

Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c333a80152ebc3774dd54c1ed7246552a2aef756135e794a76b1478dc0c3b7ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
X-LaunchDarkly-User-Agent: JSClient/3.1.4
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer: https://sorare.com/
X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
via: 1.1 varnish
date: Sun, 07 Jul 2024 18:42:09 GMT
age: 0
x-cache: HIT
content-length: 4237
x-served-by: cache-fra-etou8220090-FRA
x-timer: S1720377729.327519,VS0,VE0
etag: "763db"
ld-region: us-east-1
access-control-max-age: 300
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=0
vary: Accept-Encoding, Authorization
accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
x-cache-hits: 10

GET
H2 200 favicon.ico
sorare.com/ 15 KB
3 KB 70ms
70ms Other
image/vnd.microsoft.icon 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sorare.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41502f1a2e741d56b00118b5250fc05c751778ea048cb5f8aa30eb14c9f8eec1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 11102
x-amz-request-id: 2YRAA2NCJ69P0AGS
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: Fyqx+e6DYrMS++OWhLYZjVLtQoIAKhzV/iC09MMC36H6cN3QHF7RfJtVYq5NNFskMejSgGh/RAY=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Mar 2024 11:18:00 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"ec8c9ecb6f16a13d4bf6221b2dab2591"
vary: Accept-Encoding
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f9077eb79012-FRA

GET
H2 200 en.json.gz Show response
frontend-assets.sorare.com/i18n/fd59273f265945d5d179c4669de063e434d2f1de/ 323 KB
0 0ms
0ms Fetch
application/json 2606:4700::6812:111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frontend-assets.sorare.com/i18n/fd59273f265945d5d179c4669de063e434d2f1de/en.json.gz
Requested by: Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32a49b8cb178834097cecce2283adf695cefea3b08752cd38f342fee6f655034

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: MYSJJP9XP75MCXJR
age: 279
content-length: 90643
x-amz-id-2: v7SJ1nvpBqXJxliGAgTqO5yuu523E1eT6VwoMEy/2kJ8p1jULa2sZJCEh5WLx9nw7HhIyRduZmc=
last-modified: Fri, 05 Jul 2024 20:57:08 GMT
server: cloudflare
etag: "11cb1c44bff27cb43b63492fb24b3fed"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 89f9f907fcfa972c-FRA
expires: Sun, 07 Jul 2024 18:47:09 GMT

GET
H2 200 integrations Show response
cdn.segment.com/v1/projects/YDmtUKdBxd4Lx8lxgRU2KR0BXmoSNPnz/ 4 KB
2 KB 143ms
39ms Fetch
application/json 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/YDmtUKdBxd4Lx8lxgRU2KR0BXmoSNPnz/integrations
Requested by: Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a4ce634e06013fd9d9d43c1ce7bcaa0eee7f37f502cbe84bed4c91c70749454

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 3hz9hETZ42F3wga2LPXidah0nyr9lZOh
content-encoding: gzip
via: 1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
date: Sun, 07 Jul 2024 16:45:15 GMT
x-amz-cf-pop: FRA6-C1
age: 7015
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 04 Jul 2024 12:42:05 GMT
server: AmazonS3
etag: W/"af057b91e713713879841fefb0c19231"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: u3exu5xj3ErKjRB-UG_vAlHsx6Bw7E6J3e89LYATsSoSNWJ0Uuvc9A==

GET
H2 200 eyJraW5kIjoidXNlciIsImtleSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9
clientstream.launchdarkly.com/eval/615984517c98d925849c7de4/ 20 KB
0 186ms
63ms EventSource
text/event-stream 3.33.235.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://clientstream.launchdarkly.com/eval/615984517c98d925849c7de4/eyJraW5kIjoidXNlciIsImtleSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.33.235.18 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

aa1ba9bef7b18c265.awsglobalaccelerator.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: text/event-stream
Cache-Control: no-cache
Referer: https://sorare.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
ld-region: eu-west-1
access-control-max-age: 300
access-control-allow-methods: GET,OPTIONS
content-type: text/event-stream; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Cache-Control,X-Requested-With,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper

