Submitted URL: http://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Effective URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Submission: On August 25 via manual from IN

Summary

This website contacted 16 IPs in 6 countries across 8 domains to perform 53 HTTP transactions. The main IP is 104.109.90.218, located in Netherlands and belongs to AKAMAI-ASN1, EU. The main domain is www.bahn.de.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 10th 2020. Valid for: a year.
This is the only time www.bahn.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 27 104.109.90.218 20940 (AKAMAI-ASN1)
1 2a02:26f0:f1:... 20940 (AKAMAI-ASN1)
1 54.80.74.201 14618 (AMAZON-AES)
1 184.86.103.210 20940 (AKAMAI-ASN1)
1 2.17.191.240 16625 (AKAMAI-AS)
2 15.236.175.233 16509 (AMAZON-02)
2 81.200.197.91 34156 (BAHN-AS-BLN)
1 2 37.157.6.251 198622 (ADFORM)
2 37.157.2.246 198622 (ADFORM)
5 104.17.208.240 13335 (CLOUDFLAR...)
3 104.109.92.47 20940 (AKAMAI-ASN1)
2 2600:9000:21f... 16509 (AMAZON-02)
1 2 37.157.3.29 198622 (ADFORM)
2 213.202.235.9 24961 (MYLOC-AS ...)
1 52.4.204.80 14618 (AMAZON-AES)
53 16
Domain Requested by
27 www.bahn.de 1 redirects www.bahn.de
4 siteintercept.qualtrics.com zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
3 www.img-bahn.de ps.bahn.de
2 m.exactag.com www.bahn.de
m.exactag.com
2 a1.adform.net 1 redirects a1.adform.net
2 cdn.m-pathy.com www.bahn.de
cdn.m-pathy.com
2 s2.adform.net www.bahn.de
2 dmp.adform.net 1 redirects dmp.adform.net
2 ps.bahn.de www.bahn.de
www.img-bahn.de
2 st.bahn.de www.bahn.de
1 logx.optimizely.com cdn.optimizely.com
1 zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com www.bahn.de
1 a791773171.cdn.optimizely.com cdn.optimizely.com
1 www.static-bahn.de www.bahn.de
1 vis.optimizely.com cdn.optimizely.com
1 cdn.optimizely.com www.bahn.de
0 cdn3.optimizely.com Failed cdn.optimizely.com
53 17
Subject Issuer Validity Valid
www.bahn.de
DigiCert SHA2 Extended Validation Server CA
2020-01-10 -
2021-04-07
a year crt.sh
cdn.optimizely.com
DigiCert SHA2 Secure Server CA
2020-01-20 -
2021-03-20
a year crt.sh
vis.optimizely.com
Amazon
2020-05-26 -
2021-06-26
a year crt.sh
subsites.bahn.de
Let's Encrypt Authority X3
2020-07-13 -
2020-10-11
3 months crt.sh
*.cdn.optimizely.com
GeoTrust RSA CA 2018
2020-03-05 -
2021-06-04
a year crt.sh
st.bahn.de
DigiCert SHA2 High Assurance Server CA
2020-03-02 -
2021-06-09
a year crt.sh
ps.bahn.de
Let's Encrypt Authority X3
2020-08-24 -
2020-11-22
3 months crt.sh
track.adform.net
DigiCert SHA2 Secure Server CA
2019-09-16 -
2021-09-20
2 years crt.sh
*.qualtrics.com
DigiCert SHA2 Secure Server CA
2018-10-08 -
2021-01-06
2 years crt.sh
www.img-bahn.de
DigiCert SHA2 Secure Server CA
2020-02-19 -
2021-04-14
a year crt.sh
*.m-pathy.com
Amazon
2020-01-28 -
2021-02-28
a year crt.sh
*.exactag.com
Sectigo RSA Organization Validation Secure Server CA
2020-01-22 -
2022-04-21
2 years crt.sh
logx.optimizely.com
DigiCert SHA2 High Assurance Server CA
2018-10-01 -
2020-10-05
2 years crt.sh

This page contains 6 frames:

Primary Page: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Frame ID: 27F2915511828948DE8AE446F31DE92E
Requests: 44 HTTP requests in this frame

Frame: https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html
Frame ID: DC12F00D13672CEAD5C1448D81DFD9B0
Requests: 1 HTTP requests in this frame

Frame: https://a791773171.cdn.optimizely.com/client_storage/a791773171.html
Frame ID: 02CCBDCE2E04C9F421320FD622590A48
Requests: 1 HTTP requests in this frame

Frame: https://ps.bahn.de/common/content/html/lmiframe.html
Frame ID: A48890711EDE970A8F729B52E1F25BB0
Requests: 5 HTTP requests in this frame

Frame: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=N9Wkt3zxNpk4&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fbahncard________________________________________________________________Internetauftritt%22%2C%22search%22%3A%22%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Content%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_hilfe_404%22%7D
Frame ID: 1B3269F0934A1214C8F6286524C93124
Requests: 1 HTTP requests in this frame

Frame: https://m.exactag.com/px.aspx?id=a3a52bac64d549819f139b429240ab99
Frame ID: 9BBD9405FA2F549AB503129A78235BAB
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://www.bahn.de/bahncard________________________________________________________________Inte... HTTP 301
    https://www.bahn.de/bahncard________________________________________________________________Inte... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i

Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i

Overall confidence: 100%
Detected patterns
  • script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /optimizely\.com.*\.js/i

Page Statistics

53
Requests

96 %
HTTPS

13 %
IPv6

8
Domains

17
Subdomains

16
IPs

6
Countries

1092 kB
Transfer

3251 kB
Size

23
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.bahn.de/bahncard________________________________________________________________Internetauftritt HTTP 301
    https://www.bahn.de/bahncard________________________________________________________________Internetauftritt Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32
  • https://dmp.adform.net/audiencetag/adformat.js HTTP 301
  • https://s2.adform.net/banners/scripts/audiencetag/adformat.js
Request Chain 39
  • https://a1.adform.net/serving/scripts/trackpoint/async/ HTTP 301
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js

