urlscan.io logo urlscan.io
SecurityTrails logo

orders.costacoffee.com Open in urlscan Pro
2a02:26f0:480:d::210:f159  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://orders.costacoffee.com/
Effective URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Submission Tags: falconsandbox
Submission: On August 17 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 33 HTTP transactions. The main IP is 2a02:26f0:480:d::210:f159, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is orders.costacoffee.com.
TLS certificate: Issued by R3 on June 30th 2023. Valid for: 3 months.
This is the only time orders.costacoffee.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 2a02:26f0:480... 20940 (AKAMAI-ASN1)
17 2620:1ec:bdf::42 8075 (MICROSOFT...)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 13.69.239.72 8075 (MICROSOFT...)
33 5
12    2a02:26f0:480:d::210:f159 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
orders.costacoffee.com
17    2620:1ec:bdf::42 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
content.powerapps.com
2    2a02:26f0:3500:586::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
s.go-mpulse.net
684dd32b.akstat.io
1    2a02:26f0:3500:981::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
c.go-mpulse.net
2    13.69.239.72 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
eu-mobile.events.data.microsoft.com
Apex Domain
Subdomains		 Transfer
17 powerapps.com
content.powerapps.com — Cisco Umbrella Rank: 5278
703 KB
12 costacoffee.com
orders.costacoffee.com
303 KB
2 microsoft.com
eu-mobile.events.data.microsoft.com — Cisco Umbrella Rank: 1276
293 B
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1498
c.go-mpulse.net — Cisco Umbrella Rank: 679
50 KB
1 akstat.io
684dd32b.akstat.io — Cisco Umbrella Rank: 75722
206 B
33 5
Domain Requested by
17 content.powerapps.com orders.costacoffee.com
12 orders.costacoffee.com 1 redirects orders.costacoffee.com
content.powerapps.com
2 eu-mobile.events.data.microsoft.com content.powerapps.com
1 684dd32b.akstat.io s.go-mpulse.net
1 c.go-mpulse.net content.powerapps.com
1 s.go-mpulse.net orders.costacoffee.com
33 6

This site contains links to these domains. Also see Links.

Domain
www.costa.co.uk
Subject Issuer Validity Valid
orders.costacoffee.com
R3		 2023-06-30 -
2023-09-28		 3 months crt.sh
content.powerapps.com
Microsoft Azure TLS Issuing CA 05		 2023-06-09 -
2024-06-03		 a year crt.sh
akstat.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-05 -
2024-04-04		 a year crt.sh
*.events.data.microsoft.com
Microsoft Azure TLS Issuing CA 05		 2023-06-07 -
2024-06-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Frame ID: 4C318605F0B01F1C58D5E65CFB4E11F7
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in

Page URL History Show full URLs

  1. https://orders.costacoffee.com/ HTTP 302
    https://orders.costacoffee.com/SignIn?ReturnUrl=%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

33
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

1055 kB
Transfer

4005 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://orders.costacoffee.com/ HTTP 302
    https://orders.costacoffee.com/SignIn?ReturnUrl=%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request SignIn
orders.costacoffee.com/
Redirect Chain
  • https://orders.costacoffee.com/
  • https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
25 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4cc3b35ea5359b0733bfea6aafb3e61a77fe15ab02a8ccf0141913f2a3d84caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
7588
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
content-type
text/html; charset=utf-8
date
Thu, 17 Aug 2023 07:40:03 GMT
expires
Thu, 17 Aug 2023 07:40:03 GMT
link
<https://orders.costacoffee.com/fonts/glyphicons-halflings-regular.woff2>;rel="preload";as="font";type="font/woff2";crossorigin <https://content.powerapps.com>;rel="preconnect"
pragma
no-cache
server-timing
response-code; desc=200 edge; dur=1 origin; dur=68 cdn-cache; desc=MISS ak_p; desc="1692258003305_34664473_205071494_6913_1745_34_0_255";dur=1
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-akamai-transformed
9 6866 0 pmb=mRUM,2
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
x-ms-request-id
a30581b9-5884-4bc8-a22c-3a736bf7fafb