POST
H2 200 graphql Show response
api.sorare.com/federation/ 8 KB
4 KB 121ms
120ms XHR
application/json 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sorare.com/federation/graphql
Requested by: Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 270aa6475f487138163207359601d867a10c2b25b6080d0f5a384e3f860bb0c6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
accept-language: en-US
sorare-tab-version: 251420240707204209
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json, text/plain, */*, application/json
device_fingerprint: 0a35fcf863e32a869d22de0786945935,22380e680c7cbfdb9fb29a8ea1aaa2b9
Referer: https://sorare.com/
sorare-version: 20240705205933
sorare-build: fd59273f265945d5d179c4669de063e434d2f1de
baggage: sentry-environment=prod,sentry-release=fd59273f265945d5d179c4669de063e434d2f1de,sentry-public_key=6aa84363323647f78159a04b60f11ffe,sentry-trace_id=c51fb0f6cf804e6bb9471c29e0de0561,sentry-sample_rate=0.01,sentry-sampled=false
sentry-trace: c51fb0f6cf804e6bb9471c29e0de0561-addbd10ce71b8ce9-0
sorare-client: Web
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
content-encoding: gzip
x-envoy-decorator-operation: sofe.sorare.svc.cluster.local:4000/*
cf-cache-status: DYNAMIC
server: cloudflare
vary: origin
content-type: application/json
access-control-allow-origin: https://sorare.com
access-control-expose-headers: x-gql-complexity,x-gql-depth,x-gql-cross-subgraph-depth,x-gql-subgraphs,csrf-token
csrf-token: vkPL-pAN2UddIXdTDGM75MmNR58FyVKjDpQKq82jvwwm_r1fHJUgThUZyaTx6I6zTiMEZZUHo31peeF5FVEMdw
access-control-allow-credentials: true
x-envoy-upstream-service-time: 28
cf-ray: 89f9f909897e9012-FRA

OPTIONS
H2 200 graphql
api.sorare.com/federation/ Frame 0
0 123ms
112ms Preflight 2606:4700::6812:111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sorare.com/federation/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:111 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: baggage,content-type,device_fingerprint,sentry-trace,sorare-build,sorare-client,sorare-tab-version,sorare-version
Access-Control-Request-Method: POST
Origin: https://sorare.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: baggage,content-type,device_fingerprint,sentry-trace,sorare-build,sorare-client,sorare-tab-version,sorare-version
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://sorare.com
allow: GET,HEAD,POST
cf-cache-status: DYNAMIC
cf-ray: 89f9f908ce77972c-FRA
content-length: 0
date: Sun, 07 Jul 2024 18:42:09 GMT
server: cloudflare
x-envoy-decorator-operation: sofe.sorare.svc.cluster.local:4000/*
x-envoy-upstream-service-time: 0

GET
H2 200 / Show response
wallet.sorare.com/ Frame 2604 987 B
643 B 153ms
142ms Document
text/html 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wallet.sorare.com/?allowedOrigin=https%3A%2F%2Fsorare.com&forcedEnv=
Requested by: Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf422b97dc92f38c03a29b97d8f6635b89bcfb7a4f8473e7bbdc262d3689a9d5

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://sorare.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 3
cache-control: public, max-age=60
cf-cache-status: HIT
cf-ray: 89f9f90adb569012-FRA
content-encoding: br
content-type: text/html
date: Sun, 07 Jul 2024 18:42:09 GMT
last-modified: Wed, 03 Jul 2024 16:02:09 GMT
server: cloudflare
vary: Accept-Encoding
x-amz-id-2: azmMtkBrGNU6yUCzTQ8OWq433QkGXbjIi/JXSC0EWdX3BKpL2yZWXxyg5Tuhu5XVd8vr0xkxceM=
x-amz-request-id: SYTDSB1Y6YPAFDN8

GET
H2 200 favicon-32x32.png
sorare.com/favicons/ 622 B
844 B 68ms
66ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/favicons/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dddd2504854f387175f1de13bd09950ff56d12223fccc46fb7c55e1aacd2b39d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 50751
x-amz-request-id: 1483TYFCPJDRCYAG
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 622
x-amz-id-2: i6W86Cj57HjdVuoakK0Fj1HHt7gpntDlTNceplHCM8p/b4f7SdxPrNdlhWDuDSEqiph25YuQ0L8=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 22 Mar 2024 17:02:02 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "b1c2b6ff699d5485edd85920ecadb53d"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90a9afc9012-FRA

GET
H2 200 favicon-32x32-dark.png
sorare.com/favicons/ 1 KB
1 KB 97ms
95ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/favicons/favicon-32x32-dark.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebbeb1b61274798f46067ee87314191d5ac56c2ff3f8c0c4b6c87530637bb474

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 170250
x-amz-request-id: GEY7CWD5XZ78DPGY
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 1067
x-amz-id-2: EUL12PpUcv5rRY6Ew+u/Cki/1h9eVbJDHup2HR6KUOW9eSymjERdjPKt/BjObhy+JIl8li9uosk=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Mar 2024 17:04:32 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "c039e94af168b28846e0b29458d73a50"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90a9afe9012-FRA

GET
H2 200 favicon-16x16.png
sorare.com/favicons/ 377 B
584 B 70ms
68ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/favicons/favicon-16x16.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27f95d36dcc2eb4c640946720cb03cb127458f2df4d9b70c28b0b88a946fb101

