auth.23andme.com Open in urlscan Pro
2606:4700::6810:b649  Public Scan

6 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	404	Primary Request l Show response auth.23andme.com/	54 KB 20 KB	339ms 289ms	Document text/html	2606:4700::6810:b649 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b649 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53415ff0ad1b30d03b47c53bdc995faef4b7d36efce8609cb368dd0b5e60d31d Security Headers Name Value Content-Security-Policy frame-ancestors https://*.23andme.com https://*.23andme.net; font-src https://fonts.gstatic.com 'self'; style-src 'self' https://fonts.googleapis.com https://accounts.google.com/gsi/style 'nonce-cEcG7VAUJVuXBkBOEhBe4fl4/Zn2YC4B'; script-src 'self' https://appleid.cdn-apple.com https://ajax.googleapis.com https://accounts.google.com/gsi/client https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://www.googletagmanager.com 'nonce-ciZZU0ddWyHLpo7i/coJNtlyXHs7LLuN'; frame-src 'self' https://accounts.google.com/ https://stags.bluekai.com/ https://accounts.google.com/gsi/; connect-src 'self' https://bam.nr-data.net https://bam-cell.nr-data.net https://accounts.google.com/gsi/; default-src 'self'; img-src 'self' data: Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options ALLOW-FROM HTTPS://23ANDME.COM X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cf-cache-status DYNAMIC cf-ray 8523ef660e5418f7-FRA content-encoding gzip content-security-policy frame-ancestors https://*.23andme.com https://*.23andme.net; font-src https://fonts.gstatic.com 'self'; style-src 'self' https://fonts.googleapis.com https://accounts.google.com/gsi/style 'nonce-cEcG7VAUJVuXBkBOEhBe4fl4/Zn2YC4B'; script-src 'self' https://appleid.cdn-apple.com https://ajax.googleapis.com https://accounts.google.com/gsi/client https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://www.googletagmanager.com 'nonce-ciZZU0ddWyHLpo7i/coJNtlyXHs7LLuN'; frame-src 'self' https://accounts.google.com/ https://stags.bluekai.com/ https://accounts.google.com/gsi/; connect-src 'self' https://bam.nr-data.net https://bam-cell.nr-data.net https://accounts.google.com/gsi/; default-src 'self'; img-src 'self' data: content-type text/html; charset=utf-8 date Thu, 08 Feb 2024 12:39:24 GMT referrer-policy same-origin server cloudflare strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding x-content-type-option nosniff x-content-type-options nosniff x-frame-options ALLOW-FROM HTTPS://23ANDME.COM x-permitted-cross-domain-policies none x-robots-tag none x-ua-compatible IE=Edge x-xss-protection 1; mode=block
GET H2	200	main.bbe58d1b8073.css auth.23andme.com/app/auth/static/css/	103 KB 14 KB	74ms 72ms	Stylesheet text/css	2606:4700::6810:b649 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.23andme.com/app/auth/static/css/main.bbe58d1b8073.css Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b649 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 680a8c1177eb65b96be3a8559e2d4ad381dfea08bceb1fd1a4987c07ce476004 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://auth.23andme.com/l User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 12:39:24 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT x-permitted-cross-domain-policies none strict-transport-security max-age=63072000; includeSubDomains; preload age 6011752 content-security-policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; x-content-type-option nosniff content-length 14243 x-xss-protection 1; mode=block x-ua-compatible IE=Edge referrer-policy same-origin last-modified Thu, 30 Nov 2023 17:17:36 GMT server cloudflare etag "6568c3b0-19dfa" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset="utf-8" access-control-allow-origin * cache-control public, max-age=315360000 accept-ranges bytes cf-ray 8523ef67e8e418f7-FRA x-robots-tag none expires Sun, 05 Feb 2034 12:39:24 GMT