53 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request bahncard________________________________________________________________Internetauftritt
www.bahn.de/
Redirect Chain
  • http://www.bahn.de/bahncard________________________________________________________________Internetauftritt
  • https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
53 KB
53 KB
Document
General
Full URL
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
ae114c48cb81d2f79ac179eb4068e60d4202bbd9d260fc3eb2eb5d09bec0221a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.bahn.de
:scheme
https
:path
/bahncard________________________________________________________________Internetauftritt
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
404
content-type
text/html
server
AmazonS3
x-ep
84
x-amz-id-2
Va0JWrN0RPepS6BjtWI9vKq1DiCOtadqbISdtY/fyZbFrJUPDSXY2sTBdqZOQ/xorOw7bKA0y9U=
x-amz-request-id
DV6V3X0MFV8Y2H5M
last-modified
Thu, 20 Aug 2020 08:19:14 GMT
etag
"c248209195350460717cc10b6752dda9"
accept-ranges
bytes
cache-control
max-age=600
date
Tue, 25 Aug 2020 06:56:27 GMT
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Cache-Control
max-age=600
Date
Tue, 25 Aug 2020 06:56:27 GMT
Connection
keep-alive
Content-Security-Policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
portal.min.css
www.bahn.de/common/view/static/58afb948/responsive/css/
470 KB
98 KB
Stylesheet
General
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
0eeb1970197799a537566bf5554142fcf91a1b04368c735d6319ed35a2f53f15
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
573CBCC9A4C17FEB
status
200
vary
Accept-Encoding
content-length
99778
x-amz-id-2
q3Nuvba8Jj/T63QexUXzCEWpnMkTOM6wTG9z7DO1DUgxcnat+d87T6ctZetdgwxl7duK9B3SPvo=
last-modified
Mon, 10 Aug 2020 06:33:30 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"cd49343dce1d376767f5e6ecb4f62323"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/css
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
softlogin.min.js
www.bahn.de/common/view/static/58afb948/responsive/js/
63 KB
19 KB
Script
General
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/js/softlogin.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
63901B64DE6581A4
status
200
vary
Accept-Encoding
content-length
18289
x-amz-id-2
CqBzB6YCLbVJQtkt4mKgn9i2FPbFPVgpP+yBHCMGTHa1bn2n+UtON0JZdm4fntzjbIqlR36g6J4=
last-modified
Mon, 10 Aug 2020 06:33:33 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"e05b454dfa1d1468d94e0f903a8099f6"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
8033263973.js
cdn.optimizely.com/js/
842 KB
181 KB
Script
General
Full URL
https://cdn.optimizely.com/js/8033263973.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:29d::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3f23ebfed96cebaa9f25baefb3391e862e36efcf75c1dfc4bee3c5e1e519101
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
g10iRSHMJIFK63DXcRv4mwm29ujalmTN
content-encoding
gzip
etag
"80130d64c31e1ab71e5ee29608666118"
x-amz-request-id
523AF91B47EE18EA
status
200
x-amz-replication-status
COMPLETED
access-control-allow-methods
GET, HEAD
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="2a02:26f0:f1:29d::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
vary
Accept-Encoding
content-length
184759
x-amz-id-2
I+JSWGa7XWgmi7Kw078jw98RvrrvqmQAQMUz3kU0Hn13gRY13bZZre4xsfiIcRL1wlzDPj+YnRQ=
last-modified
Mon, 24 Aug 2020 14:37:31 GMT
server
AmazonS3
date
Tue, 25 Aug 2020 06:56:27 GMT
access-control-max-age
86400
strict-transport-security
max-age=15768000
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=1200
x-amz-meta-revision
16972
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
modernizr-2.8.3.min.js
www.bahn.de/common/view/static/58afb948/js/lib/modernizr/
11 KB
5 KB
Script
General
Full URL
https://www.bahn.de/common/view/static/58afb948/js/lib/modernizr/modernizr-2.8.3.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
A3A7FDCD346DD0A5
status
200
vary
Accept-Encoding
content-length
4530
x-amz-id-2
YA/8GLKvCFSZmzqZt4KG0eAnduOUiHk5L54dFw1GE2YtorPbTi1zLJfSOQ+AlFMMHHzT1nDwPG0=
last-modified
Mon, 10 Aug 2020 06:33:29 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"e5e402607e45feccd78c4f49b96938c3"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
db_em_rgb_100px.svg
www.bahn.de/common/view/static/v8/img/
828 B
1 KB
Image
General
Full URL
https://www.bahn.de/common/view/static/v8/img/db_em_rgb_100px.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
D6621B3F7CB03071
status
200
vary
Accept-Encoding
content-length
480
x-amz-id-2
BwVcfq61CHbLgbOBHJtyg7l0osR2UK6CYW7kl5vZLGeOOgkU6GDq7qCBghXTXXCj0sHfD8vzarM=
last-modified
Sat, 19 May 2018 09:41:10 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"595cfbce732795e1d7cb8cbec1934345"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
mdb_280669_404_ice_980x490_cp_0x528_1920x1488.png
www.bahn.de/p/view/mdb/bahnintern/startseite/
42 KB
42 KB
Image
General
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/startseite/mdb_280669_404_ice_980x490_cp_0x528_1920x1488.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
2fd36cc95d1308b58ef5debd36e06f4f3e6c99d9a6542d248d1e2b5e794c4939
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 Jul 2020 07:59:46 GMT
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=263028
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
42830
x-xss-protection
1; mode=block
expires
Fri, 28 Aug 2020 08:00:16 GMT
mdb_280309_icon_news_und_infos_280x140.svg
www.bahn.de/p/view/mdb/bahnintern/services/index/piktogramme_svg/
962 B
1 KB
Image
General
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/services/index/piktogramme_svg/mdb_280309_icon_news_und_infos_280x140.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
dfb9d23c5d9b4a341c0e72c89f1c3be87f45e3b81e398357271dd70e66d8e84d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
8H1G3R4YCPANBP6P
status
200
vary
Accept-Encoding
content-length
412
x-amz-id-2
gUBkdBP46OLMNU6ZxbG6xeczaJd8l6Ax+LY2ZHkMagvnECiLUNV6Vs0z7gDTIfaLyCopHfGkupg=
last-modified
Wed, 04 Dec 2019 15:12:35 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"37008fcf36dfba5103062643e1f1c843"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
mdb_249572_zug_-_alle_verbindungen_2x_280x140.jpg
www.bahn.de/p/view/mdb/pv/deutschland_erleben/niedersachsen/erlebnis/bahnfahren_in_niedersachsen/
1 KB
2 KB
Image
General
Full URL
https://www.bahn.de/p/view/mdb/pv/deutschland_erleben/niedersachsen/erlebnis/bahnfahren_in_niedersachsen/mdb_249572_zug_-_alle_verbindungen_2x_280x140.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
e0c0f1873a4f25b7d3f8907641526d598c348ac3d890c1cdfd9b0ce8c0346ff0
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
x-content-type-options
nosniff
x-check-cacheable
YES
x-serial
55
x-frame-options
SAMEORIGIN
content-type
image/webp
status
200
cache-control
private, no-transform, max-age=262985
last-modified
Fri, 05 Jun 2020 07:59:37 GMT
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
1262
x-xss-protection
1; mode=block
server
Akamai Image Manager
expires
Fri, 28 Aug 2020 07:59:33 GMT
mdb_291403_piktogramm_online-ticket_280x140.svg
www.bahn.de/p/view/mdb/bahnintern/services/index/piktogramme_svg/
637 B
1005 B
Image
General
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/services/index/piktogramme_svg/mdb_291403_piktogramm_online-ticket_280x140.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
c948505e5a88631f8e389d9ffa5aac725ff190ead390e79dfd7737e4561d943f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
110F5EBB1B0D87B1
status
200
vary
Accept-Encoding
content-length
378
x-amz-id-2
7MHCowRomtsWUfrxEEi7KvqZdvV/ojECxvxtj49+UY3imynNpSy2RlzR3zjLJUJSWiF31blQiP8=
last-modified
Wed, 04 Dec 2019 15:12:35 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"dfadb720a792d7d2fa9fc2356118aa7a"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
portal-index.min.js
www.bahn.de/common/view/static/58afb948/responsive/js/
323 KB
93 KB
Script
General
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/js/portal-index.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
c73f83311b82836d1f247cdb6ed7d7132caa7d41a24edfa29ed342ec7143a62e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
87C402CEA12F272C
status
200
vary
Accept-Encoding
content-length
94604
x-amz-id-2
iXqVbESsI91ntTbswFhcnninkXedBzTPaBvT+ljS40yFvm2FrROe2gKnJw27PZeoBzWlh36O+EE=
last-modified
Mon, 10 Aug 2020 06:33:33 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"4d21ea9768ec8730d87f447509346a86"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
s_code.min.js
www.bahn.de/common/view/static/58afb948/js/lib/omniture/
111 KB
38 KB
Script
General
Full URL
https://www.bahn.de/common/view/static/58afb948/js/lib/omniture/s_code.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
9bd75d01213161905c0278231326126f5066ae7753e9b492b999417e0c2cfbef
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
72737B2D2B13D5FB
status
200
vary
Accept-Encoding
content-length
37926
x-amz-id-2
VhQRtiEp8UrledC42JTpgj75+0AGcL4aPinJC9eStvgG4hdQNGCrnTq331E024+QSUG8cuzNtew=
last-modified
Mon, 10 Aug 2020 06:33:29 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"c12f54903e3a0b802d70539124a34902"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
oeu1598338588143r0.3283835847654686
vis.optimizely.com/api/targeting/8033263973/8512265067/
1 KB
621 B
XHR
General
Full URL
https://vis.optimizely.com/api/targeting/8033263973/8512265067/oeu1598338588143r0.3283835847654686
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.80.74.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-80-74-201.compute-1.amazonaws.com
Software
nginx / Express
Resource Hash
c79794c138e5fbd4cd7f71ff73fdf314f170a6cccb08b4a9e7180f996f376b24

