urlscan.io logo urlscan.io
SecurityTrails logo

external.getcandidly.com Open in urlscan Pro
99.83.135.174  Public Scan

Go To Rescan Add Verdict Report
URL: https://external.getcandidly.com/
Submission: On April 30 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 3 countries across 12 domains to perform 63 HTTP transactions. The main IP is 99.83.135.174, located in United States and belongs to AMAZON-02, US. The main domain is external.getcandidly.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on January 23rd 2024. Valid for: a year.
This is the only time external.getcandidly.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
23 99.83.135.174 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 13.224.189.39 16509 (AMAZON-02)
1 13.33.187.112 16509 (AMAZON-02)
3 2600:9000:224... 16509 (AMAZON-02)
1 18.66.102.51 16509 (AMAZON-02)
1 75.2.100.71 16509 (AMAZON-02)
1 13.32.27.19 16509 (AMAZON-02)
7 18.244.18.6 16509 (AMAZON-02)
9 104.18.72.113 13335 (CLOUDFLAR...)
1 3.5.80.127 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
4 104.16.51.111 13335 (CLOUDFLAR...)
2 54.148.107.27 16509 (AMAZON-02)
1 34.120.195.249 396982 (GOOGLE-CL...)
63 15
23    99.83.135.174 (United States)

ASN16509 (AMAZON-02, US)
PTR: a80d8795874baa161.awsglobalaccelerator.com
external.getcandidly.com
api.getcandidly.com
4    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    13.224.189.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-39.fra2.r.cloudfront.net
js.iterable.com
1    13.33.187.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-112.fra60.r.cloudfront.net
cdn.plaid.com
3    2600:9000:2240:4e00:18:a6fe:c940:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.getcandidly.com
1    18.66.102.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-51.fra56.r.cloudfront.net
static.hotjar.com
1    75.2.100.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: a4140bfcc850c518e.awsglobalaccelerator.com
futurefuel.us1app.churnzero.net
1    13.32.27.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-19.fra56.r.cloudfront.net
script.hotjar.com
7    18.244.18.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-6.fra56.r.cloudfront.net
ufb6827o24.execute-api.us-west-2.amazonaws.com
9    104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)
static.zdassets.com
ekr.zdassets.com
1    3.5.80.127 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com
ff-cookie-test.s3-us-west-2.amazonaws.com
4    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
4    104.16.51.111 (None, )

ASN13335 (CLOUDFLARENET, US)
candidly.zendesk.com
2    54.148.107.27 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-107-27.us-west-2.compute.amazonaws.com
api2.amplitude.com
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o4504157511942144.ingest.sentry.io
Apex Domain
Subdomains		 Transfer
26 getcandidly.com
external.getcandidly.com
static.getcandidly.com
api.getcandidly.com
1 MB
9 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2198
ekr.zdassets.com — Cisco Umbrella Rank: 2568
222 KB
8 amazonaws.com
ufb6827o24.execute-api.us-west-2.amazonaws.com
ff-cookie-test.s3-us-west-2.amazonaws.com
2 KB
4 zendesk.com
candidly.zendesk.com
1 KB
4 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 362
191 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
320 KB
2 amplitude.com
api2.amplitude.com — Cisco Umbrella Rank: 1163
309 B
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 737
script.hotjar.com — Cisco Umbrella Rank: 933
59 KB
1 sentry.io
o4504157511942144.ingest.sentry.io
348 B
1 churnzero.net
futurefuel.us1app.churnzero.net
143 KB
1 plaid.com
cdn.plaid.com — Cisco Umbrella Rank: 14155
43 KB
1 iterable.com
js.iterable.com — Cisco Umbrella Rank: 71265
3 KB
63 12
Domain Requested by
16 external.getcandidly.com external.getcandidly.com
8 static.zdassets.com external.getcandidly.com
static.zdassets.com
7 api.getcandidly.com external.getcandidly.com
7 ufb6827o24.execute-api.us-west-2.amazonaws.com external.getcandidly.com
4 candidly.zendesk.com static.zdassets.com
4 maps.googleapis.com external.getcandidly.com
maps.googleapis.com
4 www.googletagmanager.com external.getcandidly.com
www.googletagmanager.com
3 static.getcandidly.com external.getcandidly.com
2 api2.amplitude.com external.getcandidly.com
1 o4504157511942144.ingest.sentry.io external.getcandidly.com
1 ekr.zdassets.com external.getcandidly.com
1 ff-cookie-test.s3-us-west-2.amazonaws.com external.getcandidly.com
1 script.hotjar.com static.hotjar.com
1 futurefuel.us1app.churnzero.net external.getcandidly.com
1 static.hotjar.com external.getcandidly.com
1 cdn.plaid.com external.getcandidly.com
1 js.iterable.com external.getcandidly.com
63 17

This site contains no links.

Subject Issuer Validity Valid
*.getcandidly.com
Amazon RSA 2048 M03		 2024-01-23 -
2025-02-21		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
iterable.com
Amazon RSA 2048 M03		 2024-03-23 -
2025-04-20		 a year crt.sh
secure.plaid.com
DigiCert EV RSA CA G2		 2024-03-12 -
2025-03-11		 a year crt.sh
static.getcandidly.com
Amazon RSA 2048 M02		 2023-09-14 -
2024-10-13		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M03		 2024-02-07 -
2025-03-08		 a year crt.sh
*.churnzero.net
Amazon RSA 2048 M03		 2024-04-16 -
2025-05-15		 a year crt.sh
*.execute-api.us-west-2.amazonaws.com
Amazon RSA 2048 M02		 2024-03-04 -
2025-04-01		 a year crt.sh
zdassets.com
E1		 2024-03-03 -
2024-06-01		 3 months crt.sh
*.s3-us-west-2.amazonaws.com
Amazon RSA 2048 M01		 2024-03-15 -
2025-02-15		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
candidly.zendesk.com
E1		 2024-03-26 -
2024-06-24		 3 months crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA		 2024-01-31 -
2025-03-02		 a year crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-02 -
2024-12-02		 a year crt.sh

This page contains 3 frames:

Primary Page: https://external.getcandidly.com/
Frame ID: 157C8A6EC061903E140B1CDAE9EF126E
Requests: 45 HTTP requests in this frame

Frame: https://ff-cookie-test.s3-us-west-2.amazonaws.com/index.html
Frame ID: 8C642BCBCD0E98A36C1E2048FF2A4530
Requests: 1 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Frame ID: 76AC32C8B7079B43C8231E1CDBAEECEA
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in | Candidly

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

63
Requests

100 %
HTTPS

20 %
IPv6

12
Domains

17
Subdomains

15
IPs

3
Countries

2089 kB
Transfer

5609 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

63 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
external.getcandidly.com/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
14495f5a844879b72642cc37c18ae66fcfa8f318549a6d09fd5c606d655f0bff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache
content-encoding
gzip
content-type
text/html
date
Tue, 30 Apr 2024 23:08:42 GMT
etag
W/"662f899b-ece"
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/ 		200 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-125630340-1
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4e052a9d95b98bf2c02bb9d78d2d6c866cb659652f7501521ced629521fae9f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73684
x-xss-protection
0
last-modified
Tue, 30 Apr 2024 21:16:50 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 30 Apr 2024 23:08:42 GMT
analytics.js
js.iterable.com/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.iterable.com/analytics.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-39.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1b07ff9cb3ee66f1f0e4c708320ea5d9d6487d1b15e022416d914e214df163aa