GET H2	200	browser_update.2ab8cbc671dc.css auth.23andme.com/app/auth/static/css/	1 KB 727 B	105ms 104ms	Stylesheet text/css	2606:4700::6810:b649 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.23andme.com/app/auth/static/css/browser_update.2ab8cbc671dc.css Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b649 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c1c05ae0e5e16b833cccd666ac5ce0119e2d146ec45183114cc9bae0e9b850e5 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://auth.23andme.com/l User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 12:39:24 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT x-permitted-cross-domain-policies none strict-transport-security max-age=63072000; includeSubDomains; preload age 7541828 content-security-policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; x-content-type-option nosniff content-length 612 x-xss-protection 1; mode=block x-ua-compatible IE=Edge referrer-policy same-origin last-modified Fri, 10 Nov 2023 22:56:31 GMT server cloudflare etag "654eb51f-447" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css; charset="utf-8" access-control-allow-origin * cache-control public, max-age=315360000 accept-ranges bytes cf-ray 8523ef67e8e818f7-FRA x-robots-tag none expires Sun, 05 Feb 2034 12:39:24 GMT
GET H2	200	css2 fonts.googleapis.com/	2 KB 869 B	44ms 19ms	Stylesheet text/css	2a00:1450:4001:830::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Atkinson+Hyperlegible:wght@400;700&display=swap Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 5f3d7b8020db1b25d3db117a86da6878932ecd0280ee8a61c9c7ff027475a9af Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 08 Feb 2024 12:39:24 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Thu, 08 Feb 2024 12:32:22 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 08 Feb 2024 12:39:24 GMT
GET H2	200	logo_mob.1d0efb494245.svg auth.23andme.com/app/auth/static/img/	2 KB 1 KB	58ms 58ms	Image image/svg+xml	2606:4700::6810:b649 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://auth.23andme.com/app/auth/static/img/logo_mob.1d0efb494245.svg Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b649 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9617589c980ab9d61e687fc6266ea38ee0801a06dfc11436adcaebc8dda260f5 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://auth.23andme.com/l User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 12:39:24 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT x-permitted-cross-domain-policies none strict-transport-security max-age=63072000; includeSubDomains; preload age 546527 content-security-policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; x-content-type-option nosniff content-length 1118 x-xss-protection 1; mode=block x-ua-compatible IE=Edge referrer-policy same-origin last-modified Tue, 23 Jan 2024 20:02:54 GMT server cloudflare etag "65b01b6e-8f2" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=315360000 accept-ranges bytes cf-ray 8523ef6889ea18f7-FRA x-robots-tag none expires Sun, 05 Feb 2034 12:39:24 GMT
GET H2	200	ttam_name_logo.d1dbc0855e13.svg auth.23andme.com/app/auth/static/img/	3 KB 1 KB	43ms 43ms	Image image/svg+xml	2606:4700::6810:b649 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://auth.23andme.com/app/auth/static/img/ttam_name_logo.d1dbc0855e13.svg Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b649 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d51de3286d6cb258aaeb4a31f6db88f928955ffa269eeb1bead0da17f980598f Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://auth.23andme.com/l User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 12:39:24 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT x-permitted-cross-domain-policies none strict-transport-security max-age=63072000; includeSubDomains; preload age 7989744 content-security-policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; x-content-type-option nosniff content-length 1368 x-xss-protection 1; mode=block x-ua-compatible IE=Edge referrer-policy same-origin last-modified Tue, 07 Nov 2023 23:35:21 GMT server cloudflare etag "654ac9b9-c55" vary Accept-Encoding x-frame-options SAMEORIGIN content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=315360000 accept-ranges bytes cf-ray 8523ef6889ff18f7-FRA x-robots-tag none expires Sun, 05 Feb 2034 12:39:24 GMT
