kraftheinz.xelix.com Open in urlscan Pro
2600:9000:247b:600:1f:d425:1640:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://kraftheinz.xelix.com/
Submission: On April 09 via api (April 9th 2024, 3:46:18 pm UTC) from US — Scanned from US

Summary HTTP 38 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 4 domains to perform 38 HTTP transactions. The main IP is 2600:9000:247b:600:1f:d425:1640:93a1, located in United States and belongs to AMAZON-02, US. The main domain is kraftheinz.xelix.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on April 9th 2024. Valid for: a year.

This is the only time kraftheinz.xelix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
20	2600:9000:247... 2600:9000:247b:600:1f:d425:1640:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:807::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80c::2008	15169 (GOOGLE) (GOOGLE)
1	18.132.54.178 18.132.54.178	16509 (AMAZON-02) (AMAZON-02)
9	18.190.12.66 18.190.12.66	16509 (AMAZON-02) (AMAZON-02)
3	2607:f8b0:400... 2607:f8b0:4006:808::2003	15169 (GOOGLE) (GOOGLE)
38	7

20 2600:9000:247b:600:1f:d425:1640:93a1 (United States)

ASN16509 (AMAZON-02, US)

kraftheinz.xelix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:807::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80c::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.132.54.178 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-132-54-178.eu-west-2.compute.amazonaws.com

sentry.xelix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 18.190.12.66 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-190-12-66.us-east-2.compute.amazonaws.com

api.us.xelix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:808::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	xelix.com kraftheinz.xelix.com sentry.xelix.com us.xelix.com Failed api.us.xelix.com	2 MB
3	gstatic.com fonts.gstatic.com	63 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	47 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 116	957 B
38	4

	Domain	Requested by
20	kraftheinz.xelix.com	kraftheinz.xelix.com
9	api.us.xelix.com	kraftheinz.xelix.com
3	fonts.gstatic.com	fonts.googleapis.com
1	sentry.xelix.com	kraftheinz.xelix.com
1	www.googletagmanager.com	kraftheinz.xelix.com
1	fonts.googleapis.com	kraftheinz.xelix.com
0	us.xelix.com Failed	kraftheinz.xelix.com
38	7

This site contains no links.

Subject Issuer	Validity	Valid
us.xelix.com Amazon RSA 2048 M03	`2024-04-09` - `2025-05-08`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
sentry.xelix.com Amazon RSA 2048 M01	`2023-09-23` - `2024-10-21`	a year	crt.sh
api.us.xelix.com Amazon RSA 2048 M02	`2023-06-28` - `2024-07-26`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://kraftheinz.xelix.com/
Frame ID: EDF2B8F4642B9EB34031DDA1102CECE6
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Xelix

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

38
Requests

92 %
HTTPS

67 %
IPv6

4
Domains

7
Subdomains

7
IPs

2
Countries

1855 kB
Transfer

4716 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
kraftheinz.xelix.com/ 1 KB
2 KB 381ms
176ms Document
text/html 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

5ec0dee13f8491dfe8470450112b9d2e67019ab4123bfcc2af7c3b426e841c05

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-cache
content-encoding: gzip
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
content-type: text/html
date: Tue, 09 Apr 2024 15:46:12 GMT
etag: W/"4d97b07058d2e0899171daba90f71d06"
last-modified: Tue, 09 Apr 2024 08:21:52 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
referrer-policy: strict-origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=15984000; preload
vary: Accept-Encoding
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-id: OHH7zbtIocFAfsZ6CIvK0noiMDM7zktyvKBhUwBNEwsbxtZsoAQFRA==
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: yzgKay4kjDxYXvkrg3pV6INVzfMLbP5p
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
957 B 143ms
57ms Stylesheet
text/css 2607:f8b0:4006:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;700;900&display=swap

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8822f247f15fa771269da31a110bc91c3751b622e4ed08bb81f90b7debbfd87e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 09 Apr 2024 15:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 09 Apr 2024 15:46:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 Apr 2024 15:46:12 GMT