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 30 Apr 2024 02:12:58 GMT
Via
1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
Last-Modified
Fri, 18 Dec 2015 02:22:54 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA2-C1
Age
75345
ETag
"92ec746618875057f06112a34d2770a9"
X-Cache
Hit from cloudfront
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2281
X-Amz-Cf-Id
Ys29fOav87Qvqk_BZCv3rsD-ltZxTfLTAzcEvvBQht9qKFt6dIF-kw==
179.fb7520997134a34224ef.js
external.getcandidly.com/ 		2 MB
438 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/179.fb7520997134a34224ef.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
2fc74cecd5994db5867f26695d7297b8650b9d717c13be4093f09fd7ec9675de

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:42 GMT
content-encoding
gzip
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
W/"662f899b-180ef8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
link-initialize.js
cdn.plaid.com/link/v2/stable/ 		156 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-112.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb7bac8b018b0e7e340e87ba3a380a9bae03060d421ce9ad88b6d5e00ab1c317

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
FwERo1AI2WOjex90QJpaHItG2CfTjYTn
content-encoding
br
via
1.1 d818b372f81cbe23bb149df5877c444a.cloudfront.net (CloudFront)
date
Tue, 30 Apr 2024 22:45:21 GMT
x-amz-request-id
YCRXVV6NBSQXJFZ6
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
age
1402
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-id-2
PvTLLhJl3peMFhdJ1Nk+WbkD10O5SyCtclkWyywdjAWpWJHdfuP238mwIGIQmC0u7sBjnMcHVuo=
last-modified
Mon, 29 Apr 2024 16:26:12 GMT
server
AmazonS3
etag
W/"9c5cce7e74981396020112e0142543df"
vary
Accept-Encoding
content-type
text/javascript
cache-control
no-cache,must-revalidate,max-age=0
x-amz-cf-id
xdPfYqIbRKRisSprdiZNa6VCN2l3mnG6KcolsTMyvmFFPnjHpZ2oVQ==
key-widget.prod.js
static.getcandidly.com/ 		155 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.getcandidly.com/key-widget.prod.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:4e00:18:a6fe:c940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
382cf0662679804495179111aa0f9edc6d76fc7e19b11d4858a9962178e2048b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
sa2zny6hEvTGOQazFiMsv1.eDbyKMuzh
content-encoding
br
via
1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront)
date
Tue, 30 Apr 2024 22:14:22 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA60-P1
age
21726
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 29 Apr 2024 11:44:59 GMT
server
AmazonS3
etag
W/"6b545aa851303024fa8485ae823a2735"
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-amz-cf-id
yG1ZiBVh_w-fsi_OU7aUGq4Yn0HJWBwh1A1T78TrsxfdNCaJuoBj2w==
hotjar-1438401.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1438401.js?sv=6
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-51.fra56.r.cloudfront.net
Software
/
Resource Hash
f63b416bf7da6f1ba13118258ed336d47aa1c19d6e9c0624749e8e617a001338
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:42 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 3f3b012fad703fdac0f14efdb7b78b6e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/27d45ff33e79c9edc9c05a3de27ec48e
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
eC4ABumkL3PiIuYHRftPu_kihYmB32rAC4syyjHJ8QSyl2BHlFi12A==
churnzero.js
futurefuel.us1app.churnzero.net/ 		501 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://futurefuel.us1app.churnzero.net/churnzero.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
75.2.100.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a4140bfcc850c518e.awsglobalaccelerator.com
Software
/
Resource Hash
542db616813301a07600837c2a943b20f41063ae993ec5c6e38f253b38eac006