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 25 Aug 2020 06:56:28 GMT
Content-Encoding
gzip
ETag
W/"-1045647723"
Server
nginx
X-Powered-By
Express
Vary
Origin
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
284
geo2.js
cdn3.optimizely.com/js/
0
0

svg-sprites.svg
www.bahn.de/common/view/static/58afb948/responsive/img/
324 KB
88 KB
Other
General
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/img/svg-sprites.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
BFD6B3ECACAADF83
status
200
vary
Accept-Encoding
content-length
89114
x-amz-id-2
zVTUiBKVNMZVt2PN1CK7HVB4KmjTyrj5su6hrHvk9WKXKJeo2J2mLfh4ThvbAs8K8z6FeTIxHdU=
last-modified
Mon, 10 Aug 2020 06:33:33 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"5897c322752528b7f1b3c668589924bb"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
icon-s73bc5bf69c.png
www.bahn.de/common/view/static/58afb948/responsive/img/
53 KB
54 KB
Image
General
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/img/icon-s73bc5bf69c.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
x-content-type-options
nosniff
x-amz-request-id
407160CD5E1072E3
status
200
content-length
54236
x-amz-id-2
C4WPa9vDH/4dW92IzEdymCtWNaWcUofCyhP5h3xzhBx6V6YTxAU6+o9QF17xYFAJkALxsu0RUXI=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"aeea28ca3930a6dcf8000d07b505436f"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
logo-s56974c59c7.png
www.bahn.de/common/view/static/58afb948/responsive/img/
87 KB
88 KB
Image
General
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/img/logo-s56974c59c7.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
x-content-type-options
nosniff
x-amz-request-id
D162544BA1E73AF7
status
200
content-length
89271
x-amz-id-2
I9xK1p396WZ4+5ZThEvgoGlnMfv4nchZpl9j+WbV3PGx60hGXBYdNQyZ8nrZnH+qEGbhcAb6GBQ=
last-modified
Mon, 10 Aug 2020 06:33:32 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"16c145f3dc47144568268b324ce7d863"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
dbsan03-webfont.woff
www.bahn.de/common/view/static/58afb948/responsive/fonts/
48 KB
48 KB
Font
General
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/fonts/dbsan03-webfont.woff
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.bahn.de
Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
x-content-type-options
nosniff
x-amz-request-id
F267E3EBC2E54D77
status
200
content-length
48820
x-amz-id-2
/zDrxa/xOKYCCWE4dKR7vC7XZYtaNrKD/3FkevwOHglnwLP4HFTy30VUUVwNYYb9S8Yt3KbWGD8=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"ee22058781511177b60092028f12eea2"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
binary/octet-stream
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
db-icons.woff
www.bahn.de/common/view/static/58afb948/responsive/fonts/
29 KB
29 KB
Font
General
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/fonts/db-icons.woff?de5f8900bd1b6298cc0ca94466418537
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.bahn.de
Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
x-content-type-options
nosniff
x-amz-request-id
F0F875985E377712
status
200
content-length
29320
x-amz-id-2
Yvj6ABlI6EefDs7i8l05ADaxv6P5+wxVXC4q04sAlO4UA9FWLgD8TdOpukPy7SEJU8BTtBs2ixE=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"2ee679e77cd50b24e96de14b9e9f44fa"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
binary/octet-stream
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
dbsan06-webfont.woff
www.bahn.de/common/view/static/58afb948/responsive/fonts/
48 KB
48 KB
Font
General
Full URL
https://www.bahn.de/common/view/static/58afb948/responsive/fonts/dbsan06-webfont.woff
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.bahn.de
Referer
https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
x-content-type-options
nosniff
x-amz-request-id
6E2793C912DEF457
status
200
content-length
48880
x-amz-id-2
IsQ4RZe3cOx4ZXFf/270V6G5w3ISjgnOYmnF5DbyypJCQqYrN0Jtcu8zZ7DxroMf9XZuWZowJws=
last-modified
Mon, 10 Aug 2020 06:33:31 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"df5cd4cd4e41ddfaf7017f95765d6308"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
binary/octet-stream
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
skyscraper.html
www.static-bahn.de/media/view/mdb/media/w/skyscraper/ Frame DC12
0
0
Document
General
Full URL
https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.210 , United States, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a184-86-103-210.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

:method
GET
:authority
www.static-bahn.de
:scheme
https
:path
/media/view/mdb/media/w/skyscraper/skyscraper.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt

Response headers

status
200
content-type
text/html
server
Apache
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
etag
"fe-59a0cafaa1e40"
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
x-akamai-transformed
9 - 0 pmb=mRUM,1
cache-control
max-age=600
date
Tue, 25 Aug 2020 06:56:28 GMT
content-length
708
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
a791773171.html
a791773171.cdn.optimizely.com/client_storage/ Frame 02CC
0
0
Document
General
Full URL
https://a791773171.cdn.optimizely.com/client_storage/a791773171.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.17.191.240 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-191-240.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

:method
GET
:authority
a791773171.cdn.optimizely.com
:scheme
https
:path
/client_storage/a791773171.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt