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 11185
x-amz-request-id: 2YR2E232NJ33FYTS
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 377
x-amz-id-2: k/fn4MX766/zWGoqGd3vKsd+C0vyZzU9JZTCs3RUnjhhs8FsIrhKKErWZCMQsBBRIIbqEUsVTV4=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Mar 2024 11:18:01 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "d2846bd2b3a9ac85d0e8aea161ec5bd0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90a9aff9012-FRA

GET
H2 200 favicon-16x16-dark.png
sorare.com/favicons/ 705 B
2 KB 67ms
65ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/favicons/favicon-16x16-dark.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e7eebad9d7a6326c05b83a9ec8f3765ad150fcea45e65ed85eaceff8f20c4d0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 2351
x-amz-request-id: G4SC18G2Y8HYKSF7
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 705
x-amz-id-2: 9Py9ULVR0Q+9XScv5EnCDOnTOeTrvMo6qDWj34ZMwAXBsURsxNC6YIfvyyWf6y97wuBQAtB3VAE=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Mar 2024 17:04:32 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "8662885fe04b07dccbe9ff94ea3136f1"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90a9b039012-FRA

GET
H2 200 favicon.ico
sorare.com/ 15 KB
0 1ms
1ms Image
image/vnd.microsoft.icon 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41502f1a2e741d56b00118b5250fc05c751778ea048cb5f8aa30eb14c9f8eec1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
age: 11102
x-amz-request-id: 2YRAA2NCJ69P0AGS
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: Fyqx+e6DYrMS++OWhLYZjVLtQoIAKhzV/iC09MMC36H6cN3QHF7RfJtVYq5NNFskMejSgGh/RAY=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Mar 2024 11:18:00 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"ec8c9ecb6f16a13d4bf6221b2dab2591"
vary: Accept-Encoding
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f9077eb79012-FRA

GET
H2 200 favicon-dark.ico
sorare.com/ 15 KB
3 KB 82ms
80ms Image
image/vnd.microsoft.icon 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/favicon-dark.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7fde974322e56c43dc4374567de8c279829aab8e0a18a0e493515f769a015aa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Origin: https://sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 11132
x-amz-request-id: 2YR9XY1VQEB7NQR5
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: 9qM+910TcOkTqVwt6M5oFFQyL+yLJwRuy23xPlL97ec2ATEWI8XtC2XPYhG0S+qfbmyotyqXuZM=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Mar 2024 11:18:00 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"17b715caa09078310827f878c4c211d7"
vary: Accept-Encoding
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f90a9b049012-FRA

GET
H2 200 rivalsYellowIcon-fGSFSOD_.svg
sorare.com/assets/ 748 B
559 B 69ms
67ms Image
image/svg+xml 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/rivalsYellowIcon-fGSFSOD_.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c11bc9828d9bdb6cfc15312bd619709149d9d1f43c9ebe9f0ff8fa894da9882e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 133757
x-amz-request-id: V64GVFQG20AEPNVE
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: zV0y/EJVHZ02ymSHt8oPQa/uOffKrhYJgwZygnlPud/XNVNAbEdG5GKjwtsATOQWWJcVZm1+l74=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 21 Mar 2024 21:00:57 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"a37734c08e98695110f5cde9101d016f"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f90a9b069012-FRA

GET
H2 200 main-O_3X1MMw.svg
sorare.com/assets/ 3 KB
1 KB 70ms
69ms Image
image/svg+xml 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/main-O_3X1MMw.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa9d223ad6d87699d527c1b0b60e9b108385aa4f8e9e16c64289b23841c3c9a5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 171324
x-amz-request-id: FNQMGGAE7WTPBDGM
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: /+E/dnLSkx6OjMgS8k9yBX0K1BheudYVdeMvMgOitxP52H1XNL7KSHRhaQrpHIDk/TJ0fCR21ZU=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 11 Jun 2024 17:07:37 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"aafef9aee1c5fde646456c44e409c71a"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f90a9b079012-FRA

GET
H2 200 nba-1AVs3Mwj.svg
sorare.com/assets/ 5 KB
4 KB 73ms
72ms Image
image/svg+xml 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/nba-1AVs3Mwj.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b28653acdf549506812cb41cda6e278b925034e71cb7049645c878455d9099d4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 6810
x-amz-request-id: 8B3S6C72M5B8YSMN
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: FNWBzSW5VrhSkYhBpTexAi6CSu3jR4cmP2uT3CL3NPswJB/PBvvHiy/OudGn5XtkEWsOY4aeZx4=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Mar 2024 11:17:55 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"96e716bda88aa40d0fa1bbd0aba636ce"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f90a9b089012-FRA

GET
H2 200 mlb-mmRxrDMY.svg
sorare.com/assets/ 3 KB
2 KB 74ms
73ms Image
image/svg+xml 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/mlb-mmRxrDMY.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