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:43 GMT
content-encoding
br
last-modified
Tue, 30 Apr 2024 16:35:42 GMT
etag
"1da9b1c711a517d"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=900, public
x-cz-server-id
148586 (3)
x-cz-request-id
ab2e777454ff46ddb8562f8332a343fe
accept-ranges
bytes
expires
Tue, 30 Apr 2024 23:23:43 GMT
js
www.googletagmanager.com/gtag/ 		253 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VVT7TNRZRB&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-125630340-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
22b136947cc9bdf4df9959e98860c85222e0dee4ab76b7721f4ce0ec7d0bb686
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91411
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 30 Apr 2024 23:08:42 GMT
js
www.googletagmanager.com/gtag/ 		229 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-925700628&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-125630340-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9659f1ab5275e5c81b141ea8595bad132224fefc90f7048ff975f93546594456
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83270
x-xss-protection
0
last-modified
Tue, 30 Apr 2024 21:16:50 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 30 Apr 2024 23:08:42 GMT
js
www.googletagmanager.com/gtag/ 		211 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-475656849&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-125630340-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e48cd34af41627d525798cd7228884079bc7e4fa4e4a161a263a2682656d87f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
78177
x-xss-protection
0
last-modified
Tue, 30 Apr 2024 21:16:50 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 30 Apr 2024 23:08:42 GMT
modules.ea82878fb17f83fbe8a6.js
script.hotjar.com/ 		221 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.ea82878fb17f83fbe8a6.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1438401.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-19.fra56.r.cloudfront.net
Software
/
Resource Hash
009c688b6b2b336eeffafab5ea0ae57b757e4d85c84d736d365f1ef76611d5cc
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 16:18:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 3acba66e95e31977aee0842f44a6f08e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
111036
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55730
last-modified
Mon, 29 Apr 2024 16:17:48 GMT
etag
"3609047e81f8808d481c085e4a20567a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
4k1zZGXnKQCMWDh0iKq2aRNkF94vcqL7yFOgPRSxXD3DIlHWsl6z4w==
prod
ufb6827o24.execute-api.us-west-2.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ufb6827o24.execute-api.us-west-2.amazonaws.com/prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.18.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-18-6.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://external.getcandidly.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Tue, 30 Apr 2024 23:08:43 GMT
via
1.1 de5feec87348dd5cbd158a449ae18d38.cloudfront.net (CloudFront)
x-amz-apigw-id
XD__ZGIBvHcEc5A=
x-amz-cf-id
qcCn52JTXGdmg4cyqaCQ1yswVkgaztPeynh0ymH09_0p7T09OAZ7aw==
x-amz-cf-pop
FRA56-P11
x-amzn-requestid
fb243800-3e4e-4fb9-85e7-d0d508b7c5b8
x-cache
Miss from cloudfront
snippet.js
static.zdassets.com/ekr/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/snippet.js?key=bde976ec-a141-4054-9272-0e6403d2d424
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:43 GMT
x-amz-version-id
sR7NItkX1i3nKckB5vEat7T2DUmPnRiJ
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
16EJPM9K30XP37FF
age
40
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
z1V/NuijnK7Md6R8xho26aVzAi5YWZpIy2l2KX04qLLf562XDGukX+pnpGWp4oLzz96OIYLMddM=
last-modified
Mon, 15 Jan 2024 02:56:11 GMT
server
cloudflare
etag
W/"c0053b411b753138af468db1bd3b19f3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xtA%2FU%2F0yzwqMMmHfy6O3FV3yU3qVNvx4W%2BvCKulIEltbQTIH%2F2ULqLs%2Btg%2BAoJcJgabF1AVJ42t2OTS%2FhZko7n4s6tVhwx7O5%2B%2FTByEkAA8mkH%2F4tDgIQWUPARQB7EjECYrtTiE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=3600, s-maxage=60
access-control-max-age
0
cf-ray
87cb32037e239740-FRA
access-control-allow-headers
*
prod
ufb6827o24.execute-api.us-west-2.amazonaws.com/ 		0
386 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ufb6827o24.execute-api.us-west-2.amazonaws.com/prod
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.18.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-18-6.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://external.getcandidly.com/
x-api-key
qma2P4cJCE7BgGmv0jiXf54jBB8ZUqk70zX7aTY0
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
via
1.1 de5feec87348dd5cbd158a449ae18d38.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P11
x-amzn-trace-id
Root=1-663179fc-09a7e14c5fe2b47905b764b7;Parent=7fcbcf9738ceeddc;Sampled=0;lineage=fe8b0e30:0
x-amzn-requestid
ed133525-c03c-499f-885b-87a93f580b4c
x-cache
Miss from cloudfront
access-control-allow-origin
*
access-control-allow-headers
*
x-amz-apigw-id
XD__dEYsvHcEamQ=
x-amz-cf-id
QqZNImFnmp11HJrnTogaP5kVAvU0HBV2Ui5_BH9AvtPyronJBLD2YQ==
index.html
ff-cookie-test.s3-us-west-2.amazonaws.com/ Frame 8C64 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ff-cookie-test.s3-us-west-2.amazonaws.com/index.html
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
3.5.80.127 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://external.getcandidly.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
Content-Length
228
Content-Type
text/html
Date
Tue, 30 Apr 2024 23:08:44 GMT
ETag
"ef96867e019f01c714861cf7a45f2e7b"
Last-Modified
Tue, 09 Nov 2021 16:53:57 GMT
Server
AmazonS3
x-amz-id-2
roe1yuUDCoKyCWlL9cbEXjcUy6YSi0kGKgajVD1ccyc2v/1IgKpBlLJAPQqyjv5/ekyqZDEz/5KT2MyZFSo7ug==
x-amz-request-id
KYRKKMKJPSWRYDPP
x-amz-server-side-encryption
AES256
resolve-url
api.getcandidly.com/api/1/auth/config/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.getcandidly.com/api/1/auth/config/resolve-url?url=https://external.getcandidly.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-appinstanceid
Access-Control-Request-Method
GET
Origin
https://external.getcandidly.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Api-Token, Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType, sentry-trace, baggage, X-appInstanceId, X-Xsrf-Token
access-control-allow-methods
POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-allow-origin
https://external.getcandidly.com
access-control-expose-headers
Content-Disposition, Authorization, X-Git-Commit-Hash
cache-control
no-cache, private no-transform
content-encoding
gzip
content-security-policy
frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
content-type
text/html; charset=UTF-8
date
Tue, 30 Apr 2024 23:08:43 GMT
feature-policy
geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';
permissions-policy
geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding Origin
x-content-type-options
nosniff
x-git-commit-hash
01ccd3e5622ed19375f86ed6c28ff656218482bb
x-xss-protection
1; mode=block
states
api.getcandidly.com/api/1/auth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.getcandidly.com/api/1/auth/states
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-appinstanceid
Access-Control-Request-Method
GET
Origin
https://external.getcandidly.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Api-Token, Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType, sentry-trace, baggage, X-appInstanceId, X-Xsrf-Token
access-control-allow-methods
POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-allow-origin
https://external.getcandidly.com
access-control-expose-headers
Content-Disposition, Authorization, X-Git-Commit-Hash
cache-control
no-cache, private no-transform
content-encoding
gzip
content-security-policy
frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
content-type
text/html; charset=UTF-8
date
Tue, 30 Apr 2024 23:08:43 GMT
feature-policy
geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';
permissions-policy
geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding Origin
x-content-type-options
nosniff
x-git-commit-hash
01ccd3e5622ed19375f86ed6c28ff656218482bb
x-xss-protection
1; mode=block
prod
ufb6827o24.execute-api.us-west-2.amazonaws.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ufb6827o24.execute-api.us-west-2.amazonaws.com/prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.18.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-18-6.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://external.getcandidly.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Tue, 30 Apr 2024 23:08:43 GMT
via
1.1 de5feec87348dd5cbd158a449ae18d38.cloudfront.net (CloudFront)
x-amz-apigw-id
XD__aF8gPHcEr1Q=
x-amz-cf-id
YVuHZg_u9SBdJrpq-BLv68v7DhvaD0SKyvGzc1-iLzSTxjKw9DnyLQ==
x-amz-cf-pop
FRA56-P11
x-amzn-requestid
65eead6c-a4e2-401e-81dc-7dbb39e54c0c
x-cache
Miss from cloudfront
resolve-url
api.getcandidly.com/api/1/auth/config/ 		21 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.getcandidly.com/api/1/auth/config/resolve-url?url=https://external.getcandidly.com
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
cbbf676d76b4d711a2d6b3e4527548615d4a7d6b29db15a8b3922d04cbe1a8b9
Security Headers
Name Value
Content-Security-Policy frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://external.getcandidly.com/
X-appInstanceId
0d06e974-32d3-45c7-84a5-c01d0eb5d09f
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
content-security-policy
frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
content-encoding
gzip
x-git-commit-hash
01ccd3e5622ed19375f86ed6c28ff656218482bb
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
vary
Accept-Encoding, Origin
x-ratelimit-remaining
198
content-type
application/json
access-control-allow-origin
https://external.getcandidly.com
access-control-allow-methods
POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers
Content-Disposition, Authorization, X-Git-Commit-Hash
cache-control
no-cache, private, no-transform
access-control-allow-credentials
true
feature-policy
geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';
permissions-policy
geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
x-ratelimit-limit
200
access-control-allow-headers
Api-Token, Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType, sentry-trace, baggage, X-appInstanceId, X-Xsrf-Token
states
api.getcandidly.com/api/1/auth/ 		768 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.getcandidly.com/api/1/auth/states
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
d6b8fa88d0581fdfb111d9f05b08ee3299ed45c9e0feec2e31724a9736ea5f2b
Security Headers
Name Value
Content-Security-Policy frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://external.getcandidly.com/
X-appInstanceId
0d06e974-32d3-45c7-84a5-c01d0eb5d09f
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
content-security-policy
frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
content-encoding
gzip
x-git-commit-hash
01ccd3e5622ed19375f86ed6c28ff656218482bb
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
vary
Accept-Encoding, Origin
x-ratelimit-remaining
199
content-type
application/json
access-control-allow-origin
https://external.getcandidly.com
access-control-allow-methods
POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers
Content-Disposition, Authorization, X-Git-Commit-Hash
cache-control
no-cache, private, no-transform
access-control-allow-credentials
true
feature-policy
geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';
permissions-policy
geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
x-ratelimit-limit
200
access-control-allow-headers
Api-Token, Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType, sentry-trace, baggage, X-appInstanceId, X-Xsrf-Token
prod
ufb6827o24.execute-api.us-west-2.amazonaws.com/ 		0
387 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ufb6827o24.execute-api.us-west-2.amazonaws.com/prod
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.18.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-18-6.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://external.getcandidly.com/
x-api-key
qma2P4cJCE7BgGmv0jiXf54jBB8ZUqk70zX7aTY0
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
via
1.1 de5feec87348dd5cbd158a449ae18d38.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P11
x-amzn-trace-id
Root=1-663179fc-54d71b6e3ad8f3333ea6cdfc;Parent=51f8726211a4bf15;Sampled=0;lineage=fe8b0e30:0
x-amzn-requestid
9c26eb2b-c78c-406e-a3eb-b58776596f2f
x-cache
Miss from cloudfront
access-control-allow-origin
*
access-control-allow-headers
*
x-amz-apigw-id
XD__gGVzPHcEeDg=
x-amz-cf-id
fYJBFGugTTb1-2Y6rqEdSmyGs-hQjQC7IOZUknjPYGQuxuGV-ipMkg==
js
maps.googleapis.com/maps/api/ 		243 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyB_KldQgq4PROFNftQPKbcEQVuLzBqiey0&libraries=places&callback=__jp0
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
39d5c41cb68f492af564afa3d2106392396e68ea76999196ee06629457ab985d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Accept-Language, Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
80741
x-xss-protection
0
bde976ec-a141-4054-9272-0e6403d2d424
ekr.zdassets.com/compose/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/bde976ec-a141-4054-9272-0e6403d2d424
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22fb8c70e8eaf405f1acb80519687fd455ebfd96d25e77077d0900efd22f4954
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
87c8fa773a368fa2-SEA, 87c8fa773a368fa2-SEA
x-runtime
0.004921