GET
H2 200 index-D3jvNzGd.js Show response
kraftheinz.xelix.com/assets/ 3 MB
891 KB 208ms
205ms Script
application/x-javascript 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a6b25ff55e8bf24a4145a11fee4f21671b6c480846c51cb60481725e57f052a6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
x-amz-version-id: 3MARMnvJEErKRRbuhZqhS_NjAOj36605
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
content-encoding: gzip
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:46 GMT
server: AmazonS3
etag: W/"2e93a161b9eb9f0e18b2af241eab09f4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/x-javascript
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
x-amz-cf-id: nluuDIRewwjeJHXs9WJrdM0eeFJPB8di_RIwcBLmFpzCgQNgskxzow==

GET
H2 200 index-BXaLp7_N.css
kraftheinz.xelix.com/assets/ 109 KB
13 KB 276ms
274ms Stylesheet
text/css 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/assets/index-BXaLp7_N.css

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9c299f5e41a1f724cb46e97fe0b9fe8d5b72b0d2ef2cfcb13aa52d55e3bc8e53

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
x-amz-version-id: kOG8fKS27CH.5bOdhpFshTiNeFlWzcFb
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
content-encoding: gzip
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: W/"097bf3464c33bec745a2e969363b2239"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
x-amz-cf-id: sRAxocTYoc-i2q8vQ1YpOZNcmjxqsiZdONN0tVlcrfy6cqvEBNHwwg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 123 KB
47 KB 160ms
79ms Script
application/javascript 2607:f8b0:4006:80c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P9XMZWK&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

72a918e280a6ed38336e99ff508f4ae6ba0450495f4086a6b09ac069a40db61b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:12 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48089
x-xss-protection: 0
last-modified: Tue, 09 Apr 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Apr 2024 15:46:12 GMT

POST
H2 200 / Show response
sentry.xelix.com/api/4/envelope/ 2 B
262 B 386ms
97ms Fetch
application/json 18.132.54.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sentry.xelix.com/api/4/envelope/?sentry_key=9f9286af1ec54e8182a9cef90ef060d3&sentry_version=7&sentry_client=sentry.javascript.react%2F7.109.0
Requested by: Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.132.54.178 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-132-54-178.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 09 Apr 2024 15:46:12 GMT
server: nginx
vary: origin, access-control-request-method, access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
content-length: 2

GET
BLOB 200
OK 92478979-f250-4925-a015-643bc8556f78
https://kraftheinz.xelix.com/ 10 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://kraftheinz.xelix.com/92478979-f250-4925-a015-643bc8556f78
Requested by: Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Length: 10285
Content-Type

GET version.txt
us.xelix.com/ 0
0

GET
H2 401 / Show response
api.us.xelix.com/organisation/detail/ 58 B
955 B 363ms
97ms XHR
application/json 18.190.12.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.us.xelix.com/organisation/detail/

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.190.12.66 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-190-12-66.us-east-2.compute.amazonaws.com

Software

nginx /

Resource Hash

dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
content-security-policy: default-src 'self'
www-authenticate: Session
strict-transport-security: max-age=15984000; preload
x-content-type-options: nosniff
content-length: 58
referrer-policy: same-origin
server: nginx
cross-origin-opener-policy: same-origin
allow: GET, HEAD, OPTIONS
x-frame-options: DENY
content-type: application/json
vary: origin, Cookie
access-control-allow-origin: https://kraftheinz.xelix.com
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
expires: Tue, 09 Apr 2024 15:46:13 GMT

GET
H2 401 / Show response
api.us.xelix.com/account/settings/ 58 B
965 B 329ms
65ms XHR
application/json 18.190.12.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.us.xelix.com/account/settings/

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.190.12.66 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-190-12-66.us-east-2.compute.amazonaws.com

Software

nginx /

Resource Hash

dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
content-security-policy: default-src 'self'
www-authenticate: Session
strict-transport-security: max-age=15984000; preload
x-content-type-options: nosniff
content-length: 58
referrer-policy: same-origin
server: nginx
cross-origin-opener-policy: same-origin
allow: GET, PUT, PATCH, HEAD, OPTIONS
x-frame-options: DENY
content-type: application/json
vary: origin, Cookie
access-control-allow-origin: https://kraftheinz.xelix.com
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
expires: Tue, 09 Apr 2024 15:46:13 GMT