Response headers

status
200
x-amz-id-2
Lo3l5eqFCCBIVYtZjBi5Gi0lLKFzwPW8bFTBp288OufBPBLrByIRBRx0v8Ppz0n6gCiOtBJvQmE=
x-amz-request-id
DAF39F347035269F
x-amz-replication-status
COMPLETED
last-modified
Mon, 24 Aug 2020 14:37:09 GMT
etag
"b3e825fb408bd6a2648065b0f3ecec39"
x-amz-meta-pci_enabled
False
content-encoding
gzip
x-amz-version-id
5o1mfm2ilF8dM7XV52jAkFJif8LIyFTg
accept-ranges
bytes
content-type
text/html; charset=utf-8
content-length
773
server
AmazonS3
vary
Accept-Encoding
cache-control
max-age=120
date
Tue, 25 Aug 2020 06:56:28 GMT
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="16";dur=0,cdnip;desc="2.17.191.240";dur=0,cdnmap;desc="a4343.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security
max-age=15768000
id
st.bahn.de/
48 B
482 B
XHR
General
Full URL
https://st.bahn.de/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&mid=76960328272819324483021750539720069340&ts=1598338588353
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/js/lib/omniture/s_code.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
2895b14d35e7dec3d0563b63d967bc00178e93dd4d283d3fe5e23f934f3443a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Tue, 25 Aug 2020 06:56:28 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7b958987b-8bwqm
vary
Origin
x-c
master-1337.If22631.M0-435
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bahn.de
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
utag.js
www.bahn.de/media/view/tms/
51 KB
15 KB
Script
General
Full URL
https://www.bahn.de/media/view/tms/utag.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
dd481714f00cbe6dced106a6acf686d6955b3e33886d6e36da84af48c7911e40
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
14477
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"cae1-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
getjson.pl
www.bahn.de/pbin/
104 KB
16 KB
XHR
General
Full URL
https://www.bahn.de/pbin/getjson.pl?name=nav_p&callback=jQuery111009784650097261691_1598338588335&_=1598338588336
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/js/portal-index.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
296ba2341dd76bd64707c9d27f4bde9a9d581d4dfa67082e5b50863d5490c7cd
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
max-age=180
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
content-length
15891
x-xss-protection
1; mode=block
Cookie set lmiframe.html
ps.bahn.de/common/content/html/ Frame A488
2 KB
3 KB
Document
General
Full URL
https://ps.bahn.de/common/content/html/lmiframe.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/js/softlogin.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
81.200.197.91 , Germany, ASN34156 (BAHN-AS-BLN, DE),
Reverse DNS
Software
Apache /
Resource Hash
a42b9362f2fe150b5cffcb26398b7bd45fd2e694756ada973e6646e820105508
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Host
ps.bahn.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
optimizelyEndUserId=oeu1598338588143r0.3283835847654686; AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg=-408604571%7CMCIDTS%7C18500%7CMCMID%7C76960328272819324483021750539720069340%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt

Response headers

Date
Tue, 25 Aug 2020 06:56:28 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
2209
Connection
keep-alive
Set-Cookie
AWSALB=ihBzprMP001PNi6p+UiCt0aLIq0WaTzpHV8l2REDtMKAN2soXUhMe3wtvJomlPep+XUBf/1eORPqNeX5nYor1b4DUqroTBvczwMYJUL4ej3v2PEVa3riYEVF5L7A; Expires=Tue, 01 Sep 2020 06:56:28 GMT; Path=/ AWSALBCORS=ihBzprMP001PNi6p+UiCt0aLIq0WaTzpHV8l2REDtMKAN2soXUhMe3wtvJomlPep+XUBf/1eORPqNeX5nYor1b4DUqroTBvczwMYJUL4ej3v2PEVa3riYEVF5L7A; Expires=Tue, 01 Sep 2020 06:56:28 GMT; Path=/; SameSite=None; Secure
Server
Apache
Last-Modified
Tue, 18 Aug 2020 07:01:38 GMT
Accept-Ranges
bytes
Strict-Transport-Security
max-age=16070400; includeSubDomains
utag.140.js
www.bahn.de/media/view/tms/
3 KB
2 KB
Script
General
Full URL
https://www.bahn.de/media/view/tms/utag.140.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
66227fc364238ca273877dfbe23ba2c093031eb78c22eec7a67d41e03f7eddf3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
1366
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"a82-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.85.js
www.bahn.de/media/view/tms/
3 KB
2 KB
Script
General
Full URL
https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
463fb89d98e79b11dc5a730062c0c81b81454c2ab5be3b1575af45c9c34dfd26
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
1337
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"a5f-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.74.js
www.bahn.de/media/view/tms/
2 KB
2 KB
Script
General
Full URL
https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
df3269972a11c7faf8efe845fc3cbf842029d97d917e3e4fe6020260e776ec75
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
1134
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"8d2-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.138.js
www.bahn.de/media/view/tms/
4 KB
2 KB
Script
General
Full URL
https://www.bahn.de/media/view/tms/utag.138.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8b3cec808989d41567109531d70a5c5afdfd4d08594be29a6fc328300f01eaeb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
1968
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"11fe-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.163.js
www.bahn.de/media/view/tms/
15 KB
4 KB
Script
General
Full URL
https://www.bahn.de/media/view/tms/utag.163.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3ec68785b9f903df013559cf1280ff816b0c3c527168791a1e7c1f3551583337
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
3634
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"3db7-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.160.js
www.bahn.de/media/view/tms/
16 KB
5 KB
Script
General
Full URL
https://www.bahn.de/media/view/tms/utag.160.js?utv=ut4.46.202007280644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d9ae25abc89c41af37dd531997af5e425b711e1661d1e6a3e66498b565f3ca6b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
4291
x-xss-protection
1; mode=block
last-modified
Mon, 03 Aug 2020 14:27:40 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"3e8f-5abf9f0e06f00"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
s44657630112511
st.bahn.de/b/ss/dbbahnprod/1/JS-2.20.0/
43 B
550 B
Image
General
Full URL
https://st.bahn.de/b/ss/dbbahnprod/1/JS-2.20.0/s44657630112511?AQB=1&ndh=1&pf=1&t=25%2F7%2F2020%208%3A56%3A28%202%20-120&mid=76960328272819324483021750539720069340&ce=UTF-8&ns=deutschebahn&cdp=2&pageName=BAHN_PVE_DEU_DE_hilfe_404&g=https%3A%2F%2Fwww.bahn.de%2Fbahncard________________________________________________________________Internetauftritt&c.&Rendering=Desktop&Orientierung=Landscape&page_info=0%7C0%2C0x0%2C0x0%2C0%2C&first_page_of_visit=true&load_time=5&.c&cc=EUR&ch=BAHN_PVE_DEU_DE&events=event45%2Cevent46&h1=PVE%3Ehilfe&c4=BAHN_PVE_DEU_DE&v4=BAHN_PVE_DEU_DE&c22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fhilfe%2F404.shtml&v22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fhilfe%2F404.shtml&c24=D%3DpageName&v24=D%3DpageName&c69=logout&v69=logout&v74=D%3DpageName&c75=D%3Dv75&v75=https%3A%2F%2Fwww.bahn.de%2Fbahncard________________________________________________________________Internetauftritt&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&AQE=1
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
x-content-type-options
nosniff
x-c
master-1337.If22631.M0-435
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Wed, 26 Aug 2020 06:56:28 GMT
server
jag
xserver
anedge-7b958987b-wbsr9
etag
3432405981782704128-4614122119783826444
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Mon, 24 Aug 2020 06:56:28 GMT
adformat.js
s2.adform.net/banners/scripts/audiencetag/
Redirect Chain
  • https://dmp.adform.net/audiencetag/adformat.js
  • https://s2.adform.net/banners/scripts/audiencetag/adformat.js
3 KB
2 KB
Script
General
Full URL
https://s2.adform.net/banners/scripts/audiencetag/adformat.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
1c540d0b0157c62f231f4787d5cef5ab466a790b2480bf1d7fa381b50ba16bd0