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"22fb8c70e8eaf405f1acb80519687fd4"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d5UHxK%2BNXt%2FWkzWv52dyjzLJ8F1yGdBBiFduqT8jF%2BjoXZ7iOa6ffWMOcwCVUFG0lFodoV2v8SB5xVB9Pw7a1bJV%2BKpLv2zHfGBmslVKHoyLL%2Ft8FrXl4DUIMT7iNbGtgXY%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
87cb3204186c9b82-FRA
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://external.getcandidly.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
check
api.getcandidly.com/api/1/auth/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.getcandidly.com/api/1/auth/check
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-appinstanceid
Access-Control-Request-Method
GET
Origin
https://external.getcandidly.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Api-Token, Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType, sentry-trace, baggage, X-appInstanceId, X-Xsrf-Token
access-control-allow-methods
POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-allow-origin
https://external.getcandidly.com
access-control-expose-headers
Content-Disposition, Authorization, X-Git-Commit-Hash
cache-control
no-cache, private no-transform
content-encoding
gzip
content-security-policy
frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
content-type
text/html; charset=UTF-8
date
Tue, 30 Apr 2024 23:08:44 GMT
feature-policy
geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';
permissions-policy
geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding Origin
x-content-type-options
nosniff
x-git-commit-hash
01ccd3e5622ed19375f86ed6c28ff656218482bb
x-xss-protection
1; mode=block
check
api.getcandidly.com/api/1/auth/ 		26 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.getcandidly.com/api/1/auth/check
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
7439e0ca1a61e9d085faed07623b44d3db192435d25a5eb59477147ccdf07216
Security Headers
Name Value
Content-Security-Policy frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://external.getcandidly.com/
X-appInstanceId
0d06e974-32d3-45c7-84a5-c01d0eb5d09f
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
content-security-policy
frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
x-git-commit-hash
01ccd3e5622ed19375f86ed6c28ff656218482bb
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-ratelimit-remaining
197
vary
Origin
content-type
application/json
access-control-allow-origin
https://external.getcandidly.com
access-control-allow-methods
POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers
Content-Disposition, Authorization, X-Git-Commit-Hash
cache-control
no-cache, private, no-transform
access-control-allow-credentials
true
feature-policy
geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';
permissions-policy
geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
x-ratelimit-limit
200
access-control-allow-headers
Api-Token, Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType, sentry-trace, baggage, X-appInstanceId, X-Xsrf-Token
web-widget-main-7bc1c0f.js
static.zdassets.com/web_widget/messenger/latest/ Frame 76AC 		450 KB
140 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=bde976ec-a141-4054-9272-0e6403d2d424
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f4c7b47fe2151a74a693533fd52c91d78ec03203027ee9a1210baa9e915b5fa
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
x-amz-version-id
FF8unFdBB4gI.67XhH2GhVTn74pudK_c
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
DKWG1E69PV39MED6
age
1682615
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
b4iFBmysrfVotSuHVYf858Tif60NDMsmlxIcV+9+imkbX/a3if2QgSpESGWXoHhfcj6Cw5wtguE=
last-modified
Mon, 08 Apr 2024 13:55:43 GMT
server
cloudflare
etag
W/"61166b9a0a776703db59d8fbffd8e621"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XWSr2fhyjVKtzAGD8maxEbBZVDopv6%2FUDAzV9uyH3l5WM3EBIW98q0yfIGH2ZIev0afxYWxrzI%2By1zQko5%2BVnu4mRjNi9rnKchH88GkW72i2YsvvXYhYaOj8Z17rMSo0p3v3OdQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87cb32081a719740-FRA
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:55:42 GMT
prod
ufb6827o24.execute-api.us-west-2.amazonaws.com/ 		0
388 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ufb6827o24.execute-api.us-west-2.amazonaws.com/prod
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.18.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-18-6.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://external.getcandidly.com/
x-api-key
qma2P4cJCE7BgGmv0jiXf54jBB8ZUqk70zX7aTY0
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
via
1.1 de5feec87348dd5cbd158a449ae18d38.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P11
x-amzn-trace-id
Root=1-663179fc-4bd9692b29c4cc5c10cf306b;Parent=329e9ec89616176c;Sampled=0;lineage=fe8b0e30:0
x-amzn-requestid
8e686a33-3040-476f-be6f-469b1678f048
x-cache
Miss from cloudfront
access-control-allow-origin
*
access-control-allow-headers
*
x-amz-apigw-id
XD__hHMJvHcEO9g=
x-amz-cf-id
s37XxpbVPb9aoVC3Nlt2FFc4ZvqUZXsZvjB1ynEKV4FPwlI9ktm2AA==
favicon-cd-228.png
static.getcandidly.com/img/ 		17 KB
18 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://static.getcandidly.com/img/favicon-cd-228.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:4e00:18:a6fe:c940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
35e17ef885bab0169a7bebdaa1855483e1e9033a10de81c9f14715a1a6484408
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 07:34:19 GMT
x-amz-version-id
vu9jkKX2glu6dxliXxhY_m.Y9FtNU_3e
via
1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
FRA60-P1
age
56066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
17774
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 04 May 2022 19:25:36 GMT
server
AmazonS3
etag
"cbd7261dcbc8e4534a45e7be12555098"
x-frame-options
SAMEORIGIN
vary
Origin
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
97Qyz3QJ8mhes14XS52QhF0exN1cfaWyENu-M4detOEGWTswRNm1rA==
en-us-json-7bc1c0f.js
static.zdassets.com/web_widget/messenger/latest/web-widget-locales/messenger/ Frame 76AC 		18 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-locales/messenger/en-us-json-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c52c73407a0d652b51d31bdcb5dff0050e9f916b58bca340d677fddb22b76572
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
x-amz-version-id
Pqq5depyzV0eh0laMyX._YPJQ2ernPin
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
DKWKWY7EYSDTY0JC
age
1682615
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
mbU811k/ke7iB1r45HmcMwHgvh8kN9E9sRl4eMG/0K2MLT+hcAipus8m0JeNgKrH4tO3MDO4Fpw=
last-modified
Mon, 08 Apr 2024 13:55:45 GMT
server
cloudflare
etag
W/"3ac3100c0ffed8d435c31e09d2196883"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2PQ1eyotPA9nRZ1tpMCsT5%2B6vBT124taA%2FaXNgSiMdY5N8g16rJ6juJ1NbhLuWdZc9DPipQwdzK41rfGSY338x1VyL1%2FLkrP5N1nRdQ%2Bmcys1tVxeyrxivYljZQ%2BsD0Dm5et0IE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87cb32091b619740-FRA
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:55:44 GMT
web-widget-84852-7bc1c0f.js
static.zdassets.com/web_widget/messenger/latest/ Frame 76AC 		139 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-84852-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e66e9e0525b7a7a4658edba07661dcf6c6cb3928f966cde5f3e0f53fa1deb71
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
x-amz-version-id
3L5YeUCttGrZSMgt.0v0..dBBy_FKIDi
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
DKWSZSSYT57K063G
age
1682615
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
EehDTpLwmOnkppZUwosB+oaQhjdfxRvyIfxaMK5Q9+YpYYZW/Vp9c1MxYEfkCaNLStlrjekmXTk=
last-modified
Mon, 08 Apr 2024 13:55:42 GMT
server
cloudflare
etag
W/"e4e7aad221ba7d1077b83221a7f7a4fc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GhTjgrWmeNwskn3G0QTJUPdkrNfOOuHDOv83%2BKZkU9e%2Bpzxm1invJPkoA7H6%2BcUJEUZHb77s5nYYdLwdw5iweq1loUTX5DGVE2MS%2FZPcDVoicLlUXn4numCGKLAGnanuqkK%2Fn0Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87cb32091b639740-FRA
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:55:41 GMT
web-widget-9527-7bc1c0f.js
static.zdassets.com/web_widget/messenger/latest/ Frame 76AC 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-9527-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ad71bb2996ac89c0922d74c03405115600a0e9108c738f101c8b06e4dd59f62
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
x-amz-version-id
HwbZ6uxK1YLhJ9IXLd6hWwZS5dWaJJTm
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ZQ9TTCX63Q6ZNP2V
age
1682615
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
zrhUuxuSuLSxdOViPNUAwCRlmr3BEAYlvtDfbsuyuyCHwcOxKmNOznNucnIH3fUdID1v3bd78zS1br5U0SfV6Q==
last-modified
Mon, 08 Apr 2024 13:55:43 GMT
server
cloudflare
etag
W/"083d4fe56f4013855997ad6d21392f69"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VgxN4na1kX7WWpq4Vz0JdaO0HgkSorqWUp%2BFZQVp%2F%2Bwj%2FGoV6QKsESUThiy7vkhYnA3J014Q5P8ey%2FluaWd7Bq03%2FUQhOCefxaEE6OPE9zAmy6PGvTuj8sahYwvGxTscI4%2FlLIA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87cb32091b649740-FRA
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:55:42 GMT
web-widget-92795-7bc1c0f.js
static.zdassets.com/web_widget/messenger/latest/ Frame 76AC 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-92795-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e6a4d9e16ce4da30f229293ef16fbdd906a6d7579d9090e6c83236db665c18c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
x-amz-version-id
VqXB39TxxRyQBgdUUulygv8iZIIl.U6A
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ZQ9QW50VQEW3Z764
age
1682615
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
ArvWc1yuTqe/WVjk37lS+kEO6jdZyIciiLzRNRIeg0EHO7Zbxg4zrjCBRF5coULRO893rKW76OQ=
last-modified
Mon, 08 Apr 2024 13:55:43 GMT
server
cloudflare
etag
W/"8dacd87b4c48f734bef8b1d2179cf0a8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VG5nnr2FW%2B3SVwQ14KwQ3ICgrBHjwCTJWO6pFD8BZ9AN%2BJ3myvgNb9r81r66n6FuLIfrfJshR1ZfiE4csO%2BAPdZ07dVLoi4khu11gwJm61eIrDsWKKL7FTu%2FZY%2F%2BxkvkHubmy%2BU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87cb32091b689740-FRA
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:55:42 GMT
web-widget-15178-7bc1c0f.js
static.zdassets.com/web_widget/messenger/latest/ Frame 76AC 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-15178-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6d6b877a6e65b87c7eaada4f2e8ee780d5749e21a0b31a42dd843f50b74cf03
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
x-amz-version-id
2HcNSYrwF4nmwUJUJvgVhxrgkT6qyOzm
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
DKWJ1ZHR7X4F6WDQ
age
1682615
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
HMIflAK/iPWxphdlvNeCUvclLYoj+mvXpDHa6tbh3ikAtfH/Kt+x8We7nbG8RLfphu8ASmL4s88C2SfETE0Rpw==
last-modified
Mon, 08 Apr 2024 13:55:36 GMT
server
cloudflare
etag
W/"30cd804708caa9949248913ba8f11137"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nW74M53CUtASMchxlEG4LnMSbw1Ik5l8N6God06YA3YEijUTM17ENr7yzAZtniiDS%2BHJqCSe8zh6RkzGlRW6AYUh0dSX60aaOlprXkGPd5mDIQ2z4ANtJJUgD5MP%2F3wWiGLXnls%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87cb32091b6a9740-FRA
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:55:35 GMT
web-widget-59535-7bc1c0f.js
static.zdassets.com/web_widget/messenger/latest/ Frame 76AC 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/messenger/latest/web-widget-59535-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49c6b066c7794e32489b24de0b9269cdbd3a18ad9cb32552cb60f25d3123c972
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
x-amz-version-id
CPyEyXK6TSeQFi3.kU_Huc_t6EdbgHbO
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ZQ9HG5MJCVRK3MH5
age
1682615
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
l9jY+QGDab3UN2BUYQApDPgjCySc3XA3hz3MivAtWXlWzIsfS1YUVn8tU8A9daHt7ggtSCAdlnK37PmAW+3WgUt/fNjI3hHC
last-modified
Mon, 08 Apr 2024 13:55:39 GMT
server
cloudflare
etag
W/"d872b805dfde20482fe32889700afdc1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TNFxeqH77EUXG1O6ldL7Ie5SlACa1pjdgxG2AK4oC2J7hULSvo9UF7N21a9yDzoQRtMfKtRym4PDx%2FOW5HsttkUz6clxORGtMCN%2FpnIO4D1YujLAo4vXn6HKtDaApdv8WO65Gbw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87cb32091b6b9740-FRA
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:55:38 GMT
pv
candidly.zendesk.com/frontendevents/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://candidly.zendesk.com/frontendevents/pv?client=1B752747-577B-429A-A0E0-83861AF69088
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://external.getcandidly.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-origin
*
access-control-max-age
600
cache-control
max-age=600
cf-cache-status
DYNAMIC
cf-ray
87cb3209acb49f2a-FRA
date
Tue, 30 Apr 2024 23:08:44 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GVN25x30yf9LEsj1keCT3HHGUvLe4ITgx2VXexaK%2B4yBwaECZvWBk0Eg8lXzqEwrEGn1foeQt97aOQRczfcTHqJHb8YlyC4KrlKt6kEoJi5f%2BfRCQy1Y%2BQPiFdrmonPoZv0ARjIv"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin
x-request-id
87cb3209acb49f2a-FRA
x-zendesk-zorg
yes
pv
candidly.zendesk.com/frontendevents/ Frame 76AC 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://candidly.zendesk.com/frontendevents/pv?client=1B752747-577B-429A-A0E0-83861AF69088
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-zendesk-zorg
yes
vary
Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1nsKSIEaeQwkzPxqpzYC5LaH4CPv9V2SHuSN1BxObAan9Sf6FnM0tjPIXxfZ6225YGBCd3AcLwY%2BKRAFTwLb3CblOUCg8ZBNGDXlDakJKMMTfA82x%2B5lasIRJ%2Fc8jyMnNML4cGuw"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
87cb320d1f389f2a-FRA
content-length
0
x-request-id
87cb320d1f389f2a-FRA
config
candidly.zendesk.com/embeddable/ Frame 76AC 		763 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://candidly.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd84b3298dd970797534d2493bf14df33c6bce961429de5cccd60e71befd88a7

