urlscan.io logo urlscan.io
SecurityTrails logo

a.sprig.com Open in urlscan Pro
13.32.110.75  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://protection.greathorn.com/services/v2/lookupUrl/d91eaef8-af0f-4b08-b779-6cf1f7485351/1132/ab646de8d1c4a717961815374335b767...
Effective URL: https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
Submission: On August 17 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 13.32.110.75, located in United States and belongs to AMAZON-02, US. The main domain is a.sprig.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on August 16th 2023. Valid for: a year.
This is the only time a.sprig.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:224... 16509 (AMAZON-02)
5 13.32.110.75 16509 (AMAZON-02)
4 184.72.105.205 14618 (AMAZON-AES)
2 13.249.9.108 16509 (AMAZON-02)
11 3
Apex Domain
Subdomains		 Transfer
11 sprig.com
a.sprig.com
api.sprig.com — Cisco Umbrella Rank: 6238
cdn.sprig.com — Cisco Umbrella Rank: 12372
273 KB
1 greathorn.com
protection.greathorn.com — Cisco Umbrella Rank: 571922
699 B
11 2
Domain Requested by
5 a.sprig.com a.sprig.com
4 api.sprig.com a.sprig.com
2 cdn.sprig.com a.sprig.com
cdn.sprig.com
1 protection.greathorn.com 1 redirects
11 4

This site contains links to these domains. Also see Links.

Domain
pub-5d3092a1f3fe4657afb7ace986c66f57.r2.dev
sprig.com
Subject Issuer Validity Valid
api.sprig.com
Amazon RSA 2048 M03		 2023-08-16 -
2024-09-13		 a year crt.sh
istio-gateway.sprig.com
Amazon RSA 2048 M01		 2023-05-23 -
2024-06-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
Frame ID: C81F2B79B386BEC93B16AC7AD529A37B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ACH ELECTRONIC FUND TRANSFER CONFIRMATION research by Sprig

Page URL History Show full URLs

  1. https://protection.greathorn.com/services/v2/lookupUrl/d91eaef8-af0f-4b08-b779-6cf1f7485351/1132/ab646de8d1c4... HTTP 302
    https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY= Page URL