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
last-modified
Thu, 09 Jul 2020 13:08:37 GMT
server
nginx
etag
W/"5f0716d5-c6a"
x-cache-status
HIT
status
200
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript

Redirect headers

status
301
date
Tue, 25 Aug 2020 06:56:28 GMT
server
nginx
location
https://s2.adform.net/banners/scripts/audiencetag/adformat.js
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/html
/
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/
52 KB
16 KB
Script
General
Full URL
https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fbahncard________________________________________________________________Internetauftritt&t=1598338588576
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.46.202007280644
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
9c70dbcf68ff7ddfac4c79dbb728407dce2d5b2c67fecbba1e1060619a5612c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
379253
cf-polished
origSize=54309
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
04c60077d50000cc36b90e2200000001
cf-bgj
minify
server
cloudflare
x-powered-by
Express
etag
W/"d425-wPVX2BrG/kuafx3umeIQUuVh8GE"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
cf-ray
5c8369d2ee84cc36-ZRH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
es6-promise.js
www.img-bahn.de/s3/prod/es//js/ Frame A488
32 KB
7 KB
Script
General
Full URL
https://www.img-bahn.de/s3/prod/es//js/es6-promise.js
Requested by
Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.92.47 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-92-47.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708

Request headers

Referer
https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 25 Aug 2020 06:56:28 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 Aug 2020 07:05:41 GMT
Server
AmazonS3
x-amz-request-id
9048C2A021D3BD2B
ETag
"c833d9c873652af4a666772e9930b031"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6686
x-amz-id-2
+cm77dOw2MzREqRNqQfmA1LHbO/zz7mFdvJGN4c3SNoRLM/ban34seDWJyhROV8HM2UH5l0IwyQ=
Expires
Tue, 25 Aug 2020 07:11:28 GMT
common.js
www.img-bahn.de/s3/prod/es//js/ Frame A488
29 KB
6 KB
Script
General
Full URL
https://www.img-bahn.de/s3/prod/es//js/common.js
Requested by
Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.92.47 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-92-47.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2b79c36a7e8a9a7a94b717e60cb5a79976e7ac6c1b899aa02536ee460c9723fa

Request headers

Referer
https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 25 Aug 2020 06:56:28 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 Aug 2020 07:05:41 GMT
Server
AmazonS3
x-amz-request-id
A6F2ABAD4C061DC4
ETag
"34057f636668a1f6f1d15a4de2bc090c"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5489
x-amz-id-2
ZooTNIPTmxR6DjABk48jOtus2oLir2pSzTzwvKrKbu2lDj8tdpTs4viC5Vb+r9iG6q8KFarfA2M=
Expires
Tue, 25 Aug 2020 07:11:28 GMT
softlogin.js
www.img-bahn.de/s3/prod/es//js/ Frame A488
117 KB
21 KB
Script
General
Full URL
https://www.img-bahn.de/s3/prod/es//js/softlogin.js
Requested by
Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.92.47 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-92-47.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
aa5d744d0f56d180ccf5dfe010d8d65d82e479134a1ea9208ab7923bed5ce1d0

Request headers

Referer
https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 25 Aug 2020 06:56:28 GMT
Content-Encoding
gzip
Last-Modified
Tue, 18 Aug 2020 07:05:42 GMT
Server
AmazonS3
x-amz-request-id
F6417B174C590466
ETag
"2963088b532d359e872e4ed9c084ac65"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21164
x-amz-id-2
42/GmnbLxmUQy74hicKoQi2mtRxe9NnZztMlyg9O+moMw6P5xp03vrS7ct70N0En64X+2ZLbtrE=
Expires
Tue, 25 Aug 2020 07:11:28 GMT
a2987.js
cdn.m-pathy.com/js/
22 KB
6 KB
Script
General
Full URL
https://cdn.m-pathy.com/js/a2987.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.46.202007280644
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:6000:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
fb5c4d8910262f9be48b251a7185ba6051d0b4b09d45c0d0cc2af28caace8cce

Request headers

Origin
https://www.bahn.de
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:10:13 GMT
content-encoding
gzip
age
2775
x-cache
Hit from cloudfront
status
200
content-length
6082
access-control-allow-origin
*
last-modified
Tue, 25 Aug 2020 06:05:45 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"577a-5adad7e6825f4-gzip"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
Wjja4OfqpkUUb-tMy8PoYHPcMPzcUo3Yev3Jj5UPqDkOmXeyyHAX9g==
expires
Tue, 25 Aug 2020 07:10:13 GMT
exactag.js
www.bahn.de/media/view/tms/js/
13 KB
6 KB
Script
General
Full URL
https://www.bahn.de/media/view/tms/js/exactag.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-90-218.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
5428
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"321a-59a0cafaa1e40"
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
trackpoint-async.js
s2.adform.net/banners/scripts/st/
Redirect Chain
  • https://a1.adform.net/serving/scripts/trackpoint/async/
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js
78 KB
28 KB
Script
General
Full URL
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
49db29c192d6483c1a023d885acfd928678347cdec9c208d7f78a949c9cf3458

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
last-modified
Thu, 09 Jul 2020 12:14:55 GMT
server
nginx
etag
W/"5f070a3f-13780"
x-cache-status
HIT
status
200
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript

Redirect headers

status
301
date
Tue, 25 Aug 2020 06:56:28 GMT
server
nginx
location
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/html
pi.aspx
m.exactag.com/ Frame 1B32
7 KB
4 KB
Script
General
Full URL
https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=N9Wkt3zxNpk4&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fbahncard________________________________________________________________Internetauftritt%22%2C%22search%22%3A%22%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Content%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_hilfe_404%22%7D
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/js/exactag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.202.235.9 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
66ea2e10ab97f2bc8c264307aed611b04285552eea897a009ff607441493cf20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR", policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection
close
Content-Length
2316
Pragma
no-cache
X-ET-Code
0
Last-Modified
Di, 25 Aug 2020 06:56:28 GMT,Di, 25 Aug 2020 06:56:28 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 25 Aug 2020 06:56:28 GMT
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
X-ET-Camp
1053
Expires
-1
loader.js
cdn.m-pathy.com/modules/4.16-164/
43 KB
15 KB
Script
General
Full URL
https://cdn.m-pathy.com/modules/4.16-164/loader.js
Requested by
Host: cdn.m-pathy.com
URL: https://cdn.m-pathy.com/js/a2987.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:6000:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
f06f336560e920dc53969b0e1867da27449b77ffd3f0437b742614de56421062