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-5455499685-lnkxn
x-cached
MISS
x-runtime
0.002420
last-modified
Mon, 29 Apr 2024 15:44:18 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bo%2BpVOL2ISUBh2YL%2BFoXezCakWeKfd1zSh5IwMSDu30f4EMeemCr4710HIaNyuL9z4itlfRgWWTxC2tN8Kj4O1alk9MxLEAt2N2T%2F89W2Dq8cIktkt1gRvDJIjqlZkukbqRofsuh"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
87cb3209acb69f2a-FRA
httpapi
api2.amplitude.com/2/ 		94 B
309 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.148.107.27 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-107-27.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
01b25caed1e797164439a9e2467164f22e83c8b74d36c5b8cef272aa8d1d231f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
*/*
Referer
https://external.getcandidly.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
strict-transport-security
max-age=15768000
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
trace-id
Root=1-663179fd-48821a7377fc3a467b90562a
content-length
94
httpapi
api2.amplitude.com/2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api2.amplitude.com/2/httpapi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.148.107.27 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-107-27.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://external.getcandidly.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, POST
access-control-allow-origin
*
access-control-max-age
86400
content-length
0
date
Tue, 30 Apr 2024 23:08:44 GMT
strict-transport-security
max-age=15768000
3984.956a2fd157c2d0744bb2.js
external.getcandidly.com/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/3984.956a2fd157c2d0744bb2.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
87d4734284a827b05f28c2c4edacd93b03b5f76fec4fa9ffe3b0f8d782941e23