002f6c312d0a1e688cbf702b897afd178c566c259676878df20652046558c2f6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 170190
x-amz-request-id: PX1QZNTWH95ZHHTQ
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: DTDZTXP3610lCmZ3ctnC3BTyM+UmWbLdUUZmz3Us9UnUI4JqvFPBxVsaQ9Hd1XZ1qrgQFMtGFEc=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Mar 2024 17:04:26 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"15fa3d2ae60e945afb2ea1e9e845f1b9"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f90a9b099012-FRA

GET
H2 200 poster-cCaluusp.jpg
sorare.com/assets/ 57 KB
57 KB 146ms
146ms Image
image/jpeg 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/poster-cCaluusp.jpg

Requested by

Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4333032f06330572066900ecbf4fd08e09a59e357efff9dbb8fe200893a0ae12

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 13341
x-amz-request-id: 49HV1865B3434541
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 58139
x-amz-id-2: l7fMwhpNKfFXtpdE8fQJckGUd2ZGr83YwMTa8lCLXkE0KNTHcneaTUmSqxkTdPW1Sis4rt4NVVs=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:32:03 GMT
cf-bgj: h2pri
cross-origin-opener-policy: same-origin-allow-popups
server: cloudflare
etag: "b5abb40290ca2210e28d5efa7a8cc7f3"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90adb549012-FRA

GET
H2 200 mobile-zidane-9Ud3zTuq.png
sorare.com/assets/ 167 KB
168 KB 142ms
141ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/mobile-zidane-9Ud3zTuq.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ca27db52bd742ea5f27c8505c847109f40e23bdb46ac3e176edc26d38e3f62e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 17154
x-amz-request-id: 86GPJS0KQ5Z13NVZ
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 171205
x-amz-id-2: m1bq2k71Dm+8TAiuUNBNYW0BNwxvtylcJ5kog34Kg/6zZWesMbQGK7DUG/cQlFbwQRrr7/NehBgv6d+6mFMONw==
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:14 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "df08c89bfbd87142c0f4853223d19fd9"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90adb589012-FRA

GET
H2 200 zz-A2rffA1M.png
sorare.com/assets/ 566 KB
567 KB 143ms
142ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/zz-A2rffA1M.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

013053e2de0fdc2a6f3cb493ef5968da30afe0c9cde16eb1824d122e839e6bed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 19092
x-amz-request-id: 86GVBVHTZXGVTSGK
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 579319
x-amz-id-2: +3qJpHP5gmpFKWg5b9dBdq9nwmQ6FBRiDZsCLxceZMFFxIPxMbbZTDjrVD93/9PDHm7Jld+XJkg=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:18 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "9fbefb24f692c807d4093bc59d360e4b"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90adb5a9012-FRA

GET
H2 200 field-3_X4wR70.svg
sorare.com/assets/ 1 KB
951 B 134ms
133ms Image
image/svg+xml 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/field-3_X4wR70.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f894746bb822db3388337d77ccdf6cd52bf4cdc71e0ea5dd0ef19b540364450f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 16244
x-amz-request-id: 86GQF7JRZJDRR5N0
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: WSsylwVei09KK4QFmZoHkhtBV77DwqIg3yYPmmBgvvPCJs0wNc56/f2scpVajaZ/jPaa7+vEtps=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:09 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"1d70505c47177008872f73b9c98cfaf0"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f90adb5b9012-FRA

GET
H2 200 fantasy-crFWIdCZ.png
sorare.com/assets/ 182 KB
182 KB 135ms
134ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/fantasy-crFWIdCZ.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66a9e1931b97444aaf9f9e8c8d7f45cc10098546f32ba0aa8c9b7ec4ae498187

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 18823
x-amz-request-id: A93A8NK3BJC40DT1
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 186170
x-amz-id-2: YXnYzZPYNETFBriKXxjHPDdi645Stso2jwIubrzmZvcO01FU4FBt5+HtzBDdrr2qpDt7d/hyXo4=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:09 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "4126b0824b41d8fae02adeb46bce3f84"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90adb5d9012-FRA

GET
H2 200 up-M_89oWUx.svg
sorare.com/assets/ 1 KB
851 B 137ms
136ms Image
image/svg+xml 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/up-M_89oWUx.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1905cda56bb39b1bbb5a147ff34dcabe6ac41d6b723ff54ff35e5e707f3e53eb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 17154
x-amz-request-id: 86GNE1ZAAZ682ZRN
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: 3H+IRj6WWfvpK4ejdcs6OBaW58WTonKWUpGhIeYUKfcjx2yQbdGctttiZ1kJvungrnjF9X2mtHY=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:18 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"dcbba4507dccc03db0cd9d68b779fd49"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f90adb5e9012-FRA

GET
H2 200 mobile-experience-GLUveB3o.png
sorare.com/assets/ 101 KB
101 KB 134ms
133ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/mobile-experience-GLUveB3o.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60ce6f6adbd9c94da6256a48ae51f8b2982a74380747af712c77b27227655c25