GET
H2 401 / Show response
api.us.xelix.com/account/check/ 58 B
1 KB 327ms
64ms XHR
application/json 18.190.12.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.us.xelix.com/account/check/

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.190.12.66 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-190-12-66.us-east-2.compute.amazonaws.com

Software

nginx /

Resource Hash

dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
content-security-policy: default-src 'self'
www-authenticate: Session
strict-transport-security: max-age=15984000; preload
x-content-type-options: nosniff
content-length: 58
referrer-policy: same-origin
server: nginx
cross-origin-opener-policy: same-origin
allow: GET, HEAD, OPTIONS
vary: Cookie, origin
content-type: application/json
x-frame-options: DENY
access-control-allow-origin: https://kraftheinz.xelix.com
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
expires: Tue, 09 Apr 2024 15:46:13 GMT

GET
H2 401 / Show response
api.us.xelix.com/organisation/financial-year/ 58 B
955 B 337ms
74ms XHR
application/json 18.190.12.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.us.xelix.com/organisation/financial-year/

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.190.12.66 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-190-12-66.us-east-2.compute.amazonaws.com

Software

nginx /

Resource Hash

dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
content-security-policy: default-src 'self'
www-authenticate: Session
strict-transport-security: max-age=15984000; preload
x-content-type-options: nosniff
content-length: 58
referrer-policy: same-origin
server: nginx
cross-origin-opener-policy: same-origin
allow: GET, HEAD, OPTIONS
x-frame-options: DENY
content-type: application/json
vary: origin, Cookie
access-control-allow-origin: https://kraftheinz.xelix.com
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
expires: Tue, 09 Apr 2024 15:46:13 GMT

GET
H2 401 / Show response
api.us.xelix.com/subsidiary/ 58 B
955 B 327ms
65ms XHR
application/json 18.190.12.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.us.xelix.com/subsidiary/

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.190.12.66 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-190-12-66.us-east-2.compute.amazonaws.com

Software

nginx /

Resource Hash

dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
content-security-policy: default-src 'self'
www-authenticate: Session
strict-transport-security: max-age=15984000; preload
x-content-type-options: nosniff
content-length: 58
referrer-policy: same-origin
server: nginx
cross-origin-opener-policy: same-origin
allow: GET, HEAD, OPTIONS
x-frame-options: DENY
content-type: application/json
vary: origin, Cookie
access-control-allow-origin: https://kraftheinz.xelix.com
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
expires: Tue, 09 Apr 2024 15:46:13 GMT

GET
H2 401 / Show response
api.us.xelix.com/account/settings/ 58 B
965 B 2000ms
1739ms XHR
application/json 18.190.12.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.us.xelix.com/account/settings/

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.190.12.66 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-190-12-66.us-east-2.compute.amazonaws.com

Software

nginx /

Resource Hash

dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
content-security-policy: default-src 'self'
www-authenticate: Session
strict-transport-security: max-age=15984000; preload
x-content-type-options: nosniff
content-length: 58
referrer-policy: same-origin
server: nginx
cross-origin-opener-policy: same-origin
allow: GET, PUT, PATCH, HEAD, OPTIONS
x-frame-options: DENY
content-type: application/json
vary: origin, Cookie
access-control-allow-origin: https://kraftheinz.xelix.com
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
expires: Tue, 09 Apr 2024 15:46:14 GMT

GET
H2 401 / Show response
api.us.xelix.com/organisation/detail/ 58 B
955 B 356ms
96ms XHR
application/json 18.190.12.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.us.xelix.com/organisation/detail/

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.190.12.66 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-190-12-66.us-east-2.compute.amazonaws.com

Software

nginx /

Resource Hash

dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/json, text/plain, */*
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
content-security-policy: default-src 'self'
www-authenticate: Session
strict-transport-security: max-age=15984000; preload
x-content-type-options: nosniff
content-length: 58
referrer-policy: same-origin
server: nginx
cross-origin-opener-policy: same-origin
allow: GET, HEAD, OPTIONS
x-frame-options: DENY
content-type: application/json
vary: origin, Cookie
access-control-allow-origin: https://kraftheinz.xelix.com
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
expires: Tue, 09 Apr 2024 15:46:13 GMT