Request headers

Origin
https://www.bahn.de
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:36:36 GMT
content-encoding
gzip
age
1192
x-cache
Hit from cloudfront
status
200
content-length
15101
access-control-allow-origin
*
last-modified
Mon, 02 Mar 2020 12:42:50 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"acff-59fde8666e680-gzip"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
cache-control
max-age=2419200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
5jo4AO_xnTaEcjKtZjbYWnWsFRS8vyQn-JPqjB1T6UUh780FEVIq2Q==
expires
Tue, 22 Sep 2020 06:36:36 GMT
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/
33 KB
4 KB
XHR
General
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0lxkzEthotizcTX&Q_CLIENTVERSION=1.32.1&Q_CLIENTTYPE=web
Requested by
Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fbahncard________________________________________________________________Internetauftritt&t=1598338588576
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80bc8461337543ec91a51eea7cbfae4b63dce5418742445bba0e263ef1982960
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
https://www.bahn.de
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
5c8369d35f25cc36-ZRH
vary
Accept-Encoding
cf-request-id
04c60078150000cc36b90e5200000001
Texte
ps.bahn.de/webservices/rest/resource/ Frame A488
1 KB
2 KB
XHR
General
Full URL
https://ps.bahn.de/webservices/rest/resource/Texte?r=8f7101d1
Requested by
Host: www.img-bahn.de
URL: https://www.img-bahn.de/s3/prod/es//js/softlogin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
81.200.197.91 , Germany, ASN34156 (BAHN-AS-BLN, DE),
Reverse DNS
Software
Apache /
Resource Hash
3d851e7348aca9b49ba8bf6d6fc6ac9f3b6722a0d9c28675d848f838f2779878
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Referer
https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 25 Aug 2020 06:56:28 GMT
Server
Apache
Connection
keep-alive
Content-Length
1333
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/json
px.aspx
m.exactag.com/ Frame 9BBD
0
0
Document
General
Full URL
https://m.exactag.com/px.aspx?id=a3a52bac64d549819f139b429240ab99
Requested by
Host: m.exactag.com
URL: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=N9Wkt3zxNpk4&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fbahncard________________________________________________________________Internetauftritt%22%2C%22search%22%3A%22%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Content%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_hilfe_404%22%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
213.202.235.9 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Host
m.exactag.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
exactag_new_gk=9ba3ff04978c41aab124bade3698b7d2%7c24.10.2020+06%3a56%3a28; exactag_new_uk=1a205f5d997741d69311290a4498ac0d%7c; session_session=f4126eee52a84d32a2302af0; exactag_new_user=1053%7c2%7cf4126eee52a84d32a2302af0%7c01.01.0001+00%3a00%3a00%7c25.08.2020+06%3a56%3a28%7cf4126eee52a84d32a2302af0%7c68537%7c1753%7cFalse
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt

Response headers

Cache-Control
no-cache
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
X-ET-Code
0
X-ET-Camp
1053
Strict-Transport-Security
max-age=31536000
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Date
Tue, 25 Aug 2020 06:56:28 GMT
Connection
close
Content-Length
346
CoreModule.js
siteintercept.qualtrics.com/dxjsmodule/
87 KB
26 KB
Script
General
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.32.1&Q_CLIENTTYPE=web
Requested by
Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fbahncard________________________________________________________________Internetauftritt&t=1598338588576
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a78aab08cc0a0c45a86513f65a7dab8aea267191220c9f3d1857fdc0347beb97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
379249
cf-polished
origSize=90284
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
04c60078bb0000cc36b90ee200000001
last-modified
Thu, 20 Aug 2020 19:55:43 GMT
server
cloudflare
x-powered-by
Express
etag
W/"160ac-1740d70fe18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c8369d45917cc36-ZRH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
cookiesegments
dmp.adform.net/audiencetag/
2 B
236 B
XHR
General
Full URL
https://dmp.adform.net/audiencetag/cookiesegments?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJBZGZvcm0uRE1QLkNsYWltczo6RGF0YVByb3ZpZGVycyI6IlsxMDU4MV0iLCJpc3MiOiJkbXAtYXBpLmFkZm9ybS5jb20iLCJhdWQiOiJhdWRpZW5jZV90YWdfY29uc3VtZXJfdjEiLCJleHAiOjE4NDY0NzkyOTksIm5iZiI6MTUzMTExOTIzOX0.FJQj3NEIHLPLagWbUeSDroGlMNqPApSp4JsfF5qhvxA
Requested by
Host: dmp.adform.net
URL: https://dmp.adform.net/audiencetag/adformat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
s1.adform.net
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json
Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
server
nginx
status
200
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bahn.de
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
/
a1.adform.net/Serving/TrackPoint/
159 B
629 B
Script
General
Full URL
https://a1.adform.net/Serving/TrackPoint/?pm=646062&ADFPageName=%7Bwww.bahn.de%7D%7C%7BBAHN_PVE_DEU_DE%7D%7C%7BBAHN_PVE_DEU_DE_hilfe_404%7D&ADFdivider=%7C&ord=193060020620&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&itm=eyJzdjkiOiJ7d3d3LmJhaG4uZGV9fHtCQUhOX1BWRV9ERVVfREV9fHtCQUhOX1BWRV9ERVVfREVfaGlsZmVfNDA0fSJ9&loc=https%3A%2F%2Fwww.bahn.de%2Fbahncard________________________________________________________________Interne
Requested by
Host: a1.adform.net
URL: https://a1.adform.net/serving/scripts/trackpoint/async/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.3.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
185430b7e337d1b117feb65ed34a7f5a8fc083ecafc5a91ecef297da9f7b58da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
gzip
server
nginx
status
200
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
223
expires
-1
12.e6c6f9aa65272bcbcd07.chunk.js
siteintercept.qualtrics.com/dxjsmodule/
2 KB
878 B
Script
General
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/12.e6c6f9aa65272bcbcd07.chunk.js?Q_CLIENTVERSION=1.32.1&Q_CLIENTTYPE=web
Requested by
Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fbahncard________________________________________________________________Internetauftritt&t=1598338588576
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
bec0f3f150d8e0190fb939925cf22fabd025f124ad28d53a141434c4552ac6ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
379253
cf-polished
origSize=2639
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
04c60079010000cc36b90f1200000001
last-modified
Thu, 20 Aug 2020 19:55:43 GMT
server
cloudflare
x-powered-by
Express
etag
W/"a4f-1740d70fe18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c8369d4ca2dcc36-ZRH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
1.fe6ee5251dbb499b909e.chunk.js
siteintercept.qualtrics.com/dxjsmodule/
25 KB
6 KB
Script
General
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/1.fe6ee5251dbb499b909e.chunk.js?Q_CLIENTVERSION=1.32.1&Q_CLIENTTYPE=web
Requested by
Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fbahncard________________________________________________________________Internetauftritt&t=1598338588576
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fbead1fc3f1c3bd20a58377fef40173b37b012fff0883126cbcc8ba87991e17a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 25 Aug 2020 06:56:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
379253
cf-polished
origSize=26961
status
200
edge-control
max-age=604800
vary
Accept-Encoding
cf-request-id
04c60079010000cc36b90f2200000001
last-modified
Thu, 20 Aug 2020 19:55:43 GMT
server
cloudflare
x-powered-by
Express
etag
W/"6951-1740d70fe18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
cf-ray
5c8369d4ca2fcc36-ZRH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-bgj
minify
events
logx.optimizely.com/v1/
0
0

events
logx.optimizely.com/v1/
0
356 B
XHR
General
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.4.204.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-204-80.compute-1.amazonaws.com
Software
nginx/1.17.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bahn.de/bahncard________________________________________________________________Internetauftritt
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 25 Aug 2020 06:56:30 GMT
Server
nginx/1.17.2
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Expose-Headers
X-Results-Data-Source
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-Request-Id
aa206938-93cf-48e7-865b-d653d9003d40