Page Statistics

11
Requests

100 %
HTTPS

25 %
IPv6

2
Domains

4
Subdomains

3
IPs

1
Countries

273 kB
Transfer

813 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://protection.greathorn.com/services/v2/lookupUrl/d91eaef8-af0f-4b08-b779-6cf1f7485351/1132/ab646de8d1c4a717961815374335b7676931ba41?domain=a.sprig.com&path=/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY= HTTP 302
    https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
a.sprig.com/
Redirect Chain
  • https://protection.greathorn.com/services/v2/lookupUrl/d91eaef8-af0f-4b08-b779-6cf1f7485351/1132/ab646de8d1c4a717961815374335b7676931ba41?domain=a.sprig.com&path=/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS...
  • https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
6 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-75.vie50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
70b0bf92f1b7c28be512457fc630aa1b60c2725ae4f4dd707b18323380dd8ad1
Security Headers
Name Value
Content-Security-Policy default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-store
content-length
6199
content-security-policy
default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
content-type
text/html; charset=UTF-8
date
Thu, 17 Aug 2023 20:14:01 GMT
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
permissions-policy
fullscreen=(), geolocation=()
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 881b12332738e10f6e80298fbdcd7e8e.cloudfront.net (CloudFront)
x-amz-cf-id
qnJh7d8pOOa8jp4ytNkKlT_-y9mn199zHsVcRN7UHnGrYXoGqS73lw==
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-envoy-upstream-service-time
2
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
17
content-security-policy
default-src 'none'; script-src 'self' apis.google.com static.zdassets.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.googleapis.com; img-src 'self' *.amazonaws.com; connect-src 'self' greathorn.statuscast.com; frame-src accounts.google.com
content-type
application/json
date
Thu, 17 Aug 2023 20:14:00 GMT
location
https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
via
1.1 700cde4f0f5657e960ef85bdf58168b6.cloudfront.net (CloudFront)
x-amz-cf-id
VC1UvFHcx9VpuNEcm1pPxveisxmqXwuOoV0IFhUA2Xv8BjztaRhTUg==
x-amz-cf-pop
MXP63-P2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
deny
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
config.js
a.sprig.com/ 		345 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.sprig.com/config.js
Requested by
Host: a.sprig.com
URL: https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-75.vie50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
3f1cd88881f3453cf7860bd83c364a83d294dce5e1d9897691dbca63a64bf228
Security Headers
Name Value
Content-Security-Policy default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 20:14:02 GMT
content-security-policy
default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 881b12332738e10f6e80298fbdcd7e8e.cloudfront.net (CloudFront)
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
4
content-length
345
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 16 Aug 2023 20:52:37 GMT
server
istio-envoy
etag
W/"159-18a001f2b1a"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
no-store
permissions-policy
fullscreen=(), geolocation=()
accept-ranges
bytes
x-amz-cf-id
sILguEXhn5ZWEqwJKEesvpXG-V0RtBRPGEIxdMiLKHABldEi-EXE9Q==
main.297b7947.chunk.css
a.sprig.com/static/css/ 		7 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://a.sprig.com/static/css/main.297b7947.chunk.css
Requested by
Host: a.sprig.com
URL: https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-75.vie50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
a71546919d8e513bccd27e69c2856bd513a64ed8a0201e3e02de1b8564d2f09f
Security Headers
Name Value
Content-Security-Policy default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 20:14:02 GMT
content-security-policy
default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 881b12332738e10f6e80298fbdcd7e8e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
2
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
etag
W/"1cdb-0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
permissions-policy
fullscreen=(), geolocation=()
x-amz-cf-id
tbJ2O-31yA00xR6plcd6UkvzRsibLqLLCmjliPaJlQdX0rK9UOWTGQ==
2.6b8fee0a.chunk.js
a.sprig.com/static/js/ 		524 KB
171 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.sprig.com/static/js/2.6b8fee0a.chunk.js
Requested by
Host: a.sprig.com
URL: https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-75.vie50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
0f0b9f51b5e7c5d61375770b215e0623a9a1ec7a11a1ffff03e287e0c77c447f
Security Headers
Name Value
Content-Security-Policy default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 20:14:02 GMT
content-security-policy
default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 881b12332738e10f6e80298fbdcd7e8e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
9
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
etag
W/"82ec1-0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
permissions-policy
fullscreen=(), geolocation=()
x-amz-cf-id
wwuh7FHl2WA0NA4DVhKBdinkRUBVb3agMgvTTEMDs_gidRnCZ6ctkA==
main.54a5a157.chunk.js
a.sprig.com/static/js/ 		100 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.sprig.com/static/js/main.54a5a157.chunk.js
Requested by
Host: a.sprig.com
URL: https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.110.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-110-75.vie50.r.cloudfront.net
Software
istio-envoy /
Resource Hash
cd7e993aed451efbf3789fcae8e03b3b7d5cdc51105628aae7ee938523f2123c
Security Headers
Name Value
Content-Security-Policy default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://a.sprig.com/akRXMnd0RVZ4QzhafnNpZDplYTMxZjk2OS03NDYyLTQzNWMtYjExNS04YjMzZGQxYWEyNzY=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 20:14:02 GMT
content-security-policy
default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 881b12332738e10f6e80298fbdcd7e8e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
VIE50-C2
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
2
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
etag
W/"18fdd-0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
permissions-policy
fullscreen=(), geolocation=()
x-amz-cf-id
SFDXaBlJ8cimlT5h4EzxvNrPz3t9cq-u-yHfM_7arT3Fnowhvdggkw==
link
api.sprig.com/1/environments/jDW2wtEVxC8Z/emailsurvey/ea31f969-7462-435c-b115-8b33dd1aa276/ 		945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.sprig.com/1/environments/jDW2wtEVxC8Z/emailsurvey/ea31f969-7462-435c-b115-8b33dd1aa276/link
Requested by
Host: a.sprig.com
URL: https://a.sprig.com/static/js/2.6b8fee0a.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.105.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-105-205.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
b876ab48b71351134520fc712323cc9411f68b7dcfa441e26ab7b23c08b9d3a0

Request headers

Accept
application/json, text/plain, */*
Referer
https://a.sprig.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 20:14:03 GMT
server
istio-envoy
etag
W/"3b1-NtXcrCN7tIn53DPX7+bvibxuoF4"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Disposition
x-envoy-upstream-service-time
46
timing-allow-origin
https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
content-length
945
visitor
api.sprig.com/1/environments/jDW2wtEVxC8Z/emailsurvey/ea31f969-7462-435c-b115-8b33dd1aa276/ 		455 B
874 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.sprig.com/1/environments/jDW2wtEVxC8Z/emailsurvey/ea31f969-7462-435c-b115-8b33dd1aa276/visitor
Requested by
Host: a.sprig.com
URL: https://a.sprig.com/static/js/2.6b8fee0a.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.105.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-105-205.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
ca374e08356f1b0cadbcaa92445c85d98951204c091cfd4109a4ee6be6e918f5