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 19209
x-amz-request-id: 86GV12VGM6XJ74JD
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 103274
x-amz-id-2: aM9mMIlnURIj/q6Jwgz9ePgxJ9cdt+WFSQScdcXxPoXdPnRsrOYnekdm5eF1FA1/jLkDTZ+HvDk=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:14 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "4b47090c130b7856adac9e2f8ab3f9fa"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90adb609012-FRA

GET
H2 200 mobile-coop-VT-_89i7.png
sorare.com/assets/ 59 KB
59 KB 141ms
141ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/mobile-coop-VT-_89i7.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c6445f19a4bac671005b91826b2abcf68cca1e5fafb22fe5a8f8e229b65c24c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 19092
x-amz-request-id: 86GZ0BPZVZ83BCPQ
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 60307
x-amz-id-2: glA+Mbw8soreLIvEQqvCh0dZ+VE7Nikgx8hVHUHcEmSHORIZTULzgIXNDLVALdtuy1NtgtB/n2c=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:13 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "a3102ca991e29fc46f95b825449b9b3f"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90adb619012-FRA

GET
H2 200 coop-akRw2hrO.png
sorare.com/assets/ 68 KB
69 KB 143ms
142ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/coop-akRw2hrO.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

106834eea9e013858e82c606a022c81991857cb739d2068d3202b5df2a6e250e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 18735
x-amz-request-id: A939JN5C2YQBA2K5
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 69793
x-amz-id-2: StPZlB9vlGMDRAhNCDZYvTSdgAAcxno0ZpghubtLfrmrufiVP77alE1ISFa2f3GFvX0qee12caQ=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:09 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "f6dfca38cc97294b993d02e707ccff78"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90adb629012-FRA

GET
H2 200 write-mSfnU71H.svg
sorare.com/assets/ 1 KB
2 KB 131ms
130ms Image
image/svg+xml 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/write-mSfnU71H.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b80ccba01fda98cd23f01ab1688a19a2a733af044877eff4071fed5ad550a868

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 18200
x-amz-request-id: 86GN60DYE9EM2S32
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: x9wzLJKp1SH+89+bLZPh4vYCaoOf2voxwqZ+F/0QmQ6AuzYy38GhE8gQs3afIf3dB0sbkxw0n1s=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:18 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"c3a4c7b4bfb8588666efe68794cc1688"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f90adb639012-FRA

GET
H2 200 lock-GYKBCI4e.svg
sorare.com/assets/ 1 KB
956 B 140ms
139ms Image
image/svg+xml 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/lock-GYKBCI4e.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c913e4f7c1bdc57863dbe2f7af610689c44bee88e7a8a11b4bfe93a18ac466b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 17154
x-amz-request-id: 86GWX88645XRF8S8
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
x-amz-id-2: +BrHX1VbpikjnwV1Nc4L/S6SfJfet8nw4klgLoAUSsr+P5hLYztlubhxvL71tXSwqUe2H9t7a38=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:13 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: W/"c89b95346cf44e23ed123fbe1fd91508"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 89f9f90adb649012-FRA

GET
H2 206 rivals_leagues-no_sound.mp4
frontend-assets.sorare.com/videos/ 1 MB
1 MB 86ms
86ms Media
video/mp4 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://frontend-assets.sorare.com/videos/rivals_leagues-no_sound.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c42823aa92c64e6af0257d34ee60557becc60f8b211c3caabf611ebb6cf46dcf

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer: https://sorare.com/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
cf-cache-status: HIT
last-modified: Thu, 30 May 2024 12:19:25 GMT
server: cloudflare
x-amz-request-id: XRY7H5B3P4ERQGJM
age: 891336
etag: "b251ced5e78bf4550489d95bd616da30"
vary: Accept-Encoding
content-type: video/mp4
Content-Range: bytes 0-1244644/1244645
cache-control: public, max-age=2678400
cf-ray: 89f9f90adb659012-FRA
Content-Length: 1244645
x-amz-id-2: RQCyA9bnoZOolkpch4diYTJhfmQXTm/MwPBkbWrRlI4CDDCnjM0TG+2xnHGiWjMD5w9o9estW6Y=
expires: Wed, 07 Aug 2024 18:42:09 GMT

GET
H2 200 footer-zMKneJ8A.png
sorare.com/assets/ 470 KB
472 KB 133ms
133ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sorare.com/assets/footer-zMKneJ8A.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92f95cf2d706c47014b55ddf8cf8a8183f84b6e1195e67f2b1e6309425e5054a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self'
age: 19521
x-amz-request-id: 86GK06J9ENJHWQ31
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 481607
x-amz-id-2: 3UHWYogbn71+/2r5tyqmWNbATnyWtKhFyptshHHV4HGi6zgnDVdPoV728c7VwEpARuGV9UyHYtI=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 May 2024 13:01:09 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "7e5be6121b644180d032655c5d8a2b41"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90adb679012-FRA