Redirect headers

cache-control
max-age=0, no-cache, no-store
content-length
20649
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
content-type
text/html; charset=utf-8
date
Thu, 17 Aug 2023 07:40:03 GMT
expires
Thu, 17 Aug 2023 07:40:03 GMT
location
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
pragma
no-cache
server-timing
response-code; desc=302 edge; dur=1 origin; dur=153 cdn-cache; desc=MISS ak_p; desc="1692258003045_34664473_205071224_15290_1165_32_71_255";dur=1
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
x-ms-request-id
4f057b8f-c819-44de-9beb-7da595a407d6
glyphicons-halflings-regular.woff2
orders.costacoffee.com/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/fonts/glyphicons-halflings-regular.woff2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Origin
https://orders.costacoffee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 27 Jul 2023 09:18:50 GMT
etag
"039b55a6bc0d91:0"
x-frame-options
SAMEORIGIN
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
content-type
application/font-woff2
x-ms-request-id
40060add-9106-4d0c-b3fc-c2141ff36141
cache-control
public, max-age=604800
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
server-timing
cdn-cache; desc=HIT, edge; dur=11, origin; dur=0, response-code; desc=200, ak_p; desc="1692258003416_34664473_205071638_1124_1025_33_0_219";dur=1
accept-ranges
bytes
content-length
18028
getresourcemanager
orders.costacoffee.com/_resources/ 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/_resources/getresourcemanager
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8a5d6d962bbd61bfc54aed850fb7ac186871cd951509127ef9552fd0f787e5f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
server-timing
response-code; desc=200, edge; dur=1, origin; dur=37, cdn-cache; desc=MISS, ak_p; desc="1692258003417_34664473_205071641_3647_767_33_0_219";dur=1
content-length
9743
pragma
no-cache
last-modified
Thu, 17 Aug 2023 06:54:04 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
x-ms-request-id
22047a4e-53c1-4f29-9afe-89ace9ed4905
cache-control
max-age=0, no-cache, no-store
expires
Thu, 17 Aug 2023 07:40:03 GMT
bootstrap.min.css
orders.costacoffee.com/ 		237 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/bootstrap.min.css?1615221695000
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6143693c3b4d00d84ece6b37fc527a3dd849728e6116ecf4a4e42d33ffd3cd1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
content-disposition
inline;filename*=UTF-8''bootstrap.min.css
server-timing
cdn-cache; desc=HIT, edge; dur=1, response-code; desc=200, ak_p; desc="1692258003419_34664473_205071643_21_1277_33_0_255";dur=1
content-length
38838
last-modified
Mon, 08 Mar 2021 16:40:50 GMT
etag
FZaGvcnZadCACmvZqYKRdB+SwpATxPgbMMCAj6tAM9k=
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-ms-request-id
af0b09c9-90c7-45a1-8d18-7098460e519d
cache-control
public, max-age=3600
font-awesome.bundle-3d8a58a48f.css
content.powerapps.com/resource/powerappsportal/dist/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/font-awesome.bundle-3d8a58a48f.css
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6ecb3da4b4b5adae0b627fafbf31366a07c33c047452ee750822e34b14dd1fb2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=354.2,x-ms-igw-req-overhead;dur=0.2
content-length
2630
x-ms-islandgateway
ga0000002
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emkx
content-type
text/css
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
a608a07b-0a0e-46c4-94c0-7733b99b54cd
x-ms-service-request-id
446d695f-2ae9-4bc5-b040-c4bd0422f54a
accept-ranges
bytes
x-ms-static-content
SA0000000
timing-allow-origin
*
preform.bundle-739eaba11a.css
content.powerapps.com/resource/powerappsportal/dist/ 		101 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/preform.bundle-739eaba11a.css
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
640eab278c458878f9403061486dabac4378595f3ba752ce203d7c1d3009009b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=355.3,x-ms-igw-req-overhead;dur=0.2
content-length
16360
x-ms-islandgateway
ga0000001
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emm0
content-type
text/css
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
af78aeeb-ca36-4238-a908-9f01f9f31747
x-ms-service-request-id
f1f6ff11-9023-49c4-b09b-66aef01b3659
accept-ranges
bytes
x-ms-static-content
ze000000Q
timing-allow-origin
*
account.css
orders.costacoffee.com/Areas/Account/css/ 		573 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/Areas/Account/css/account.css
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c1246b1eb5471eb1fb2c450f714290fe7538c754805e95c2f6b6176a3411018b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
server-timing
cdn-cache; desc=HIT, edge; dur=1, response-code; desc=200, ak_p; desc="1692258003419_34664473_205071644_29_1259_33_0_255";dur=1
content-length
386
last-modified
Thu, 13 Jul 2023 19:46:36 GMT
etag
"0369cbbc2b5d91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-ms-request-id
58c41369-5934-4058-a966-8e2f93143f5f
cache-control
public, max-age=46878
accept-ranges
bytes
costaTheme.css
orders.costacoffee.com/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/costaTheme.css?1658432262000
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
22d2d312485c9e72f7e1e48bce3fc32e791a7834ec5571442ac91fb8544984d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
content-disposition
inline;filename*=UTF-8''costaTheme.css
server-timing
cdn-cache; desc=HIT, edge; dur=1, response-code; desc=200, ak_p; desc="1692258003419_34664473_205071645_23_1243_33_0_255";dur=1
content-length
1225
last-modified
Thu, 21 Jul 2022 19:37:42 GMT
etag
ItLTEkhcnnL34eSLzj/DLnkaeDTsVXFEKskfuFRJhNE=
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-ms-request-id
c106e6be-af99-413f-ab4b-f573838c2d38
cache-control
public, max-age=3600
theme.css
orders.costacoffee.com/ 		48 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/theme.css?1658432258000