GET
H2 200 favicon.ico
kraftheinz.xelix.com/ 5 KB
7 KB 181ms
180ms Other
image/x-icon 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d8fde10aa038fc9c8909a5271d9d128e76505d4bf62fe91409dcc202a47a58e2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
x-amz-version-id: eYr_s2lo0jW1kzGac425BVs2wdTJRJPx
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 5430
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:50 GMT
server: AmazonS3
etag: "d470fe0bd2c36357e94ddf2d86f9430b"
x-frame-options: DENY
content-type: image/x-icon
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: 6kef2UQ1ELE71zozBrkFHU1riQe1dmInPYHkZRBjjwEr9t4q_cg8OQ==

GET
H2 200 LoginPage-BUiucUjJ.js Show response
kraftheinz.xelix.com/assets/ 3 KB
3 KB 213ms
211ms Script
application/x-javascript 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/assets/LoginPage-BUiucUjJ.js

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bd7c17f075fe937349e5d6bbdf9881ef524dbe023c0953eac2f66bf1032f48df

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: eX6p2CCdoo7j6jViDhBkIs.guJ6TvfHJ
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
content-encoding: gzip
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: W/"fc0daa32ff2960e9cb556251643e2059"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/x-javascript
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
x-amz-cf-id: WDGdQLDYNcI3X5FB1vytJdnnkHCsa2AC_TIH8uAYK2Z_A2YCDWvBMg==

GET
H2 200 react-final-form.es-Ciapivsa.js Show response
kraftheinz.xelix.com/assets/ 8 KB
5 KB 253ms
252ms Script
application/x-javascript 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/assets/react-final-form.es-Ciapivsa.js

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

233d8f43fefbb8d1bf95467b0e33ffd7ebf7dd6b4ae3b120c4de46944fedc3c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: 7cmedxqCroK2ySa5VwCHUmLrXlfkAY9f
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
content-encoding: gzip
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:46 GMT
server: AmazonS3
etag: W/"2280239d32627e1d0314338a485801ea"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/x-javascript
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
x-amz-cf-id: vFshVjjzKrW7OR5GUI8hXJeUi5ZzeCeaPVr1WgBWsD5uyqtUiHuUkg==

GET
H2 200 Input-CzfvA38P.js Show response
kraftheinz.xelix.com/assets/ 123 KB
41 KB 273ms
272ms Script
application/x-javascript 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/assets/Input-CzfvA38P.js

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a273f918a8b8595f3e42e673a25b386a42dbf444dfaf8d25064456bea5cae2b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: yFXCR6Oap68ORrWh2O7B7lbrylp9YA4W
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
content-encoding: gzip
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: W/"95f75e1cee503aeb5e8f2fc55fda28ff"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/x-javascript
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
x-amz-cf-id: VCEReaLYqU16kz79pl8p7KoTV5IRtr4APukBMK58QUfYvFp-MpvVlw==

GET
H2 200 Error-DRO9FoRH.js Show response
kraftheinz.xelix.com/assets/ 16 KB
8 KB 226ms
225ms Script
application/x-javascript 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/assets/Error-DRO9FoRH.js

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

23c1a52b4836d4797cc5f24e4f999ebc34d87ecfb3435d3d1e5dfcf1cdf88f1e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: Qs4vr9ncYVkK_swVLhWb.8_jzvGhTHF4
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
content-encoding: gzip
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:44 GMT
server: AmazonS3
etag: W/"a5552bbff2ee60c5a2fde58e834f3869"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/x-javascript
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
x-amz-cf-id: NtX5aekB6_FBderj-vj8Cwzxy7Ho_a8XZwEZ6LCcWrkpy3bDI0M16Q==

GET
H2 200 SubmitButton-BwKsXg9X.js Show response
kraftheinz.xelix.com/assets/ 339 B
2 KB 172ms
171ms Script
application/x-javascript 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/assets/SubmitButton-BwKsXg9X.js

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c3f4d43eb7356da2674eb862f3eb7c93a1d5a64f4af61ac009016df58425c286

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: RYRviIe7A7Irjhg70yZazNN85pmc5.RZ
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 339
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: "ab4412d2a5587176e3111dbc84379579"
x-frame-options: DENY
content-type: application/x-javascript
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: MfDUAgSY-g_AMhnOdqGvAvfZtNb1WJdIMtdgjvZ491faBEHUR316Bg==