GET
H2 200 favicon-32x32.png
sorare.com/favicons/ 622 B
0 41ms
41ms Other
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sorare.com/favicons/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dddd2504854f387175f1de13bd09950ff56d12223fccc46fb7c55e1aacd2b39d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://sorare.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 50751
x-amz-request-id: 1483TYFCPJDRCYAG
document-policy: js-profiling
content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com *.checkout.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:;
content-length: 622
x-amz-id-2: i6W86Cj57HjdVuoakK0Fj1HHt7gpntDlTNceplHCM8p/b4f7SdxPrNdlhWDuDSEqiph25YuQ0L8=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 22 Mar 2024 17:02:02 GMT
server: cloudflare
cross-origin-opener-policy: same-origin-allow-popups
etag: "b1c2b6ff699d5485edd85920ecadb53d"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 89f9f90a9afc9012-FRA

GET
H2 200 index-XOlEw47f.js Show response
wallet.sorare.com/assets/ Frame 2604 89 KB
35 KB 86ms
83ms Script
application/javascript 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wallet.sorare.com/assets/index-XOlEw47f.js
Requested by: Host: wallet.sorare.com
URL: https://wallet.sorare.com/?allowedOrigin=https%3A%2F%2Fsorare.com&forcedEnv=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59daa6833932fbefe29876332264f9ab4f643c184082c6623172c017fe786ac8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://wallet.sorare.com/?allowedOrigin=https%3A%2F%2Fsorare.com&forcedEnv=
Origin: https://wallet.sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 31 May 2024 10:43:50 GMT
server: cloudflare
x-amz-request-id: WMFCQP4JN5PTGDTQ
age: 114562
etag: W/"c97ad9ae6710673e3f04ac07a2befd85"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
cf-ray: 89f9f90b8ca49012-FRA
x-amz-id-2: WlMPwStGOA3UAeiirfgEecb9U/ISSKVpbEzMDZZmff/jrdUH/KsobOk/85yVDIRJEDygPDQWkns=

GET
H2 200 vendor-xTZ5dja1.js Show response
wallet.sorare.com/assets/ Frame 2604 990 KB
276 KB 111ms
108ms Script
application/javascript 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wallet.sorare.com/assets/vendor-xTZ5dja1.js
Requested by: Host: wallet.sorare.com
URL: https://wallet.sorare.com/?allowedOrigin=https%3A%2F%2Fsorare.com&forcedEnv=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f4f8ef37142b9f013f62ffc6937b246fd621fa97d8692beb4244bc3ead0b40b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://wallet.sorare.com/?allowedOrigin=https%3A%2F%2Fsorare.com&forcedEnv=
Origin: https://wallet.sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jun 2024 17:07:46 GMT
server: cloudflare
x-amz-request-id: ZPSSST657BR0RSVB
age: 151719
etag: W/"aead24df1b32525c71a3ab80d6dc93d8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
cf-ray: 89f9f90b8ca69012-FRA
x-amz-id-2: 8ZObekfUPUlfzKnFQO+whTWeRzSss0l8ws3T8KavbmocpkFagozg2b/2+0Gr1QhXwerR1tj8tKw=

GET
H2 200 index-2xAMpI9E.css
wallet.sorare.com/assets/ Frame 2604 21 KB
5 KB 85ms
82ms Stylesheet
text/css 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wallet.sorare.com/assets/index-2xAMpI9E.css
Requested by: Host: wallet.sorare.com
URL: https://wallet.sorare.com/?allowedOrigin=https%3A%2F%2Fsorare.com&forcedEnv=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6a4969e9e92f02650b035f5e548351f99b2b5902665f03255789bdd03a734b9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://wallet.sorare.com/?allowedOrigin=https%3A%2F%2Fsorare.com&forcedEnv=
Origin: https://wallet.sorare.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:09 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 24 May 2024 16:11:41 GMT
server: cloudflare
x-amz-request-id: PQXW17VY1CBK1CT3
age: 8857
etag: W/"8396fd6784af0454fcdf2e8d48cc4e90"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=172800
cf-ray: 89f9f90b8c9e9012-FRA
x-amz-id-2: Fk2aN0hb3HPJCLn2SzyjIfvbR3HpSxts+qR+Hx8L2jci2RUOFRPzjyvZgoGjOfCFyxnDPLbkFrI=

GET
DATA 200
OK truncated
/ Frame 2604 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 442821cdd3bc4c65a727e1ab92e7fb5b5f4e995abe088980b23bc517c73977a2

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 apple-dxIcYgzh.png
wallet.sorare.com/assets/ Frame 2604 5 KB
6 KB 65ms
64ms Image
image/png 2606:4700::6812:11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wallet.sorare.com/assets/apple-dxIcYgzh.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db29ab82f47ce641bb98ee2e87cf1e12655549750ef0eeee514d1e6eb2acf9af