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a4e52769d03796a417e283202b7a80277f810e1f0408bd70330af3a6215b7f48
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
content-disposition
inline;filename*=UTF-8''costaTheme.css
server-timing
cdn-cache; desc=HIT, edge; dur=1, response-code; desc=200, ak_p; desc="1692258003419_34664473_205071646_19_780_33_0_255";dur=1
content-length
7919
last-modified
Thu, 21 Jul 2022 19:37:38 GMT
etag
pOUnadA3lqQX4oMgK3qAJ3+BDh8ECL1wMwrzpiFbf0g=
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-ms-request-id
e109789c-1727-4d5c-b629-04b1fd78ea8b
cache-control
public, max-age=3600
pwa-style.bundle-2739c60227.css
content.powerapps.com/resource/powerappsportal/dist/ 		540 B
752 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/pwa-style.bundle-2739c60227.css
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
974fecbebcf2f295348c3631fe069966eab4b4b57cd4fcbe15fb70d0acab47c6
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=360.7,x-ms-igw-req-overhead;dur=0.1
content-length
193
x-ms-islandgateway
ga0000001
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emky
content-type
text/css
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
ae00a91f-e911-4b80-930f-952714693623
x-ms-service-request-id
8d40fc90-f531-4872-a610-86619e2d71e4
accept-ranges
bytes
x-ms-static-content
ze0000001
timing-allow-origin
*
pcf-style.bundle-0d8f841437.css
content.powerapps.com/resource/powerappsportal/dist/ 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/pcf-style.bundle-0d8f841437.css
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d691db162acde81487d3a3f9d21391ebb2fd5d7b9f8c626356be5a4d380419f4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=91.5,x-ms-igw-req-overhead;dur=0.2
content-length
1442
x-ms-islandgateway
ga0000000
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emkz
content-type
text/css
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
fe2ae3f1-3ab6-4758-b370-78ac3d5c30c9
x-ms-service-request-id
5cca4884-fdf2-47e8-b55e-80474d0a8482
accept-ranges
bytes
x-ms-static-content
ZE000001R
timing-allow-origin
*
web.png
content.powerapps.com/resource/powerappsportal/img/ 		625 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.powerapps.com/resource/powerappsportal/img/web.png
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ddeb1c61fe3fc1c4195d6af3ca1514f8eb78de09e6de3dbfcc960ddfda93ee54
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=363.1,x-ms-igw-req-overhead;dur=0.1
x-ms-islandgateway
GA0000001
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmp
content-type
image/png
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
b14f1df1-11c3-4473-b872-2e65b8254248
x-ms-service-request-id
3bbe1121-f7f5-4f9d-b6dd-253b8132064f
x-ms-static-content
ZE000000T
timing-allow-origin
*
close.png
content.powerapps.com/resource/powerappsportal/img/ 		237 B
793 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.powerapps.com/resource/powerappsportal/img/close.png
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
55b9b171bb9bc15acdd21c7a186e1268bc774b6a7c5a6fbc2f2bfee564890325
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=356.3,x-ms-igw-req-overhead;dur=0.2
x-ms-islandgateway
ga0000001
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmq
content-type
image/png
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
249dc893-cd23-444d-9c2e-98475e84a5c4
x-ms-service-request-id
18193299-eca4-4b59-ad01-c85a07050a4b
x-ms-static-content
SA0000003
timing-allow-origin
*
COSTA_COFFEE_SCREEN_USE_WHT.png
orders.costacoffee.com/ 		133 KB
133 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://orders.costacoffee.com/COSTA_COFFEE_SCREEN_USE_WHT.png
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
379678f866a25c333d83b61943ea53c8e84509101ba2176341216e4d384913f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 08 Mar 2021 16:40:53 GMT
etag
N5Z4+GaiXDM9g7YZQ+pTyOhFCRAbohdjQSFuTThJE/M=
x-frame-options
SAMEORIGIN
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
content-type
image/png
x-ms-request-id
522731ce-de76-4edd-bc0b-dfaac362be80
cache-control
public, max-age=3600
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
content-disposition
inline;filename*=UTF-8''COSTA_COFFEE_SCREEN_USE_WHT.png
server-timing
cdn-cache; desc=HIT, edge; dur=1, response-code; desc=200, ak_p; desc="1692258003595_34664473_205071943_16_986_39_0_146";dur=1
content-length
135688
client-telemetry.bundle-34ca1a66a2.js
content.powerapps.com/resource/powerappsportal/dist/ 		204 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/client-telemetry.bundle-34ca1a66a2.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
35559411930be95a95e9bbe0d5e64c6f27ba130dc3ae21effaa7534148b59fda
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=536.8,x-ms-igw-req-overhead;dur=0.1
content-length
62852
x-ms-islandgateway
ga0000001
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emm5
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
1d3a8452-cd15-4552-8193-af5aaff41ee5
x-ms-service-request-id
42093571-fe21-4d40-ae73-523d8064d928
accept-ranges
bytes
x-ms-static-content
ze0000004
timing-allow-origin
*
client-telemetry-wrapper.bundle-0dd3da3c79.js
content.powerapps.com/resource/powerappsportal/dist/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/client-telemetry-wrapper.bundle-0dd3da3c79.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d0200324ba3cba31ea90c65aebf243f5d2212c5ceecd6a1efe23f10013a502c2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=338.9,x-ms-igw-req-overhead;dur=0.1
content-length
751
x-ms-islandgateway
ga0000001
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emm9
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
2f363723-47e5-43e1-8fcc-3e6cebf546d9
x-ms-service-request-id
e09992f8-480a-4868-b801-90074b42e0ee
accept-ranges
bytes
x-ms-static-content