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn3.optimizely.com
URL
https://cdn3.optimizely.com/js/geo2.js
Domain
logx.optimizely.com
URL
https://logx.optimizely.com/v1/events

Verdicts & Comments Add Verdict or Comment

136 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| DDTools object| digitalData object| bahn object| $jscomp object| de object| ES6Promise object| softlogin undefined| _ object| optimizely object| bahn_customer_id function| optimizely_url_contains function| optimizely_get_param function| optimizelyTracking object| html5 object| Modernizr number| browserWidth function| createSkyframe object| cid string| gFSUGGEST number| gFSuggestInstanceCounter object| gFSuggestInstances string| FSuggestVersion string| FSuggestLastMod object| FSuggestFilter function| FSuggest function| reinitializeFSuggest function| checkForMatches object| SLs function| checkHWAIUsage object| breakpoints function| BackToTop function| LanguageSelector function| TabNav function| Stage function| Tabs function| Folder function| TimeInput function| Datepicker function| Rangeslider function| FavIconMenu function| ProfileIconMenu function| ResponsiveImage function| ResponsiveLink function| QuickfinderReisendenauswahl function| Quickfinder function| QuickfinderAuskunft function| QuickfinderSparpreis function| QuickfinderPuenklichkeit function| LoginForm function| MainNav function| Carousel function| Dropdown function| Newsletter object| SCRAMBLE object| CMF function| $ function| jQuery boolean| bodySelect object| topCities function| Autocomplete object| Mustache string| view string| s_account string| trackingServer string| secureTrackingServer string| visitorNameSpace string| reportSuite function| e string| s_rsaccount object| s number| inHeadTS function| s_getLoadTime function| AppMeasurement_Module_Media function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq object| adobe function| Visitor object| s_c_il number| s_c_in number| s_loadT number| s_objectID number| s_giq function| getCookieValue function| getWebtrackingLoginStatus function| setOmnitureProperties object| utag_data object| jQuery111009784650097261691 undefined| jQuery111009784650097261691_1598338588335 object| cl object| selected_fields boolean| utag_condload undefined| items undefined| total undefined| qtys undefined| prices undefined| qty undefined| fulfillment undefined| product_parts undefined| product_item_parts undefined| product_name object| cart_item undefined| item undefined| verbindung undefined| reiseAbschnitt undefined| index undefined| r undefined| step object| utag boolean| __tealium_twc_switch function| ParseUserAgent object| gUtil object| s_Obj string| s_PPVid function| s_PPVevent number| s_PPVi number| s_PPVt string| max_initial_percent string| screen_res string| browser_dim number| pixel_dens string| device_ort object| s_i_dbbahnprod object| Mpathy object| exactag object| _adftrack boolean| mpathy_loaded object| QSI object| WAFQualtricsWebpackJsonP-cloud-1.32.1 object| _qsie object| Adform function| AdformAT object| KJUR object| adf

23 Cookies

Domain/Path Name / Value
m.exactag.com/ Name: exactag_new_user
Value: 1053%7c2%7cf4126eee52a84d32a2302af0%7c01.01.0001+00%3a00%3a00%7c25.08.2020+06%3a56%3a28%7cf4126eee52a84d32a2302af0%7c68537%7c1753%7cFalse
m.exactag.com/ Name: exactag_new_gk
Value: 9ba3ff04978c41aab124bade3698b7d2%7c24.10.2020+06%3a56%3a28
ps.bahn.de/ Name: AWSALBCORS
Value: Oi7ypRUnI6DHLCQB5GeL8g9zy0OQ+MPigtoTPL966JiCM6YLm6H/bKC8mDOHZEIPFgE6n+QVn5YPC0kbIJOTTmw+Km3JWG1ul7GfLyIBqic01gFVljEvtB/I/PIj
.bahn.de/ Name: s_ppvl
Value: BAHN_PVE_DEU_DE_hilfe_404%2C100%2C100%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
www.bahn.de/ Name: QSI_HistorySession
Value: https%3A%2F%2Fwww.bahn.de%2Fbahncard________________________________________________________________Internetauftritt~1598338588847
.bahn.de/ Name: mpt_tracking_active_3372
Value: 0|1600930588650
.bahn.de/ Name: mpt_vid
Value: 159833858865133772|1661410588651
.bahn.de/ Name: mpt_recprob.error404
Value: 1|1600930588649
m.exactag.com/ Name: session_session
Value: f4126eee52a84d32a2302af0
.bahn.de/ Name: mpt_cookieForErrSites
Value: 0|1599548188648
.bahn.de/ Name: mpt_followpage
Value: 0|1599548188648
.bahn.de/ Name: mpt_rate_comparator_3372
Value: 65.50264019997671|1600930588642
.bahn.de/ Name: utag_main
Value: v_id:017424675f22004593e6c4284aec00078006c07000b08$_sn:1$_se:1$_ss:1$_st:1598340388451$ses_id:1598338588451%3Bexp-session$_pn:1%3Bexp-session$ls:undefined%3Bexp-session
.bahn.de/ Name: et_gk
Value: 9ba3ff04978c41aab124bade3698b7d2|24.10.2020 06:56:28
.bahn.de/ Name: s_ecid
Value: MCMID%7C76960328272819324483021750539720069340
.bahn.de/ Name: AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: -408604571%7CMCIDTS%7C18500%7CMCMID%7C76960328272819324483021750539720069340%7CMCAID%7CNONE%7CMCOPTOUT-1598345788s%7CNONE%7CvVersion%7C4.6.0
.bahn.de/ Name: et_uk
Value: 1a205f5d997741d69311290a4498ac0d
.bahn.de/ Name: s_cc
Value: true
.bahn.de/ Name: sc_vis
Value: true
ps.bahn.de/ Name: AWSALB
Value: Oi7ypRUnI6DHLCQB5GeL8g9zy0OQ+MPigtoTPL966JiCM6YLm6H/bKC8mDOHZEIPFgE6n+QVn5YPC0kbIJOTTmw+Km3JWG1ul7GfLyIBqic01gFVljEvtB/I/PIj
.bahn.de/ Name: s_ppv
Value: BAHN_PVE_DEU_DE_hilfe_404%2C100%2C111%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.bahn.de/ Name: AMCVS_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 1
.bahn.de/ Name: optimizelyEndUserId
Value: oeu1598338588143r0.3283835847654686