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
content-encoding
gzip
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
W/"662f899b-3c3e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
1524.236d2cce243f67d3f6d3.js
external.getcandidly.com/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/1524.236d2cce243f67d3f6d3.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
2fe06bb376a9105cac21cb33e465e559e6973dcee8c00f245d63baedca96c0ba

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
content-encoding
gzip
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
W/"662f899b-35c2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
2200.a51b100f530154215c5b.js
external.getcandidly.com/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/2200.a51b100f530154215c5b.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
36762b4f87d61e61b158cbc4e375c30935232dc9949850521a212a05635312e7

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:44 GMT
content-encoding
gzip
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
W/"662f899b-4ad1"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
check
api.getcandidly.com/api/1/auth/ 		26 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.getcandidly.com/api/1/auth/check
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
7439e0ca1a61e9d085faed07623b44d3db192435d25a5eb59477147ccdf07216
Security Headers
Name Value
Content-Security-Policy frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://external.getcandidly.com/
X-appInstanceId
0d06e974-32d3-45c7-84a5-c01d0eb5d09f
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
content-security-policy
frame-ancestors dev.futurefuel.io dev.candid.ly dev.getcandidly.com secure.futurefuel.io secure.candid.ly secure.getcandidly.com *.futurefuel.io *.candid.ly *.getcandidly.com *.online.tableau.com; default-src 'self' *.plaid.com; img-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.tableauusercontent.com *.collegefinance.com *.secure.futurefuel.io *.futurefuel.io *.secure.candid.ly *.secure.getcandidly.com *.candid.ly *.getcandidly.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.plaid.com *.gravatar.com *.amazonaws.com *.helpscout.net *.cloudfront.net *.impact.com *.google-analytics.com *.abtasty.com *.amazonaws.com *.ctfassets.net data: futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.criteo.net *.criteo.com *.futurefuel.io *.candid.ly *.getcandidly.com *.abtasty.com *.amazonaws.com *.google.com *.doubleclick.net *.zopim.com *.iterable.com *.credible.com *.hotjar.com *.quovo.com *.plaid.com *.google-analytics.com *.googleapis.com *.googletagmanager.com optimize.google.com *.googleadservices.com *.helpscout.net payitoff-cdn.io *.payitoff-cdn.io payitoff-sandbox.io *.payitoff-sandbox.io payitoff.io *.payitoff.io futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; connect-src 'self' wss://payitoff.io wss://*.zopim.com wss://*.hotjar.com *.payitoff.io payitoff.io payitoff-sandbox.io *.payitoff-sandbox.io *.abtasty.com *.amazonaws.com *.google.pt *.google.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.iterable.com *.mixpanel.com *.hotjar.io *.hotjar.com *.es.io *.amplitude.com *.cloudfront.net *.helpscout.net *.google-analytics.com *.plaid.com *.googleapis.com *.contentful.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net analytics.churnzero.net *.tableauusercontent.com; style-src 'self' 'unsafe-inline' unsafe-inline: *.abtasty.com *.gstatic.com *.googleapis.com 'unsafe-eval' fonts.googleapis.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.tableauusercontent.com; font-src 'self' blob: data: fonts.gstatic.com *.hotjar.com optimize.google.com *.abtasty.com *.gstatic.com *.googleapis.com *.churnzero.net *.tableauusercontent.com; media-src 'self' *.vimeo.com *.akamaized.net futurefuel.io *.futurefuel.io static.futurefuel.io candid.ly getcandidly.com *.candid.ly *.getcandidly.com static.candid.ly static.getcandidly.com *.ctfassets.net http://static.futurefuel.io http://static.candid.ly http://static.getcandidly.com *.tableauusercontent.com; frame-src 'self' payitoff-sandbox.io payitoff.io *.payitoff.io *.criteo.net *.criteo.com *.dev.futurefuel.io *.dev.candid.ly *.dev.getcandidly.com *.amazonaws.com *.doubleclick.net *.futurefuel.io *.candid.ly *.getcandidly.com *.payitoff-sandbox.io payitoff.io *.payitoff.io *.quovo.com *.plaid.com *.hotjar.com *.vimeo.com optimize.google.com *.calendly.com calendly.com futurefuel-dev.us1app.churnzero.net futurefuel.us1app.churnzero.net *.online.tableau.com; prefetch-src *.abtasty.com *.plaid.com *.tableauusercontent.com
x-git-commit-hash
01ccd3e5622ed19375f86ed6c28ff656218482bb
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-ratelimit-remaining
196
vary
Origin
content-type
application/json
access-control-allow-origin
https://external.getcandidly.com
access-control-allow-methods
POST, GET, OPTIONS, PUT, PATCH, DELETE
access-control-expose-headers
Content-Disposition, Authorization, X-Git-Commit-Hash
cache-control
no-cache, private, no-transform
access-control-allow-credentials
true
feature-policy
geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';
permissions-policy
geolocation=(none),midi=(none),notifications=(none),push=(none),sync-xhr=(none),microphone=(none),camera=(none),magnetometer=(none),gyroscope=(none),speaker=(none),vibrate=(none),fullscreen=(none),payment=(none)
x-ratelimit-limit
200
access-control-allow-headers
Api-Token, Content-Type, X-Auth-Token, Origin, Authorization, X-Requested-With, responseType, sentry-trace, baggage, X-appInstanceId, X-Xsrf-Token
962.4f192af348f264006a6d.js
external.getcandidly.com/ 		86 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/962.4f192af348f264006a6d.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
34c960bb45926353877de05d1f4c12e0237f9943072852194fc53ed2e95f133d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
content-encoding
gzip
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
W/"662f899b-1580b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
6016.ba4a03e33ab03a75d04e.js
external.getcandidly.com/ 		535 B
530 B 		Script
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/6016.ba4a03e33ab03a75d04e.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
45c6ea07993dab6d62255aa06d8ebdf6402d5b8e11825aac7787d91f12d658a7

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
content-encoding
gzip
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
W/"662f899b-217"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
4457.ec7a952386ae8779e9e4.js
external.getcandidly.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/4457.ec7a952386ae8779e9e4.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
b603ba24302f3a9d6cfbb7640ce6674af7098a3c9e440348259beaba2e9a8485

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
content-encoding
gzip
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
W/"662f899b-2da5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
2248.b86267482d87da79a567.js
external.getcandidly.com/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/2248.b86267482d87da79a567.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
1ab5049ddb3485b786ef58f95cce892cdab13719f1996955f4345cb5047ef8fe

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
content-encoding
gzip
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
W/"662f899b-28f9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
2863.a62cf12aafcb1f22d9f1.js
external.getcandidly.com/ 		20 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/2863.a62cf12aafcb1f22d9f1.js
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
5a00ffe77b1bdf1e0222dae3dd7ab82cc888c087270728d2c1e8eb06ba2b1648