ze000003K
timing-allow-origin
*
preform.moment_2_29_4.bundle-79a29b80d8.js
content.powerapps.com/resource/powerappsportal/dist/ 		529 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/preform.moment_2_29_4.bundle-79a29b80d8.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5da9fef14397e5e6f71736be12c109e291c45a45bcace81e1b66871109ff0abf
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=614.9,x-ms-igw-req-overhead;dur=0.1
content-length
133366
x-ms-islandgateway
ga0000004
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmc
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
3547a849-fbdb-4b32-b38c-71d6d87f5e2a
x-ms-service-request-id
6fcd3751-e983-4340-8e05-a3f4412d3ae0
accept-ranges
bytes
x-ms-static-content
ze000000S
timing-allow-origin
*
pcf-dependency.bundle-805a1661b7.js
content.powerapps.com/resource/powerappsportal/dist/ 		42 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/pcf-dependency.bundle-805a1661b7.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b37275f7c7f76430f05a20e7d0dddac3649467dbc0e7af58cc3f04b1ee6dea81
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=371.1,x-ms-igw-req-overhead;dur=0.1
content-length
10872
x-ms-islandgateway
ga0000001
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmd
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
2e49784d-72bb-491b-8b5b-5644721f1591
x-ms-service-request-id
5a579a38-2cea-4b88-8acb-859e1c1309c2
accept-ranges
bytes
x-ms-static-content
ZE0000002
timing-allow-origin
*
pcf.bundle-c0769d8040.js
content.powerapps.com/resource/powerappsportal/dist/ 		826 KB
166 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/pcf.bundle-c0769d8040.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6137480cdf3216fc12aae3c35c365faee4b060185264c98fe4132901795b6725
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=291.4,x-ms-igw-req-overhead;dur=0.2
content-length
168908
x-ms-islandgateway
GA0000004
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emme
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
de292d61-3be4-486a-a187-5492bad582c7
x-ms-service-request-id
ee731d3a-ff75-4479-a52b-df543e409e23
accept-ranges
bytes
x-ms-static-content
ZE000001C
timing-allow-origin
*
pcf-extended.bundle-e303d53553.js
content.powerapps.com/resource/powerappsportal/dist/ 		955 KB
212 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/pcf-extended.bundle-e303d53553.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ced5ea5c04e6dd8807fa46b2052888eb4798e557c507fc2ec75463fee17a9aea
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=600.3,x-ms-igw-req-overhead;dur=0.2
content-length
216516
x-ms-islandgateway
ga00000A1
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmf
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
a8d55347-c3b1-4e6b-a77c-167de3a37c82
x-ms-service-request-id
1b0ef466-684f-4ef1-ac97-59baf394f64c
accept-ranges
bytes
x-ms-static-content
ZE000000A
timing-allow-origin
*
pcf-loader.bundle-f4a0e619b8.js
content.powerapps.com/resource/powerappsportal/dist/ 		80 B
633 B 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/pcf-loader.bundle-f4a0e619b8.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cec86f53b19c31bc124614007553a6ebc5434f9b1d2f03b1db0393b22ab16ea2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=375.2,x-ms-igw-req-overhead;dur=0.2
content-length
63
x-ms-islandgateway
ga0000000
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmg
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
e65acdf2-f485-4eeb-b6c1-0ff6ecaa9b3b
x-ms-service-request-id
9bd0df8e-3d89-41b9-a81e-64549d0e0d50
accept-ranges
bytes
x-ms-static-content
ZE000001M
timing-allow-origin
*
bootstrap.bundle-105a4995b8.js
content.powerapps.com/resource/powerappsportal/dist/ 		39 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/bootstrap.bundle-105a4995b8.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a915d483b99af421f4813e6b60599b4e39faff120e54b5e9838386d4ae1a4c60
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=354.8,x-ms-igw-req-overhead;dur=0.2
content-length
9692
x-ms-islandgateway
GA0000004
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmh
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
ada13572-1f1a-4090-b39a-49c746871465
x-ms-service-request-id
6eee3cf6-397e-45fe-9914-eccb696e0642
accept-ranges
bytes
x-ms-static-content
SA0000001
timing-allow-origin
*
postpreform.bundle-b36bd5147c.js
content.powerapps.com/resource/powerappsportal/dist/ 		161 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/postpreform.bundle-b36bd5147c.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3ce26fc33056a16cb5eb1977af8f9b2b8dcd8c742424210aa1301f1fd1eee586
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=438.8,x-ms-igw-req-overhead;dur=0.1
content-length
43404
x-ms-islandgateway
ga0000000
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmk
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
33ebe3db-75ed-4a4d-aaee-757adfff3f63
x-ms-service-request-id
68dd9dd7-8ef0-46ce-9486-b5cb82939df1
accept-ranges
bytes
x-ms-static-content
ze0000040
timing-allow-origin
*
app.bundle-ac36488b2a.js
content.powerapps.com/resource/powerappsportal/dist/ 		266 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/app.bundle-ac36488b2a.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
329935546aab64d59b4fb5b9724afcd4186171230821e8709704e64cf0018862
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=487.5,x-ms-igw-req-overhead;dur=0.1
content-length
41044
x-ms-islandgateway
GA0000002
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmm
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
a6a8b199-526a-4cc1-81a4-dcbd2a8b4b7d
x-ms-service-request-id
7842a72d-7a69-4346-95a5-19aec8d279b3
accept-ranges
bytes
x-ms-static-content
ZE000001D
timing-allow-origin
*
default-1033.moment_2_29_4.bundle-eda4e638fd.js
content.powerapps.com/resource/powerappsportal/dist/ 		361 B