32 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.optimizely.com/js/8033263973.js(Line 2797)
Message:
null
console-api log URL: https://cdn.optimizely.com/js/8033263973.js(Line 2797)
Message:
null - customerID should be set
console-api log URL: https://ps.bahn.de/common/content/html/lmiframe.html(Line 14)
Message:
IFr Begin
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
Constructing IframeMain
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[StateM] Reading IframeState from cache: null
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://ps.bahn.de/common/content/html/lmiframe.html(Line 40)
Message:
IFr End
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
Incoming message 'init'
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
init(https://www.bahn.de:443)
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] checkClientOrigin successsful.
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Examining cookies...
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[iLogic] slstat = null
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[iLogic] hlstat = null
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] LoginState is Anonymous
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Login state remains Anonymous .
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Checking whether resources need to be loaded eagerly.
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[StateM] Writing IframeState to cache: [object Object]
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
Incoming message 'load'
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
load(Texte)
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Connectivity is Connected
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Data is not in cache.
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] -> loading it from server.
console-api info URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137)
Message:
[iLogic] Ajax call load(Texte).
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46)
Message:
Processing AJAX response for load(Texte)
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[iLogic] response = [object Object]
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[Cache] Wrote Texte to cache (storage): {"login.hardlogin.logout.value":"Logout","meinestrecken.speichern.keine":"Um Strecken zu speichern, geben Sie in den Feldern \"Von\" und \"Nach\" eine Verbindung ein.","login.hardlogin.begruessung":"Sie sind angemeldet, {0} {1} {2}","meinestrecken.loeschen.tooltip":"Strecke löschen","login.hardlogin.logout.tooltip":"Logout","titel.3":"Prof. Dr.","titel.2":"Prof.","titel.1":"Dr.","titel.0":"","login.softlogin.begruessung":"Herzlich Willkommen, {0} {1} {2}!","meinestrecken.keine.anonym":"Sie haben keine Strecken gespeichert. Im Bereich Meine Bahn können Sie Ihre wichtigsten Strecken hinterlegen und hier abrufen.","meinestrecken.via":"Über","anrede.1":"Frau","login.softlogin.logout.link.tooltip":"Hier melden Sie sich von \"Angemeldet bleiben\" ab und verzichten auf persönliche Angebote und Services.","anrede.0":"Herr","meinestrecken.speichern.gespeichert":"Strecke gespeichert","login.softlogin.logout.link.text":"Abmelden","login.softlogin.logout.value":"Sie sind nicht {0} {1} {2}?","login.softlogin.logout.tooltip":"Durch diesen Klick löschen Sie Ihre Cookies zur Personalisierung auf bahn.de. Mehr Informationen erhalten Sie in unseren Datenschutzhinweisen.","meinestrecken.bearbeiten":"Bearbeiten","meinestrecken.speichern":"Strecke speichern","meinestrecken.speichern.max":"Strecke speichern (max. {0} Strecken)"}
console-api debug URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114)
Message:
[StateM] Writing IframeState to cache: [object Object]
console-api log URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55)
Message:
console.groupEnd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1.adform.net
a791773171.cdn.optimizely.com
cdn.m-pathy.com
cdn.optimizely.com
cdn3.optimizely.com
dmp.adform.net
logx.optimizely.com
m.exactag.com
ps.bahn.de
s2.adform.net
siteintercept.qualtrics.com
st.bahn.de
vis.optimizely.com
www.bahn.de
www.img-bahn.de
www.static-bahn.de
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
cdn3.optimizely.com
logx.optimizely.com
104.109.90.218
104.109.92.47
104.17.208.240
15.236.175.233
184.86.103.210
2.17.191.240
213.202.235.9
2600:9000:21f3:6000:1e:7aca:b8c0:93a1
2a02:26f0:f1:29d::13b8
37.157.2.246
37.157.3.29
37.157.6.251
52.4.204.80
54.80.74.201
81.200.197.91
0eeb1970197799a537566bf5554142fcf91a1b04368c735d6319ed35a2f53f15
185430b7e337d1b117feb65ed34a7f5a8fc083ecafc5a91ecef297da9f7b58da
1c540d0b0157c62f231f4787d5cef5ab466a790b2480bf1d7fa381b50ba16bd0
26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931
2895b14d35e7dec3d0563b63d967bc00178e93dd4d283d3fe5e23f934f3443a3
296ba2341dd76bd64707c9d27f4bde9a9d581d4dfa67082e5b50863d5490c7cd
2b79c36a7e8a9a7a94b717e60cb5a79976e7ac6c1b899aa02536ee460c9723fa
2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1
2fd36cc95d1308b58ef5debd36e06f4f3e6c99d9a6542d248d1e2b5e794c4939
3d851e7348aca9b49ba8bf6d6fc6ac9f3b6722a0d9c28675d848f838f2779878
3ec68785b9f903df013559cf1280ff816b0c3c527168791a1e7c1f3551583337
463fb89d98e79b11dc5a730062c0c81b81454c2ab5be3b1575af45c9c34dfd26
49db29c192d6483c1a023d885acfd928678347cdec9c208d7f78a949c9cf3458
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e
63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9
66227fc364238ca273877dfbe23ba2c093031eb78c22eec7a67d41e03f7eddf3
66ea2e10ab97f2bc8c264307aed611b04285552eea897a009ff607441493cf20
6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722
80bc8461337543ec91a51eea7cbfae4b63dce5418742445bba0e263ef1982960
82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708
8b3cec808989d41567109531d70a5c5afdfd4d08594be29a6fc328300f01eaeb
9bd75d01213161905c0278231326126f5066ae7753e9b492b999417e0c2cfbef
9c70dbcf68ff7ddfac4c79dbb728407dce2d5b2c67fecbba1e1060619a5612c5
a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a42b9362f2fe150b5cffcb26398b7bd45fd2e694756ada973e6646e820105508
a78aab08cc0a0c45a86513f65a7dab8aea267191220c9f3d1857fdc0347beb97
aa5d744d0f56d180ccf5dfe010d8d65d82e479134a1ea9208ab7923bed5ce1d0
ae114c48cb81d2f79ac179eb4068e60d4202bbd9d260fc3eb2eb5d09bec0221a
bec0f3f150d8e0190fb939925cf22fabd025f124ad28d53a141434c4552ac6ef
c73f83311b82836d1f247cdb6ed7d7132caa7d41a24edfa29ed342ec7143a62e
c79794c138e5fbd4cd7f71ff73fdf314f170a6cccb08b4a9e7180f996f376b24
c948505e5a88631f8e389d9ffa5aac725ff190ead390e79dfd7737e4561d943f
d9ae25abc89c41af37dd531997af5e425b711e1661d1e6a3e66498b565f3ca6b
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
dd481714f00cbe6dced106a6acf686d6955b3e33886d6e36da84af48c7911e40
df3269972a11c7faf8efe845fc3cbf842029d97d917e3e4fe6020260e776ec75
dfb9d23c5d9b4a341c0e72c89f1c3be87f45e3b81e398357271dd70e66d8e84d
e0c0f1873a4f25b7d3f8907641526d598c348ac3d890c1cdfd9b0ce8c0346ff0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f23ebfed96cebaa9f25baefb3391e862e36efcf75c1dfc4bee3c5e1e519101
f06f336560e920dc53969b0e1867da27449b77ffd3f0437b742614de56421062
fb5c4d8910262f9be48b251a7185ba6051d0b4b09d45c0d0cc2af28caace8cce
fbead1fc3f1c3bd20a58377fef40173b37b012fff0883126cbcc8ba87991e17a