GET
H2 200 SubmitError-DRwvDI8k.js Show response
kraftheinz.xelix.com/assets/ 325 B
2 KB 447ms
447ms Script
application/x-javascript 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/assets/SubmitError-DRwvDI8k.js

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8aeab56a8ec8741129546a3a122792114abf7391aa94f58f6cd1964cdc194883

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: Tfg_qAQ2Ha8cvEe7Io9gandfzKp_uHPo
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 325
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: "0465efd2b2d6c93fd05c0fd61282d65b"
x-frame-options: DENY
content-type: application/x-javascript
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: iK2dDbnCbOmq-QUv1K7OdwjjEyU-FFXHsKDC-CzcoyI2uWtmlStAGQ==

GET
H2 200 RouterLink-BGihXyIu.js Show response
kraftheinz.xelix.com/assets/ 445 B
2 KB 187ms
187ms Script
application/x-javascript 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/assets/RouterLink-BGihXyIu.js

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

34b33d366ce7c64b22bce1456ad13b663091774073ac2dac38a31377c9ef5dc4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: c62TQiwSFizgig8MSakP8CDlR2sv_.ya
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 445
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: "01aae4fe98d5414f1ddbf126ad79d08a"
x-frame-options: DENY
content-type: application/x-javascript
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: FKmNMSuP4wq7ci78crI1kJfcm7OlOWMh6BgYnR4_3UoqpE9ev2suRQ==

GET
H2 200 socials-graphic-BBVbpT8g.png
kraftheinz.xelix.com/assets/ 301 KB
303 KB 392ms
391ms Image
image/png 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kraftheinz.xelix.com/assets/socials-graphic-BBVbpT8g.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6446270d3aaa49da603344488a2625e73dec8599b660a6cd6d7c495cb0c1beb5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/login
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: dzg4KnnfiS9WbNeNX0.18GbjV_Ek64uq
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 307782
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:46 GMT
server: AmazonS3
etag: "5a54ae0ea31a9ac1924464196bdfea14"
x-frame-options: DENY
content-type: image/png
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: WmS3jDM_OHXaTV-6WpodZtUFmJVqmzJ_WPzNfUk_qFjLPixETD1pYA==

GET
H2 200 check-circle-CAflhMfi.png
kraftheinz.xelix.com/assets/ 16 KB
18 KB 464ms
463ms Image
image/png 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kraftheinz.xelix.com/assets/check-circle-CAflhMfi.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7b76065b7c7609852eba669c58446697d96148e454058de1fa79dcb046ee8a40

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/login
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: S8aYYe6AqGBd9xJ4rroa6QI07QVnQzK5
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 16082
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: "0a3763f41ccdf22caf3d6c16a1b3ab59"
x-frame-options: DENY
content-type: image/png
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: iu4cAKXuUUB3QCtvTzNKswIE3bd0eBvt10vZdoHHedFEHd9ajPncyg==

GET
H2 200 Phone-DtfbhuwJ.png
kraftheinz.xelix.com/assets/ 52 KB
53 KB 377ms
376ms Image
image/png 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kraftheinz.xelix.com/assets/Phone-DtfbhuwJ.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fa880c0c6851cb995b10c2e02279489b0fc95624272089aee19c8620c09675e8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/login
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: BJp0vM_BBQm.71DVnur5RHPcqx5i6L4A
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 52762
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: "9dca35697ae71e9621dd17dd77a8c41c"
x-frame-options: DENY
content-type: image/png
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: kx5Y8Tb_KSRzTuqABfQagoqC5lbIQcFZczaCLzmG7tgmrdWWsw_6Ug==

GET
H2 200 favicon.ico
kraftheinz.xelix.com/ 5 KB
7 KB 353ms
353ms Other
image/x-icon 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://kraftheinz.xelix.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d8fde10aa038fc9c8909a5271d9d128e76505d4bf62fe91409dcc202a47a58e2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/login
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: eYr_s2lo0jW1kzGac425BVs2wdTJRJPx
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 5430
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:50 GMT
server: AmazonS3
etag: "d470fe0bd2c36357e94ddf2d86f9430b"
x-frame-options: DENY
content-type: image/x-icon
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: hT-We9k0uVeflLfmJcAwtLShw4UJtGIjxz_f542X-a9QiiJcztqjdQ==