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
content-encoding
gzip
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
W/"662f899b-4e5b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
prod
ufb6827o24.execute-api.us-west-2.amazonaws.com/ 		0
387 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ufb6827o24.execute-api.us-west-2.amazonaws.com/prod
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.18.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-18-6.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://external.getcandidly.com/
x-api-key
qma2P4cJCE7BgGmv0jiXf54jBB8ZUqk70zX7aTY0
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
via
1.1 de5feec87348dd5cbd158a449ae18d38.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P11
x-amzn-trace-id
Root=1-663179fd-36e224432d6e3a6367f40342;Parent=690d1d4d5a962aa9;Sampled=0;lineage=fe8b0e30:0
x-amzn-requestid
0e64e9e3-9049-4c0a-a7f8-b1920d6390cc
x-cache
Miss from cloudfront
access-control-allow-origin
*
access-control-allow-headers
*
x-amz-apigw-id
XD__qFwuPHcEoDQ=
x-amz-cf-id
gJWM9rDKJ5OFbId8Imh11THf0NvXwpQLbUFwKlr2Tq_cxaEqE00seQ==
prod
ufb6827o24.execute-api.us-west-2.amazonaws.com/ 		0
386 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ufb6827o24.execute-api.us-west-2.amazonaws.com/prod
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.244.18.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-244-18-6.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://external.getcandidly.com/
x-api-key
qma2P4cJCE7BgGmv0jiXf54jBB8ZUqk70zX7aTY0
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
via
1.1 de5feec87348dd5cbd158a449ae18d38.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P11
x-amzn-trace-id
Root=1-663179fd-54e72a9049c72cbf1e1d97f0;Parent=2e209fadb720b0e4;Sampled=0;lineage=fe8b0e30:0
x-amzn-requestid
e0d2290f-035f-4448-824f-61e024c4cd42
x-cache
Miss from cloudfront
access-control-allow-origin
*
access-control-allow-headers
*
x-amz-apigw-id
XD__rGFUvHcEJHA=
x-amz-cf-id
yXc-u5IEekLn8qW5KRTMs5TfDaJ6ysH6MNwTYY2cVp1Dw5M0P5Ezjw==
favicon-cd-228.png
static.getcandidly.com/img/ 		17 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://static.getcandidly.com/img/favicon-cd-228.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:4e00:18:a6fe:c940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
35e17ef885bab0169a7bebdaa1855483e1e9033a10de81c9f14715a1a6484408
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 07:34:19 GMT
x-amz-version-id
vu9jkKX2glu6dxliXxhY_m.Y9FtNU_3e
via
1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P1
age
56066
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
17774
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 04 May 2022 19:25:36 GMT
server
AmazonS3
etag
"cbd7261dcbc8e4534a45e7be12555098"
x-frame-options
SAMEORIGIN
vary
Origin
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
97Qyz3QJ8mhes14XS52QhF0exN1cfaWyENu-M4detOEGWTswRNm1rA==
bg-corner-top-circle.ef4a88a05b4290247845b50b2bc8dfe9.png
external.getcandidly.com/assets/images/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://external.getcandidly.com/assets/images/bg-corner-top-circle.ef4a88a05b4290247845b50b2bc8dfe9.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
b6eebf15a2958e13b091b56f54ccb3f224a2e810d390b7597882b23681850ff1

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
"662f899b-b77f"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
46975
bg-bottom-shapes.a8f47b85825c522b6aa633de35ea5c53.png
external.getcandidly.com/assets/images/ 		282 KB
283 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://external.getcandidly.com/assets/images/bg-bottom-shapes.a8f47b85825c522b6aa633de35ea5c53.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
04201928c497b455aa6296e58b47aeb7562bb669c8727ebfca3cba9fcb6d8075

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
"662f899b-469aa"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
289194
DMSans-Bold.ttf
external.getcandidly.com/assets/fonts/ 		55 KB
55 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/assets/fonts/DMSans-Bold.ttf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
fd1d62ebef23a57445b80ec9b5e35dabc799ecdeb47e650078282cc64ca821a6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Origin
https://external.getcandidly.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
"662f899b-dbcc"
content-type
application/octet-stream
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
56268
DMSans-SemiBold.ttf
external.getcandidly.com/assets/fonts/ 		55 KB
55 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/assets/fonts/DMSans-SemiBold.ttf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
15dd48c69d7b01e0def2f3cbac7b2dc881c153cee7c908c0e31e5437a0b00ce6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Origin
https://external.getcandidly.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
"662f899b-dc10"
content-type
application/octet-stream
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
56336
DMSans-Regular.ttf
external.getcandidly.com/assets/fonts/ 		55 KB
55 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/assets/fonts/DMSans-Regular.ttf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
8ffde09e22b1d2dd3f3872c1ac736efe21a45338a1817f3bdbbec3d3ca7d38fd

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Origin
https://external.getcandidly.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
"662f899b-dc1c"
content-type
application/octet-stream
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
56348
DMSans-Medium.ttf
external.getcandidly.com/assets/fonts/ 		55 KB
55 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://external.getcandidly.com/assets/fonts/DMSans-Medium.ttf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.135.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a80d8795874baa161.awsglobalaccelerator.com
Software
nginx /
Resource Hash
a2f8e60c410bbe001de8441eb731e27fe2f46c50bb0c7ed95b02bbb9f67c9366

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Origin
https://external.getcandidly.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 23:08:45 GMT
last-modified
Mon, 29 Apr 2024 11:50:51 GMT
server
nginx
etag
"662f899b-dc38"
content-type
application/octet-stream
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
56376
pv
candidly.zendesk.com/frontendevents/ Frame 76AC 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://candidly.zendesk.com/frontendevents/pv?client=1B752747-577B-429A-A0E0-83861AF69088
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/messenger/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 30 Apr 2024 23:08:46 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-zendesk-zorg
yes
vary
Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RZRI13az3MN%2BrxMklwE7HsDbi7NQpCv0LvSPeVCTuts9lu1nl2mm0Y0q2vBo4Xa7RmHVJym9G9pRjaaCBe8I0x41wDjOrgxxOn9dYyIyntQy%2BJ2MTuGJZo5MMZc4Dk3%2B7fsl74sr"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
87cb3215fec59f2a-FRA
content-length
0
x-request-id
87cb3215fec59f2a-FRA
/
o4504157511942144.ingest.sentry.io/api/4504157513973766/envelope/ 		41 B
348 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o4504157511942144.ingest.sentry.io/api/4504157513973766/envelope/?sentry_key=dba5690ff2354d3fb0063fd6d16cee59&sentry_version=7&sentry_client=sentry.javascript.react%2F7.98.0
Requested by
Host: external.getcandidly.com
URL: https://external.getcandidly.com/179.fb7520997134a34224ef.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
a11667f4b2517aa8e1c59096331b58b5c112f5dbbb287bce375636805e44ab1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 30 Apr 2024 23:08:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
common.js
maps.googleapis.com/maps-api-v3/api/js/56/10/intl/de_ALL/ 		256 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/56/10/intl/de_ALL/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyB_KldQgq4PROFNftQPKbcEQVuLzBqiey0&libraries=places&callback=__jp0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bf993e94737aa8fa06c105396e20959f5cde8045fa727ad278eb8e97149f8409
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 08:25:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
52993
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57118
x-xss-protection
0
last-modified
Tue, 23 Apr 2024 20:46:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Apr 2025 08:25:35 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/56/10/intl/de_ALL/ 		181 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/56/10/intl/de_ALL/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyB_KldQgq4PROFNftQPKbcEQVuLzBqiey0&libraries=places&callback=__jp0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b5ebaf79c892159613159f4273e2cb7cbd71deb726a7b68ce9035d140932f61a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://external.getcandidly.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 07:54:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
54870
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56811
x-xss-protection
0
last-modified
Tue, 23 Apr 2024 20:46:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Apr 2025 07:54:18 GMT