GET H2	200	index.afd448ba5d44.js Show response auth.23andme.com/app/auth/static/js/	335 KB 106 KB	85ms 85ms	Script text/javascript	2606:4700::6810:b649 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.23andme.com/app/auth/static/js/index.afd448ba5d44.js Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b649 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d2dabadbb892f7034ff38d38560ba88ffb044941bb16997678dc4db5db35157d Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://auth.23andme.com/l Origin https://auth.23andme.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 12:39:24 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT x-permitted-cross-domain-policies none strict-transport-security max-age=63072000; includeSubDomains; preload age 546528 content-security-policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; x-content-type-option nosniff content-length 107986 x-xss-protection 1; mode=block x-ua-compatible IE=Edge referrer-policy same-origin last-modified Tue, 23 Jan 2024 20:02:54 GMT server cloudflare etag "65b01b6e-53c2d" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript; charset="utf-8" access-control-allow-origin * cache-control public, max-age=315360000 accept-ranges bytes cf-ray 8523ef67e8ea18f7-FRA x-robots-tag none expires Sun, 05 Feb 2034 12:39:24 GMT
GET H2	200	client Show response accounts.google.com/gsi/	206 KB 80 KB	80ms 41ms	Script application/javascript	2a00:1450:400c:c00::54 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://accounts.google.com/gsi/client Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::54 Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ad42e39a22e617aa66168037a43285e080b6aa58000769865292048e97846a32 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-EKTtZ5I855Qh5A0GKGkoIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 12:39:24 GMT content-security-policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-EKTtZ5I855Qh5A0GKGkoIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http content-encoding gzip x-content-type-options nosniff server ESF x-frame-options SAMEORIGIN report-to {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]} content-type application/javascript; charset=utf-8 cache-control private, max-age=1800 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1" expires Thu, 08 Feb 2024 12:39:24 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	416 KB 120 KB	53ms 31ms	Script application/javascript	2a00:1450:4001:812::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-KWSG3N Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 624d49d428621b6f1771415818bffdb6631cc9c75ce881fe9056680384a2b789 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 12:39:24 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 122787 x-xss-protection 0 last-modified Thu, 08 Feb 2024 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 08 Feb 2024 12:39:24 GMT
GET H2	200	9Bt73C1KxNDXMspQ1lPyU89-1h6ONRlW45G8Wbc9dCWP.woff2 fonts.gstatic.com/s/atkinsonhyperlegible/v11/	17 KB 17 KB	34ms 11ms	Font font/woff2	2a00:1450:4001:80e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/atkinsonhyperlegible/v11/9Bt73C1KxNDXMspQ1lPyU89-1h6ONRlW45G8Wbc9dCWP.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Atkinson+Hyperlegible:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d8e8b1e0e929651439e25e23ade4b9d6cac073f2444aadb8e8b85431726c2036 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://auth.23andme.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Fri, 02 Feb 2024 19:41:15 GMT x-content-type-options nosniff age 493089 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 17616 x-xss-protection 0 last-modified Tue, 02 May 2023 14:56:45 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 01 Feb 2025 19:41:15 GMT