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://wallet.sorare.com/?allowedOrigin=https%3A%2F%2Fsorare.com&forcedEnv=
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:11 GMT
cf-cache-status: HIT
last-modified: Wed, 13 Mar 2024 17:04:35 GMT
server: cloudflare
x-amz-request-id: 6ZY5BWYNQ59H82SP
age: 169118
etag: "3005b080fbdcd76fe424e1562f31b7d7"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=172800
accept-ranges: bytes
cf-ray: 89f9f91328149012-FRA
content-length: 5581
x-amz-id-2: o5gxvo4WUOHvMd6Zd4+9i0WPm1JgLZqmMdxU8EZ7gHeV5Zn8YVFSD93fWzVj4+d7H5pC1Bki9Wo=

GET
DATA 200
OK truncated
/ Frame 2604 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2297bb19a1c13f3952acad238599be5f3ceb8fc3f7a7acc83d79c3c79db11615

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 204 615984517c98d925849c7de4
events.launchdarkly.com/events/bulk/ Frame 0
0 147ms
146ms Preflight 3.212.128.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/615984517c98d925849c7de4

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.212.128.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-128-202.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method: POST
Origin: https://sorare.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-max-age: 300
date: Sun, 07 Jul 2024 18:42:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 202 615984517c98d925849c7de4 Show response
events.launchdarkly.com/events/bulk/ 0
358 B 230ms
229ms XHR
application/json 3.212.128.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/615984517c98d925849c7de4

Requested by

Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.212.128.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-128-202.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-LaunchDarkly-Payload-ID: 9ef7c590-3c90-11ef-bd6c-8f0bfa3ae7d4
X-LaunchDarkly-Event-Schema: 4
Accept-Language: de-DE,de;q=0.9;q=0.9
X-LaunchDarkly-User-Agent: JSClient/3.1.4
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://sorare.com/
X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 300
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length: 0

POST
H2 202 615984517c98d925849c7de4 Show response
events.launchdarkly.com/events/bulk/ 0
358 B 116ms
116ms XHR
application/json 3.212.128.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/615984517c98d925849c7de4

Requested by

Host: sorare.com
URL: https://sorare.com/assets/vendor-feXAIkf-.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.212.128.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-212-128-202.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-LaunchDarkly-Payload-ID: a02919a0-3c90-11ef-bd6c-8f0bfa3ae7d4
X-LaunchDarkly-Event-Schema: 4
Accept-Language: de-DE,de;q=0.9;q=0.9
X-LaunchDarkly-User-Agent: JSClient/3.1.4
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://sorare.com/
X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 18:42:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 300
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length: 0

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sorare.com/	1970-01-20 21:52:59	Name: __cf_bm Value: Zk2ZgKkt24Z1Ah1IKSb.PmGCri9DLHXKW9cciZJWCag-1720377728-1.0.1.1-2KkAX7sOge_eFlIrl80lixWGJou9ahy0dyq4Mh4XpVLsS2pJx2EwjDcBRauVBs4XWc_GPqb_m3uBHPhnj2kRxA
.sorare.com/	1970-01-21 06:38:33	Name: _sorare_session_id Value: bSDKZazDjNxH%2BO%2Fj%2Fgj2qjs6YPu7b53asz0bRIojzHGLATvgYM6xtrpISxi%2FBDGx2d68%2Fq6t3vl2WyQDXK70tMYNc7RkRwKJrecLbkMpT6jL%2BoFYajTq1OoJfBAvEzY%2B8jfmauMljvq8pGMqQy7SJLZK8iyKHRko0XAAPy%2BBEuMQZc0jn30uQXTA%2B2gck5OnGXRcGawh%2Fo0NGcSL9I1%2FQ8LZeiQ1goPge8Va5rNOSnxbA0ixstNNAW%2BA1ykPseY5zt7vGBVZBBgMeaOrq8ivXNdlia8r%2Bp57Z8%2Fi7nTHaay%2Bo%2BvqIFzLjff4%2BURpN5rI--L8xj1fMTYGGZeKyf--gnVR1plrVUh%2BpEwlfnLQpw%3D%3D
.sorare.com/	1970-01-21 06:38:33	Name: csrftoken Value: vkPL-pAN2UddIXdTDGM75MmNR58FyVKjDpQKq82jvwwm_r1fHJUgThUZyaTx6I6zTiMEZZUHo31peeF5FVEMdw