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://content.powerapps.com/resource/powerappsportal/dist/default-1033.moment_2_29_4.bundle-eda4e638fd.js
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5423f185195f046d0f3893f674e072be43e47c6124dd6ccbe214e896b1944d43
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
x-servicefabric
NoRetry
x-cache
TCP_HIT
server-timing
x-ms-igw-upstream-headers;dur=344.3,x-ms-igw-req-overhead;dur=0.2
content-length
174
x-ms-islandgateway
ga0000002
vary
Accept-Encoding
x-azure-ref
20230817T074003Z-0bsr9by94x1g7c58bx70h4bm3n00000001p000000000emmn
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-activity-vector
00.00.00.00
cache-control
public, max-age=31536000
x-ms-correlation-id
30dea425-2dfe-4bbf-841b-ea19d2161ae0
x-ms-service-request-id
8577a07a-dc83-4b71-a64b-cc7512eb2712
accept-ranges
bytes
x-ms-static-content
SA0000002
timing-allow-origin
*
GV7AM-V4QDT-NHLRA-BUM8W-KUHKL
s.go-mpulse.net/boomerang/ 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/GV7AM-V4QDT-NHLRA-BUM8W-KUHKL
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3500:586::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:04 GMT
content-encoding
br
last-modified
Wed, 09 Aug 2023 15:05:30 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
x-n
S
timing-allow-origin
*
content-length
50393
gothambold.otf
orders.costacoffee.com/ 		124 KB
62 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/gothambold.otf
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/costaTheme.css?1658432262000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
88b3795f97ee469c9e30430b54d35c11cdf28c96e3e71d0122e37e6bf025c0b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://orders.costacoffee.com/costaTheme.css?1658432262000
Origin
https://orders.costacoffee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
last-modified
Mon, 08 Mar 2021 16:40:53 GMT
etag
iLN5X5fuRpyeMEMLVNNcEc3yjJbj5x0BIuN+a/AlwLg=
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/octet-stream
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
x-ms-request-id
a9c465d5-a627-42cf-88c8-4933152e319b
cache-control
public, max-age=3600
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
content-disposition
inline;filename*=UTF-8''Gotham%20Bold.otf
server-timing
cdn-cache; desc=HIT, edge; dur=24, origin; dur=0, response-code; desc=200, ak_p; desc="1692258003600_34664473_205071949_2390_768_39_0_255";dur=1
gotham-book-regular.otf
orders.costacoffee.com/ 		29 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/gotham-book-regular.otf
Requested by
Host: orders.costacoffee.com
URL: https://orders.costacoffee.com/costaTheme.css?1658432262000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
30cf61509fb1a5405caf7ed1a872068936c72f69bf0cf5d9ae50ae418552e3bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://orders.costacoffee.com/costaTheme.css?1658432262000
Origin
https://orders.costacoffee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
content-disposition
inline;filename*=UTF-8''Gotham%20Book%20Regular.otf
server-timing
cdn-cache; desc=HIT, edge; dur=13, origin; dur=0, response-code; desc=200, ak_p; desc="1692258003898_34664473_205072427_1295_1031_32_0_255";dur=1
content-length
16036
last-modified
Mon, 08 Mar 2021 16:40:54 GMT
etag
MM9hUJ+xpUBcr37RqHIGiTbHL2m/DPXZrlCuQYVS478=
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/octet-stream
x-ms-request-id
f81fe5b0-7c4d-4e35-a47f-ed5d36b80f34
cache-control
public, max-age=3600
tokenhtml
orders.costacoffee.com/_layout/ 		174 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://orders.costacoffee.com/_layout/tokenhtml?_=1692258003651
Requested by
Host: content.powerapps.com
URL: https://content.powerapps.com/resource/powerappsportal/dist/client-telemetry.bundle-34ca1a66a2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:d::210:f159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
13fb9143cc5289f7b00ac34d55d053cb8bf3e52a0a56df4bef05779b49a9d448
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://orders.costacoffee.com/SignIn?ReturnUrl=%2F
X-Requested-With
XMLHttpRequest
traceparent
00-ea18b4a17b7d4a38992f91c5cf6f1ae1-3f619950a7244339-01
Request-Id
|ea18b4a17b7d4a38992f91c5cf6f1ae1.3f619950a7244339
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Thu, 17 Aug 2023 07:40:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy-report-only
default-src 'self' content.powerapps.com; connect-src 'self' *.microsoft.com content.powerapps.com; font-src 'self' *.sharepointonline.com data: content.powerapps.com; frame-src 'self' content.powerapps.com; img-src 'self' content.powerapps.com; script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' content.powerapps.com; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com; style-src 'self' 'unsafe-inline' content.powerapps.com;
x-ms-portal-app
site-b4697134-2c55-4221-bbb3-5a3e724df308-EUn
server-timing
response-code; desc=200, edge; dur=2, origin; dur=37, cdn-cache; desc=MISS, ak_p; desc="1692258003905_34664473_205072439_3834_1053_32_0_219";dur=1
content-length
179
pragma
no-cache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
x-ms-request-id
19bcb4df-f014-461c-8e2a-2c702da042d4
cache-control
max-age=0, no-cache, no-store
x-akamai-transformed
9 295 0 pmb=mRUM,2
expires
Thu, 17 Aug 2023 07:40:03 GMT
config.json
c.go-mpulse.net/api/ 		624 B
897 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=GV7AM-V4QDT-NHLRA-BUM8W-KUHKL&d=orders.costacoffee.com&t=5640860&v=1.720.0&sl=0&si=9990033c-143f-4b58-9441-810f545c8cbe-rziymr&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=944169
Requested by
Host: content.powerapps.com
URL: https://content.powerapps.com/resource/powerappsportal/dist/client-telemetry.bundle-34ca1a66a2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3500:981::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2e1e7d74dab1903ec877b002bcf3e95b10e86a6565b93930be08626a69fc0387