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 function| createSubject object| ffOnScriptError$ object| ffIterableReady$ object| ffKeyWidgetReady$ function| gtag object| dataLayer object| iterableAnalytics object| _iaq function| hj object| _hjSettings object| ChurnZero object| google_tag_manager object| google_tag_data object| Plaid object| webpackJsonpPlaid object| Candidly object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled object| webpackChunkcandidly_frontend object| regeneratorRuntime object| DD_RUM number| 2f1acc6c3a606b082e5eef5e54414ffb object| __SENTRY__ object| __sentry_instrumentation_handlers__ function| __jp0 object| analyticsConnectorInstances object| __tracerCZ object| zEWebpackACJsonp function| zE function| zEmbed object| google object| module$exports$mapsapi$geometry$spherical object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView boolean| zEACLoaded

8 Cookies

Domain/Path Name / Value
.getcandidly.com/ Name: _gcl_au
Value: 1.1.1026973900.1714518523
.getcandidly.com/ Name: _hjSessionUser_1438401
Value: eyJpZCI6IjNmNDE3MjZhLTQ4ODYtNWExNy04ODU1LThmNWIyNGJiYTg1NSIsImNyZWF0ZWQiOjE3MTQ1MTg1MjI5OTcsImV4aXN0aW5nIjp0cnVlfQ==
.getcandidly.com/ Name: _hjSession_1438401
Value: eyJpZCI6ImI1YzA0MDg1LTYzODktNGNlZi04MDk4LWM0MjQzODVkNWMwYSIsImMiOjE3MTQ1MTg1MjI5OTgsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
external.getcandidly.com/ Name: _hjHasCachedUserAttributes
Value: true
.getcandidly.com/ Name: AMP_MKTG_aa4c509b3f
Value: JTdCJTdE
ff-cookie-test.s3-us-west-2.amazonaws.com/ Name: s
Value: 1
.getcandidly.com/ Name: AMP_aa4c509b3f
Value: JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjI4YjMzZjk3Mi01ZDA0LTRkMDYtOWE4Mi01OTM1Yjk5NTUxZjYlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzE0NTE4NTIzNDE4JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTcxNDUxODUyNDI1MiU3RA==
external.getcandidly.com/ Name: _dd_s
Value: rum=0&expire=1714519423343

4 Console Messages

Source Level URL
Text
other warning URL: https://external.getcandidly.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://external.getcandidly.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://api.getcandidly.com/api/1/auth/check
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://api.getcandidly.com/api/1/auth/check
Message:
Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.getcandidly.com
api2.amplitude.com
candidly.zendesk.com
cdn.plaid.com
ekr.zdassets.com
external.getcandidly.com
ff-cookie-test.s3-us-west-2.amazonaws.com
futurefuel.us1app.churnzero.net
js.iterable.com
maps.googleapis.com
o4504157511942144.ingest.sentry.io
script.hotjar.com
static.getcandidly.com
static.hotjar.com
static.zdassets.com
ufb6827o24.execute-api.us-west-2.amazonaws.com
www.googletagmanager.com
104.16.51.111
104.18.72.113
13.224.189.39
13.32.27.19
13.33.187.112
18.244.18.6
18.66.102.51
2600:9000:2240:4e00:18:a6fe:c940:93a1
2a00:1450:4001:82a::200a
2a00:1450:4001:831::2008
3.5.80.127
34.120.195.249
54.148.107.27
75.2.100.71
99.83.135.174
009c688b6b2b336eeffafab5ea0ae57b757e4d85c84d736d365f1ef76611d5cc
01b25caed1e797164439a9e2467164f22e83c8b74d36c5b8cef272aa8d1d231f
04201928c497b455aa6296e58b47aeb7562bb669c8727ebfca3cba9fcb6d8075
14495f5a844879b72642cc37c18ae66fcfa8f318549a6d09fd5c606d655f0bff
15dd48c69d7b01e0def2f3cbac7b2dc881c153cee7c908c0e31e5437a0b00ce6
1ab5049ddb3485b786ef58f95cce892cdab13719f1996955f4345cb5047ef8fe
1b07ff9cb3ee66f1f0e4c708320ea5d9d6487d1b15e022416d914e214df163aa
22b136947cc9bdf4df9959e98860c85222e0dee4ab76b7721f4ce0ec7d0bb686
22fb8c70e8eaf405f1acb80519687fd455ebfd96d25e77077d0900efd22f4954
2fc74cecd5994db5867f26695d7297b8650b9d717c13be4093f09fd7ec9675de
2fe06bb376a9105cac21cb33e465e559e6973dcee8c00f245d63baedca96c0ba
34c960bb45926353877de05d1f4c12e0237f9943072852194fc53ed2e95f133d
35e17ef885bab0169a7bebdaa1855483e1e9033a10de81c9f14715a1a6484408
36762b4f87d61e61b158cbc4e375c30935232dc9949850521a212a05635312e7
382cf0662679804495179111aa0f9edc6d76fc7e19b11d4858a9962178e2048b
39d5c41cb68f492af564afa3d2106392396e68ea76999196ee06629457ab985d
45c6ea07993dab6d62255aa06d8ebdf6402d5b8e11825aac7787d91f12d658a7
49c6b066c7794e32489b24de0b9269cdbd3a18ad9cb32552cb60f25d3123c972
4e052a9d95b98bf2c02bb9d78d2d6c866cb659652f7501521ced629521fae9f5
4e66e9e0525b7a7a4658edba07661dcf6c6cb3928f966cde5f3e0f53fa1deb71
542db616813301a07600837c2a943b20f41063ae993ec5c6e38f253b38eac006
5a00ffe77b1bdf1e0222dae3dd7ab82cc888c087270728d2c1e8eb06ba2b1648
7439e0ca1a61e9d085faed07623b44d3db192435d25a5eb59477147ccdf07216
87d4734284a827b05f28c2c4edacd93b03b5f76fec4fa9ffe3b0f8d782941e23
8ffde09e22b1d2dd3f3872c1ac736efe21a45338a1817f3bdbbec3d3ca7d38fd
9659f1ab5275e5c81b141ea8595bad132224fefc90f7048ff975f93546594456
9ad71bb2996ac89c0922d74c03405115600a0e9108c738f101c8b06e4dd59f62
9e6a4d9e16ce4da30f229293ef16fbdd906a6d7579d9090e6c83236db665c18c
9f4c7b47fe2151a74a693533fd52c91d78ec03203027ee9a1210baa9e915b5fa
a11667f4b2517aa8e1c59096331b58b5c112f5dbbb287bce375636805e44ab1f
a2f8e60c410bbe001de8441eb731e27fe2f46c50bb0c7ed95b02bbb9f67c9366
b5ebaf79c892159613159f4273e2cb7cbd71deb726a7b68ce9035d140932f61a
b603ba24302f3a9d6cfbb7640ce6674af7098a3c9e440348259beaba2e9a8485
b6eebf15a2958e13b091b56f54ccb3f224a2e810d390b7597882b23681850ff1
bd84b3298dd970797534d2493bf14df33c6bce961429de5cccd60e71befd88a7
bf993e94737aa8fa06c105396e20959f5cde8045fa727ad278eb8e97149f8409
c52c73407a0d652b51d31bdcb5dff0050e9f916b58bca340d677fddb22b76572
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbbf676d76b4d711a2d6b3e4527548615d4a7d6b29db15a8b3922d04cbe1a8b9
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
d6b8fa88d0581fdfb111d9f05b08ee3299ed45c9e0feec2e31724a9736ea5f2b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48cd34af41627d525798cd7228884079bc7e4fa4e4a161a263a2682656d87f0
e6d6b877a6e65b87c7eaada4f2e8ee780d5749e21a0b31a42dd843f50b74cf03
f63b416bf7da6f1ba13118258ed336d47aa1c19d6e9c0624749e8e617a001338
fb7bac8b018b0e7e340e87ba3a380a9bae03060d421ce9ad88b6d5e00ab1c317
fd1d62ebef23a57445b80ec9b5e35dabc799ecdeb47e650078282cc64ca821a6