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.sorare.com
app.launchdarkly.com
cdn.segment.com
clientstream.launchdarkly.com
events.launchdarkly.com
frontend-assets.sorare.com
sorare.com
wallet.sorare.com
151.101.2.217
2606:4700::6812:11
2606:4700::6812:111
3.212.128.202
3.33.235.18
99.86.8.175
002f6c312d0a1e688cbf702b897afd178c566c259676878df20652046558c2f6
013053e2de0fdc2a6f3cb493ef5968da30afe0c9cde16eb1824d122e839e6bed
106834eea9e013858e82c606a022c81991857cb739d2068d3202b5df2a6e250e
1905cda56bb39b1bbb5a147ff34dcabe6ac41d6b723ff54ff35e5e707f3e53eb
2297bb19a1c13f3952acad238599be5f3ceb8fc3f7a7acc83d79c3c79db11615
26cc2aa1e324d2cfa151e34fd8b59dcdbf24214f4b3af3ea2d06e75aedbe10e5
270aa6475f487138163207359601d867a10c2b25b6080d0f5a384e3f860bb0c6
27f95d36dcc2eb4c640946720cb03cb127458f2df4d9b70c28b0b88a946fb101
32a49b8cb178834097cecce2283adf695cefea3b08752cd38f342fee6f655034
3c6445f19a4bac671005b91826b2abcf68cca1e5fafb22fe5a8f8e229b65c24c
3e7eebad9d7a6326c05b83a9ec8f3765ad150fcea45e65ed85eaceff8f20c4d0
41502f1a2e741d56b00118b5250fc05c751778ea048cb5f8aa30eb14c9f8eec1
4333032f06330572066900ecbf4fd08e09a59e357efff9dbb8fe200893a0ae12
442821cdd3bc4c65a727e1ab92e7fb5b5f4e995abe088980b23bc517c73977a2
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5985626fa42db79de0f25008e1f551ecc8750791fb4308b7837df650775548eb
59daa6833932fbefe29876332264f9ab4f643c184082c6623172c017fe786ac8
5a4ce634e06013fd9d9d43c1ce7bcaa0eee7f37f502cbe84bed4c91c70749454
5f4f8ef37142b9f013f62ffc6937b246fd621fa97d8692beb4244bc3ead0b40b
60ce6f6adbd9c94da6256a48ae51f8b2982a74380747af712c77b27227655c25
63c598f16a42d3f64c5cbf54f41bff1a54b21452cab6a5248a6aa8be1ed961a0
66a9e1931b97444aaf9f9e8c8d7f45cc10098546f32ba0aa8c9b7ec4ae498187
7cad769a3072af1ebafa5b9b36e1fb64f609b05543670c5ba1d6dd4b5a233bc3
8ca27db52bd742ea5f27c8505c847109f40e23bdb46ac3e176edc26d38e3f62e
92f95cf2d706c47014b55ddf8cf8a8183f84b6e1195e67f2b1e6309425e5054a
aa9d223ad6d87699d527c1b0b60e9b108385aa4f8e9e16c64289b23841c3c9a5
b28653acdf549506812cb41cda6e278b925034e71cb7049645c878455d9099d4
b80ccba01fda98cd23f01ab1688a19a2a733af044877eff4071fed5ad550a868
c11bc9828d9bdb6cfc15312bd619709149d9d1f43c9ebe9f0ff8fa894da9882e
c333a80152ebc3774dd54c1ed7246552a2aef756135e794a76b1478dc0c3b7ce
c42823aa92c64e6af0257d34ee60557becc60f8b211c3caabf611ebb6cf46dcf
c6a4969e9e92f02650b035f5e548351f99b2b5902665f03255789bdd03a734b9
c913e4f7c1bdc57863dbe2f7af610689c44bee88e7a8a11b4bfe93a18ac466b0
cf422b97dc92f38c03a29b97d8f6635b89bcfb7a4f8473e7bbdc262d3689a9d5
db29ab82f47ce641bb98ee2e87cf1e12655549750ef0eeee514d1e6eb2acf9af
dddd2504854f387175f1de13bd09950ff56d12223fccc46fb7c55e1aacd2b39d
dfbf86572dac1ed44636ba6b345f0336bc9b8b5ac1db206229ff3d427738b1da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eafddaf474ce0d4ebd54aef3e26cba05b6366c40c522d350c9a0dcfc882b3a56
ebbeb1b61274798f46067ee87314191d5ac56c2ff3f8c0c4b6c87530637bb474
f7fde974322e56c43dc4374567de8c279829aab8e0a18a0e493515f769a015aa
f894746bb822db3388337d77ccdf6cd52bf4cdc71e0ea5dd0ef19b540364450f

sorare.com Open in urlscan Pro 2606:4700::6812:11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

51 Requests

100 %HTTPS

33 %IPv6

3 Domains

8 Subdomains

7 IPs

1 Countries

4348 kBTransfer

8289 kBSize

3 Cookies

17 Outgoing links

Page URL History

Redirected requests

51 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sorare.com Open in urlscan Pro
2606:4700::6812:11 Public Scan

Screenshot
Live screenshot

Full Image

51
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

8
Subdomains

7
IPs

1
Countries

4348 kB
Transfer

8289 kB
Size

3
Cookies

51 HTTP transactions
2 data transactions