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://orders.costacoffee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 17 Aug 2023 07:40:04 GMT
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
624
Content-Type
application/json
/
684dd32b.akstat.io/ 		0
206 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://684dd32b.akstat.io/
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/GV7AM-V4QDT-NHLRA-BUM8W-KUHKL
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3500:586::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://orders.costacoffee.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 17 Aug 2023 07:40:04 GMT
content-type
image/gif
access-control-allow-origin
https://orders.costacoffee.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
x-xss-protection
0
expires
Thu, 17 Aug 2023 07:40:04 GMT
/
eu-mobile.events.data.microsoft.com/OneCollector/1.0/ 		24 B
293 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2
Requested by
Host: content.powerapps.com
URL: https://content.powerapps.com/resource/powerappsportal/dist/client-telemetry.bundle-34ca1a66a2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.69.239.72 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
afd588d7d1c94d797ef932006d524de973f6fc54556e62f0f340412c87f99d58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

upload-time
1692258006624
accept-language
de-DE,de;q=0.9
client-version
1DS-Web-JS-3.2.8
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
time-delta-to-apply-millis
use-collector-delta
content-type
application/x-json-stream
cache-control
no-cache, no-store
Referer
https://orders.costacoffee.com/
apikey
197418c5cb8c4426b201f9db2e87b914-87887378-2790-49b0-9295-51f43b6204b1-7172
Client-Id
NO_AUTH