Request headers

Accept
application/json, text/plain, */*
Referer
https://a.sprig.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 20:14:03 GMT
server
istio-envoy
etag
W/"1c7-iw9j3c41DbTLZHXZF78ZvHZ7ndg"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
Content-Disposition
x-envoy-upstream-service-time
20
timing-allow-origin
https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
content-length
455
sprig-web-view-sdk-latest.js
cdn.sprig.com/ 		151 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sprig.com/sprig-web-view-sdk-latest.js
Requested by
Host: a.sprig.com
URL: https://a.sprig.com/static/js/main.54a5a157.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-108.cdg53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a6eefe5ea7201b2ad26cd1cd2adf6cdec84e2f5e9e14e340bfde3ee7e80bef9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://a.sprig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 04:01:33 GMT
x-amz-version-id
GXBZZ6thtYauCONXsHif9oWsKuZpfZgG
content-encoding
br
last-modified
Mon, 07 Aug 2023 18:51:13 GMT
server
AmazonS3
via
1.1 6c980dcb60a714b7de2e5b65761a4940.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG53-C1
etag
W/"845d62639057f81f30fb3d0fed330cf6"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
age
58351
cross-origin-resource-policy
cross-origin
x-amz-cf-id
e9EYsQu3v8L1Tws65mW-1BnmAXCoGN2lvSzfGY2Q0LXuT_3ms5bfeQ==
history
api.sprig.com/sdk/1/visitors/393a36c7-ff0e-4e7d-ad94-18f7b7e870cf/surveys/115857/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.sprig.com/sdk/1/visitors/393a36c7-ff0e-4e7d-ad94-18f7b7e870cf/surveys/115857/history
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.105.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-105-205.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
Access-Control-Request-Method
POST
Origin
https://a.sprig.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-headers
authorization,content-type,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
date
Thu, 17 Aug 2023 20:14:03 GMT
server
istio-envoy
timing-allow-origin
https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
vary
Access-Control-Request-Headers
x-envoy-upstream-service-time
2
history
api.sprig.com/sdk/1/visitors/393a36c7-ff0e-4e7d-ad94-18f7b7e870cf/surveys/115857/ 		0
702 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.sprig.com/sdk/1/visitors/393a36c7-ff0e-4e7d-ad94-18f7b7e870cf/surveys/115857/history
Requested by
Host: a.sprig.com
URL: https://a.sprig.com/static/js/2.6b8fee0a.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.105.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-105-205.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

x-ul-visitor-id
393a36c7-ff0e-4e7d-ad94-18f7b7e870cf
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Authorization
Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJndCI6InZpc2l0b3IiLCJpZCI6ImpEVzJ3dEVWeEM4WiIsInZpZCI6IjM5M2EzNmM3LWZmMGUtNGU3ZC1hZDk0LTE4ZjdiN2U4NzBjZiIsImlhdCI6MTY5MjMwMzI0MywiZXhwIjoxNjkyNDc2MDQzfQ.WErRznz_OedqcyI9VIcI_ZKqexMOe21G9_HZKMMxaqJbaTGIGKP5sgCfpbkheo_7yy2CUbYJqhLH3d1nikFEyA
Content-Type
application/json
x-ul-installation-method
web-snippet
Referer
https://a.sprig.com/
x-ul-sdk-version
2.24.2
x-ul-environment-id
jDW2wtEVxC8Z
userleap-platform
link

Response headers

date
Thu, 17 Aug 2023 20:14:04 GMT
server
istio-envoy
x-ul-visitor-id
393a36c7-ff0e-4e7d-ad94-18f7b7e870cf
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
authorization
Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJndCI6InZpc2l0b3IiLCJpZCI6ImpEVzJ3dEVWeEM4WiIsInZpZCI6IjM5M2EzNmM3LWZmMGUtNGU3ZC1hZDk0LTE4ZjdiN2U4NzBjZiIsImlhdCI6MTY5MjMwMzI0MywiZXhwIjoxNjkyNDc2MDQzfQ.WErRznz_OedqcyI9VIcI_ZKqexMOe21G9_HZKMMxaqJbaTGIGKP5sgCfpbkheo_7yy2CUbYJqhLH3d1nikFEyA
access-control-allow-origin
*
access-control-expose-headers
Authorization,x-ul-visitor-id
x-envoy-upstream-service-time
173
timing-allow-origin
https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
userleap-web-upchunk-v2.2.2.js
cdn.sprig.com/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sprig.com/userleap-web-upchunk-v2.2.2.js
Requested by
Host: cdn.sprig.com
URL: https://cdn.sprig.com/sprig-web-view-sdk-latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-108.cdg53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d18df54d9729af7a30f90abad03804107408731f739856d084777f0a47e067f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://a.sprig.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 01:14:46 GMT
x-amz-version-id
_EDA7WSk65J9Vh.7GOkh0A_wHECmwLQo
content-encoding
br
last-modified
Tue, 10 May 2022 00:19:33 GMT
server
AmazonS3
via
1.1 6c980dcb60a714b7de2e5b65761a4940.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG53-C1
etag
W/"d1f244523c16c1b639b69990343d0b4d"
age
68358
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cross-origin-resource-policy
cross-origin
x-amz-cf-id
6F3b6Y7grf3kdJHys8RATCwxi14_kaT8SxPpkHW3CV6909dMCycfHA==

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| env string| API_BASE_URL string| CDN_BASE_URL string| NODE_ENV string| PORT string| LOG_BATCH_SIZE string| STATSD_HOST string| STATSD_PORT string| DSN string| WEBSURVEY_URL object| app object| webpackJsonpuserleap object| DD_RUM object| __SENTRY__ function| _ object| __sentry_instrumentation_handlers__ function| setImmediate function| clearImmediate object| __cfg object| UpChunk

1 Cookies

Domain/Path Name / Value
a.sprig.com/ Name: _dd_s
Value: rum=1&id=30fcab1f-7dcc-4d1f-9601-a048b5f931d7&created=1692303243079&expire=1692304143080

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com 'self'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block