GET
H2 200 email.svg
kraftheinz.xelix.com/icons/ 364 B
2 KB 157ms
156ms Image
image/svg+xml 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kraftheinz.xelix.com/icons/email.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

23568b0eedf570d8183d688d6bc2acbb8e7f06a4270b5165aa00068847c08a92

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/login
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: 2y9PghRRtfZivVtpbsyCdbsxLisFP3Zk
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 364
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:50 GMT
server: AmazonS3
etag: "3fc9212e1f9331048723e24cdb95313c"
x-frame-options: DENY
content-type: image/svg+xml
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: apQyrTq9IhNba_VEiTOASyPDtqqjq9wsG0U-FAK1QyMv3Dwq2M1M6A==

GET
H2 200 password.svg
kraftheinz.xelix.com/icons/ 353 B
2 KB 209ms
209ms Image
image/svg+xml 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kraftheinz.xelix.com/icons/password.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f8bd1b8e9d1ccc539e392dc336c5041e5cfda52a5299ec925fc5c170fdea1b44

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/login
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: e18ov3C7Lg3YDg0cKK.71rVli0kAhXPD
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 353
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:50 GMT
server: AmazonS3
etag: "baa34c6cef9406a9fa0574469fd692ba"
x-frame-options: DENY
content-type: image/svg+xml
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: yatyEIzQgHm0SZ-j3kUja7wYm1-a1flq-SV7np8yIxjOqdpTgAWcog==

GET
H2 200 socials-graphic-BBVbpT8g.png
kraftheinz.xelix.com/assets/ 301 KB
303 KB 176ms
175ms Image
image/png 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kraftheinz.xelix.com/assets/socials-graphic-BBVbpT8g.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6446270d3aaa49da603344488a2625e73dec8599b660a6cd6d7c495cb0c1beb5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/login
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: dzg4KnnfiS9WbNeNX0.18GbjV_Ek64uq
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 307782
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:46 GMT
server: AmazonS3
etag: "5a54ae0ea31a9ac1924464196bdfea14"
x-frame-options: DENY
content-type: image/png
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: kQrFmKQzw-VBeGK0cYR89wMpLTwg_nYvn8K2OIqvGOxx1JYxr_9-eg==

GET
H2 200 check-circle-CAflhMfi.png
kraftheinz.xelix.com/assets/ 16 KB
18 KB 139ms
139ms Image
image/png 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kraftheinz.xelix.com/assets/check-circle-CAflhMfi.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7b76065b7c7609852eba669c58446697d96148e454058de1fa79dcb046ee8a40

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/login
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: S8aYYe6AqGBd9xJ4rroa6QI07QVnQzK5
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 16082
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: "0a3763f41ccdf22caf3d6c16a1b3ab59"
x-frame-options: DENY
content-type: image/png
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: Te7SFIluhJ6LdUNcILWIkJtzceFNyKVtfUxwa0wNYyGfWMX9B18ryg==

GET
H2 200 7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
21 KB 131ms
38ms Font
font/woff2 2607:f8b0:4006:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 08:00:01 GMT
x-content-type-options: nosniff
age: 546372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21144
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:43:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Apr 2025 08:00:01 GMT

GET
H2 200 7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v12/ 20 KB
21 KB 182ms
88ms Font
font/woff2 2607:f8b0:4006:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 07:47:32 GMT
x-content-type-options: nosniff
age: 547121
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20960
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:18:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Apr 2025 07:47:32 GMT

GET
H2 200 7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
21 KB 162ms
68ms Font
font/woff2 2607:f8b0:4006:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://fonts.googleapis.com/
Origin: https://kraftheinz.xelix.com
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 09:06:23 GMT
x-content-type-options: nosniff
age: 542390
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21724
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:29:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Apr 2025 09:06:23 GMT