Response headers

strict-transport-security
max-age=31536000
date
Thu, 17 Aug 2023 07:40:06 GMT
server
Microsoft-HTTPAPI/2.0
time-delta-millis
291
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
https://orders.costacoffee.com
access-control-expose-headers
time-delta-millis
access-control-allow-credentials
true
access-control-allow-headers
time-delta-millis
content-length
24
/
eu-mobile.events.data.microsoft.com/OneCollector/1.0/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://eu-mobile.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.69.239.72 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Access-Control-Request-Method
POST
Origin
https://orders.costacoffee.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-allow-origin
https://orders.costacoffee.com
access-control-max-age
3600
cache-control
public, 3600
content-length
0
date
Thu, 17 Aug 2023 07:40:05 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| ResourceManager undefined| msViewportStyle object| BOOMR_mq string| BOOMR_API_key object| BOOMR object| Microsoft function| setHeight object| e function| t object| oneDS object| __dynProto$Gbl object| clientLogger object| clientLogWrapper object| dateFormatConverter function| $ function| jQuery object| respond function| _ function| moment object| IPv6 object| punycode object| SecondLevelDomains function| URI function| URITemplate function| __assign function| __rest function| __spreadArray object| PropTypes object| Fela object| FelaDOM object| ComponentFramework object| __stylesheet__ object| __globalSettings__ object| __packages__ object| __themeState__ object| CustomControls object| React object| ReactDOM object| __React object| __ReactDOM function| requirejs function| loadAllPcfControlsOnPage function| loadPcfGridControl object| FluentUIReact object| ReactFela number| __currentId__ function| validateLoginSession function| redirectToLogin object| q object| shell object| Handlebars boolean| PR_SHOULD_USE_CONTINUATION function| prettyPrintOne function| prettyPrint object| PR function| expandCollapse object| portal function| ConvertErrorstrtoLink function| base64DecodeUnicode function| scrollToAndFocusCapatch function| setCapatchFocus function| scrollToCapatchPosition object| postBackOnSubmit function| SubmitModal function| getUrlWithRelatedReference object| adx object| auth function| FacetedSearch function| GoToNewEditor number| BOOMR_onload function| BOOMR_check_doc_domain object| ErrorStackParser object| UserTimingCompression

9 Cookies

Domain/Path Name / Value
orders.costacoffee.com/ Name: Dynamics365PortalAnalytics
Value: 2Tjx_IGgikpLM8aq883qWgbwGAYLnyP4fdmV9T7WorFWAeYeEVHRF7WZ7UeifxQGOlABd6I0TkqFItDVb1qkKph5Vw9LAslQ_g8TLcSFPP0-UMipnNQIxY8qn8RBX3DkNP6FO1tZbbuZJGzV8jJUdw2
orders.costacoffee.com/ Name: ASP.NET_SessionId
Value: fa22l3sr05wyxein31gogdu2
.orders.costacoffee.com/ Name: ARRAffinity
Value: d87e26087b0df33dc9f86cc13a991841b90bc2b2166498d8b463224dca728a5f
.orders.costacoffee.com/ Name: ARRAffinitySameSite
Value: d87e26087b0df33dc9f86cc13a991841b90bc2b2166498d8b463224dca728a5f
orders.costacoffee.com/ Name: __RequestVerificationToken
Value: agwPtAXtfpVsbp67P9NaJnFiJg44mUISiwqUszm54Nj7Ga3HYIukhbdoVLBrnNtt5r7R9XUyK5TVIwl-cTPNlgV0bZ-nantARPAy7SHhi-A1
.costacoffee.com/ Name: AKA_A2
Value: A
orders.costacoffee.com/ Name: timezoneoffset
Value: -120
orders.costacoffee.com/ Name: isDSTSupport
Value: true
orders.costacoffee.com/ Name: isDSTObserved
Value: true