GET H2	200	9Bt23C1KxNDXMspQ1lPyU89-1h6ONRlW45G04pIo.woff2 fonts.gstatic.com/s/atkinsonhyperlegible/v11/	17 KB 17 KB	31ms 8ms	Font font/woff2	2a00:1450:4001:80e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/atkinsonhyperlegible/v11/9Bt23C1KxNDXMspQ1lPyU89-1h6ONRlW45G04pIo.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Atkinson+Hyperlegible:wght@400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash b09653e3ba9d95e26da5c408979f40451990a4573ce5f96abe6982e2fcb09e6c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://auth.23andme.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Mon, 05 Feb 2024 23:15:45 GMT x-content-type-options nosniff age 221019 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 17184 x-xss-protection 0 last-modified Tue, 02 May 2023 14:56:41 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 04 Feb 2025 23:15:45 GMT
GET H2	200	browser_update.min.25351ce6b5d9.js Show response auth.23andme.com/app/auth/static/js/lib/	9 KB 4 KB	60ms 59ms	Script text/javascript	2606:4700::6810:b649 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.23andme.com/app/auth/static/js/lib/browser_update.min.25351ce6b5d9.js Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:b649 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2d7a15b38da9adb4e9074cbb1b2137b96028753af58b405bbffd66b92e9f1ca7 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://auth.23andme.com/l User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers date Thu, 08 Feb 2024 12:39:24 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT x-permitted-cross-domain-policies none strict-transport-security max-age=63072000; includeSubDomains; preload age 546527 content-security-policy upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://js-agent.newrelic.com https://bam.nr-data.net https://ajax.googleapis.com; style-src 'self' https://fonts.googleapis.com; x-content-type-option nosniff content-length 3958 x-xss-protection 1; mode=block x-ua-compatible IE=Edge referrer-policy same-origin last-modified Tue, 23 Jan 2024 20:02:54 GMT server cloudflare etag "65b01b6e-24aa" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript; charset="utf-8" access-control-allow-origin * cache-control public, max-age=315360000 accept-ranges bytes cf-ray 8523ef68aa2b18f7-FRA x-robots-tag none expires Sun, 05 Feb 2034 12:39:24 GMT
GET H2	200	nr-full-1.251.1.min.js Show response js-agent.newrelic.com/	73 KB 25 KB	34ms 7ms	Script application/javascript	151.101.194.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-full-1.251.1.min.js Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.194.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash 3df2531d6b5efe400f7c70449e641064d41cf0cf0cc0fa9c47686b95807838ea Security Headers Name Value Strict-Transport-Security max-age=300 Request headers Referer Origin https://auth.23andme.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 Response headers x-amz-version-id 1WdZEgeYaxXZ9FLGAvlK8ie0EcG1yQCp content-encoding br via 1.1 varnish date Thu, 08 Feb 2024 12:39:24 GMT strict-transport-security max-age=300 x-amz-request-id GARCSH36Y2F9J494 x-amz-server-side-encryption AES256 x-cache HIT cross-origin-resource-policy cross-origin content-length 24716 x-amz-id-2 1/rkkA4SMVAxZTBWLeNXYplH6FNDqEvE+ZzNK/ln6uBdHNS9L+PwyOzdDuWG0HzjXpqUoKNic1Q= x-served-by cache-fra-etou8220086-FRA last-modified Mon, 29 Jan 2024 21:25:17 GMT server AmazonS3 x-timer S1707395964.400268,VS0,VE0 etag "a4c98deca298e073f88ff5d063261091" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400 accept-ranges bytes x-cache-hits 76783