GET
H2 200 Phone-DtfbhuwJ.png
kraftheinz.xelix.com/assets/ 52 KB
53 KB 156ms
156ms Image
image/png 2600:9000:247b:600:1f:d425:1640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kraftheinz.xelix.com/assets/Phone-DtfbhuwJ.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:247b:600:1f:d425:1640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fa880c0c6851cb995b10c2e02279489b0fc95624272089aee19c8620c09675e8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://kraftheinz.xelix.com/login
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:14 GMT
x-amz-version-id: BJp0vM_BBQm.71DVnur5RHPcqx5i6L4A
x-content-type-options: nosniff
strict-transport-security: max-age=15984000; preload
via: 1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
content-security-policy: default-src 'none';connect-src *.xelix.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hubspot.com *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com *.posthog.com *.productfruits.com wss://*.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com *.posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com *.posthog.com *.productfruits.com *.youtube.com;img-src 'self' *.hubspot.com *.xelix.com *.ads.linkedin.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.usemessages.com *.hsadspixel.net *.hsleadflows.net *.hubapi.com *.googletagmanager.com *.licdn.com www.google.com www.gstatic.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.posthog.com *.productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
x-amz-cf-pop: JFK52-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 52762
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Apr 2024 08:21:45 GMT
server: AmazonS3
etag: "9dca35697ae71e9621dd17dd77a8c41c"
x-frame-options: DENY
content-type: image/png
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
accept-ranges: bytes
x-amz-cf-id: iJDKqnzfW31yQmiTCPsDpETgduU6JhnLEe-QfDNnuBMcfQGWoFPTJA==

GET
H2 401 / Show response
api.us.xelix.com/account/check/ 58 B
1 KB 65ms
65ms XHR
application/json 18.190.12.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.us.xelix.com/account/check/

Requested by

Host: kraftheinz.xelix.com
URL: https://kraftheinz.xelix.com/assets/index-D3jvNzGd.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.190.12.66 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-190-12-66.us-east-2.compute.amazonaws.com

Software

nginx /

Resource Hash

dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://kraftheinz.xelix.com/login
X-CSRFToken: bPCsg7MRrLCiOrZMser2Z9ORbqcyIiLo
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 09 Apr 2024 15:46:13 GMT
content-security-policy: default-src 'self'
www-authenticate: Session
strict-transport-security: max-age=15984000; preload
x-content-type-options: nosniff
content-length: 58
referrer-policy: same-origin
server: nginx
cross-origin-opener-policy: same-origin
allow: GET, HEAD, OPTIONS
vary: Cookie, origin
content-type: application/json
x-frame-options: DENY
access-control-allow-origin: https://kraftheinz.xelix.com
cache-control: max-age=0, no-cache, no-store, must-revalidate, private
access-control-allow-credentials: true
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=(),
expires: Tue, 09 Apr 2024 15:46:13 GMT

OPTIONS
H2 200 /
api.us.xelix.com/account/check/ 0
0 152ms
52ms Preflight
text/html 18.190.12.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.us.xelix.com/account/check/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.190.12.66 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-190-12-66.us-east-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-csrftoken
Access-Control-Request-Method: GET
Origin: https://kraftheinz.xelix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, authorization, content-type, user-agent, x-csrftoken, x-requested-with
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://kraftheinz.xelix.com
access-control-max-age: 86400
content-length: 0
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Tue, 09 Apr 2024 15:46:13 GMT
referrer-policy: same-origin
server: nginx
strict-transport-security: max-age=15984000; preload
vary: origin
x-content-type-options: nosniff

POST /
sentry.xelix.com/api/4/envelope/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: us.xelix.com
URL: https://us.xelix.com/version.txt

Domain: sentry.xelix.com
URL: https://sentry.xelix.com/api/4/envelope/?sentry_key=9f9286af1ec54e8182a9cef90ef060d3&sentry_version=7&sentry_client=sentry.javascript.react%2F7.109.0

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			kraftheinz.xelix.com/	1969-12-31 23:59:59	Name: browser_timezone Value: Pacific/Honolulu
			.xelix.com/	1970-01-21 04:28:47	Name: csrftoken_us Value: bPCsg7MRrLCiOrZMser2Z9ORbqcyIiLo