5 Console Messages

Source Level URL
Text
security error URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F(Line 74)
Message:
[Report Only] Refused to load the script 'https://s.go-mpulse.net/boomerang/GV7AM-V4QDT-NHLRA-BUM8W-KUHKL' because it violates the following Content Security Policy directive: "script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com".
security error URL: https://orders.costacoffee.com/SignIn?ReturnUrl=%2F(Line 74)
Message:
[Report Only] Refused to load the script 'https://s.go-mpulse.net/boomerang/GV7AM-V4QDT-NHLRA-BUM8W-KUHKL' because it violates the following Content Security Policy directive: "script-src-elem 'self' 'unsafe-inline' *.cloudflare.com content.powerapps.com".
security error URL: https://content.powerapps.com/resource/powerappsportal/dist/client-telemetry.bundle-34ca1a66a2.js(Line 13)
Message:
[Report Only] Refused to connect to 'https://c.go-mpulse.net/api/config.json?key=GV7AM-V4QDT-NHLRA-BUM8W-KUHKL&d=orders.costacoffee.com&t=5640860&v=1.720.0&sl=0&si=9990033c-143f-4b58-9441-810f545c8cbe-rziymr&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=944169' because it violates the following Content Security Policy directive: "connect-src 'self' *.microsoft.com content.powerapps.com".
security error URL: https://s.go-mpulse.net/boomerang/GV7AM-V4QDT-NHLRA-BUM8W-KUHKL(Line 9)
Message:
[Report Only] Refused to connect to 'https://684dd32b.akstat.io/' because it violates the following Content Security Policy directive: "connect-src 'self' *.microsoft.com content.powerapps.com".
security error URL: https://s.go-mpulse.net/boomerang/GV7AM-V4QDT-NHLRA-BUM8W-KUHKL(Line 9)
Message:
[Report Only] Refused to connect to 'https://684dd32b.akstat.io/' because it violates the following Content Security Policy directive: "connect-src 'self' *.microsoft.com content.powerapps.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

684dd32b.akstat.io
c.go-mpulse.net
content.powerapps.com
eu-mobile.events.data.microsoft.com
orders.costacoffee.com
s.go-mpulse.net
13.69.239.72
2620:1ec:bdf::42
2a02:26f0:3500:586::11a6
2a02:26f0:3500:981::11a6
2a02:26f0:480:d::210:f159
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
13fb9143cc5289f7b00ac34d55d053cb8bf3e52a0a56df4bef05779b49a9d448
22d2d312485c9e72f7e1e48bce3fc32e791a7834ec5571442ac91fb8544984d1
2e1e7d74dab1903ec877b002bcf3e95b10e86a6565b93930be08626a69fc0387
30cf61509fb1a5405caf7ed1a872068936c72f69bf0cf5d9ae50ae418552e3bf
329935546aab64d59b4fb5b9724afcd4186171230821e8709704e64cf0018862
35559411930be95a95e9bbe0d5e64c6f27ba130dc3ae21effaa7534148b59fda
379678f866a25c333d83b61943ea53c8e84509101ba2176341216e4d384913f3
3ce26fc33056a16cb5eb1977af8f9b2b8dcd8c742424210aa1301f1fd1eee586
4cc3b35ea5359b0733bfea6aafb3e61a77fe15ab02a8ccf0141913f2a3d84caa
5423f185195f046d0f3893f674e072be43e47c6124dd6ccbe214e896b1944d43
55b9b171bb9bc15acdd21c7a186e1268bc774b6a7c5a6fbc2f2bfee564890325
5da9fef14397e5e6f71736be12c109e291c45a45bcace81e1b66871109ff0abf
6137480cdf3216fc12aae3c35c365faee4b060185264c98fe4132901795b6725
6143693c3b4d00d84ece6b37fc527a3dd849728e6116ecf4a4e42d33ffd3cd1f
640eab278c458878f9403061486dabac4378595f3ba752ce203d7c1d3009009b
6ecb3da4b4b5adae0b627fafbf31366a07c33c047452ee750822e34b14dd1fb2
88b3795f97ee469c9e30430b54d35c11cdf28c96e3e71d0122e37e6bf025c0b8
8a5d6d962bbd61bfc54aed850fb7ac186871cd951509127ef9552fd0f787e5f3
974fecbebcf2f295348c3631fe069966eab4b4b57cd4fcbe15fb70d0acab47c6
a4e52769d03796a417e283202b7a80277f810e1f0408bd70330af3a6215b7f48
a915d483b99af421f4813e6b60599b4e39faff120e54b5e9838386d4ae1a4c60
afd588d7d1c94d797ef932006d524de973f6fc54556e62f0f340412c87f99d58
b37275f7c7f76430f05a20e7d0dddac3649467dbc0e7af58cc3f04b1ee6dea81
c1246b1eb5471eb1fb2c450f714290fe7538c754805e95c2f6b6176a3411018b
cec86f53b19c31bc124614007553a6ebc5434f9b1d2f03b1db0393b22ab16ea2
ced5ea5c04e6dd8807fa46b2052888eb4798e557c507fc2ec75463fee17a9aea
d0200324ba3cba31ea90c65aebf243f5d2212c5ceecd6a1efe23f10013a502c2
d691db162acde81487d3a3f9d21391ebb2fd5d7b9f8c626356be5a4d380419f4
ddeb1c61fe3fc1c4195d6af3ca1514f8eb78de09e6de3dbfcc960ddfda93ee54
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c