POST H/1.1	200	97c62ceae5 Show response bam.nr-data.net/1/	40 B 404 B	200ms 119ms	XHR text/plain	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/97c62ceae5?a=48352906&v=1.251.1&to=YlJUbEJUVhFSUhZRWFsYcE1eVkwLXF9NXF1UWVFXHlZXEFYfCllZUVtTSkMbTxFUWFhvZHJ%2BflleUVQHQR89X1JBaERdQ0VXDEBU&rst=627&ck=0&s=6c1a8571801506a9&ref=https://auth.23andme.com/l&hr=0&af=err,xhr,stn,ins&ap=3&be=340&fe=238&dc=130&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1707395963796,%22n%22:0,%22f%22:0,%22dn%22:19,%22dne%22:19,%22c%22:19,%22s%22:26,%22ce%22:51,%22rq%22:52,%22rp%22:341,%22rpe%22:343,%22di%22:460,%22ds%22:470,%22de%22:470,%22dc%22:577,%22l%22:577,%22le%22:578%7D,%22navigation%22:%7B%7D%7D&fp=468&fcp=468 Requested by Host: auth.23andme.com URL: https://auth.23andme.com/l Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash c831a58c25f63105a06a622b3435bc6761474664f87e8e7b6ef8dccafa0d890f Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36 content-type text/plain Response headers date Thu, 08 Feb 2024 12:39:24 GMT access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS content-type text/plain access-control-allow-origin https://auth.23andme.com access-control-allow-credentials true cross-origin-resource-policy cross-origin Connection keep-alive Content-Length 40 x-served-by cache-fra-etou8220072-FRA

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| NREUM object| webpackChunk:NRBA-1.251.1.PROD object| newrelic function| analyticsEvent function| analyticsSocial function| analyticsVPV function| analyticsClearVPV function| analyticsForm object| dataLayer object| $buoop function| $buo_f object| ttam_auth object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| $bu_ function| $buo function| $bu_getBrowser object| _buorgres object| default_gsi object| _F_toggles object| google object| closure_lm_25325

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			auth.23andme.com/	1970-01-20 18:18:02	Name: ttam_locale Value: INT
			.23andme.com/	1969-12-31 23:59:59	Name: _cfuvid Value: U_raLCaIYxZ3Ig6YVakVWeePahGrTWIoV9ZKWnL84VU-1707395964127-0-604800000

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://auth.23andme.com/l Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors https://*.23andme.com https://*.23andme.net; font-src https://fonts.gstatic.com 'self'; style-src 'self' https://fonts.googleapis.com https://accounts.google.com/gsi/style 'nonce-cEcG7VAUJVuXBkBOEhBe4fl4/Zn2YC4B'; script-src 'self' https://appleid.cdn-apple.com https://ajax.googleapis.com https://accounts.google.com/gsi/client https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://www.googletagmanager.com 'nonce-ciZZU0ddWyHLpo7i/coJNtlyXHs7LLuN'; frame-src 'self' https://accounts.google.com/ https://stags.bluekai.com/ https://accounts.google.com/gsi/; connect-src 'self' https://bam.nr-data.net https://bam-cell.nr-data.net https://accounts.google.com/gsi/; default-src 'self'; img-src 'self' data:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM HTTPS://23ANDME.COM
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
auth.23andme.com
bam.nr-data.net
fonts.googleapis.com
fonts.gstatic.com
js-agent.newrelic.com
www.googletagmanager.com
151.101.194.137
162.247.243.29
2606:4700::6810:b649
2a00:1450:4001:80e::2003
2a00:1450:4001:812::2008
2a00:1450:4001:830::200a
2a00:1450:400c:c00::54
2d7a15b38da9adb4e9074cbb1b2137b96028753af58b405bbffd66b92e9f1ca7
3df2531d6b5efe400f7c70449e641064d41cf0cf0cc0fa9c47686b95807838ea
53415ff0ad1b30d03b47c53bdc995faef4b7d36efce8609cb368dd0b5e60d31d
5f3d7b8020db1b25d3db117a86da6878932ecd0280ee8a61c9c7ff027475a9af
624d49d428621b6f1771415818bffdb6631cc9c75ce881fe9056680384a2b789
680a8c1177eb65b96be3a8559e2d4ad381dfea08bceb1fd1a4987c07ce476004
9617589c980ab9d61e687fc6266ea38ee0801a06dfc11436adcaebc8dda260f5
ad42e39a22e617aa66168037a43285e080b6aa58000769865292048e97846a32
b09653e3ba9d95e26da5c408979f40451990a4573ce5f96abe6982e2fcb09e6c
c1c05ae0e5e16b833cccd666ac5ce0119e2d146ec45183114cc9bae0e9b850e5
c831a58c25f63105a06a622b3435bc6761474664f87e8e7b6ef8dccafa0d890f
d2dabadbb892f7034ff38d38560ba88ffb044941bb16997678dc4db5db35157d
d51de3286d6cb258aaeb4a31f6db88f928955ffa269eeb1bead0da17f980598f
d8e8b1e0e929651439e25e23ade4b9d6cac073f2444aadb8e8b85431726c2036