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	Message: Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
javascript	error	URL: https://kraftheinz.xelix.com/ Message: Access to fetch at 'https://us.xelix.com/version.txt' from origin 'https://kraftheinz.xelix.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://us.xelix.com/version.txt Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://api.us.xelix.com/account/check/ Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://api.us.xelix.com/account/settings/ Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://api.us.xelix.com/subsidiary/ Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://api.us.xelix.com/organisation/financial-year/ Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://api.us.xelix.com/organisation/detail/ Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://api.us.xelix.com/organisation/detail/ Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://api.us.xelix.com/account/check/ Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://api.us.xelix.com/account/settings/ Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none';connect-src .xelix.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hubspot.com .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com .posthog.com .productfruits.com wss://.productfruits.com productfruits.help xelix-tinymce.s3.eu-west-1.amazonaws.com;font-src 'self' data: fonts.gstatic.com .posthog.com xelix-tinymce.s3.eu-west-1.amazonaws.com;frame-src www.google.com www.gstatic.com .posthog.com .productfruits.com .youtube.com;img-src 'self' .hubspot.com .xelix.com .ads.linkedin.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com https: data:;script-src 'self' 'unsafe-inline' blob: cdnjs.cloudflare.com .hs-scripts.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .usemessages.com .hsadspixel.net .hsleadflows.net .hubapi.com .googletagmanager.com .licdn.com www.google.com www.gstatic.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com .posthog.com .productfruits.com xelix-tinymce.s3.eu-west-1.amazonaws.com;worker-src blob: 'self' ;
Strict-Transport-Security	max-age=15984000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.us.xelix.com
fonts.googleapis.com
fonts.gstatic.com
kraftheinz.xelix.com
sentry.xelix.com
us.xelix.com
www.googletagmanager.com
sentry.xelix.com
us.xelix.com
18.132.54.178
18.190.12.66
2600:9000:247b:600:1f:d425:1640:93a1
2607:f8b0:4006:807::200a
2607:f8b0:4006:808::2003
2607:f8b0:4006:80c::2008
233d8f43fefbb8d1bf95467b0e33ffd7ebf7dd6b4ae3b120c4de46944fedc3c6
23568b0eedf570d8183d688d6bc2acbb8e7f06a4270b5165aa00068847c08a92
23c1a52b4836d4797cc5f24e4f999ebc34d87ecfb3435d3d1e5dfcf1cdf88f1e
2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b
34b33d366ce7c64b22bce1456ad13b663091774073ac2dac38a31377c9ef5dc4
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
5ec0dee13f8491dfe8470450112b9d2e67019ab4123bfcc2af7c3b426e841c05
6446270d3aaa49da603344488a2625e73dec8599b660a6cd6d7c495cb0c1beb5
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
72a918e280a6ed38336e99ff508f4ae6ba0450495f4086a6b09ac069a40db61b
7b76065b7c7609852eba669c58446697d96148e454058de1fa79dcb046ee8a40
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
8822f247f15fa771269da31a110bc91c3751b622e4ed08bb81f90b7debbfd87e
8aeab56a8ec8741129546a3a122792114abf7391aa94f58f6cd1964cdc194883
9c299f5e41a1f724cb46e97fe0b9fe8d5b72b0d2ef2cfcb13aa52d55e3bc8e53
a273f918a8b8595f3e42e673a25b386a42dbf444dfaf8d25064456bea5cae2b3
a6b25ff55e8bf24a4145a11fee4f21671b6c480846c51cb60481725e57f052a6
bd7c17f075fe937349e5d6bbdf9881ef524dbe023c0953eac2f66bf1032f48df
c3f4d43eb7356da2674eb862f3eb7c93a1d5a64f4af61ac009016df58425c286
d8fde10aa038fc9c8909a5271d9d128e76505d4bf62fe91409dcc202a47a58e2
dbff0849bc109eee7f9b7b1fe12e40fc8add21823b2f1fb600b37f620cbd7862
f8bd1b8e9d1ccc539e392dc336c5041e5cfda52a5299ec925fc5c170fdea1b44
fa880c0c6851cb995b10c2e02279489b0fc95624272089aee19c8620c09675e8

kraftheinz.xelix.com Open in urlscan Pro 2600:9000:247b:600:1f:d425:1640:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

38 Requests

92 %HTTPS

67 %IPv6

4 Domains

7 Subdomains

7 IPs

2 Countries

1855 kBTransfer

4716 kBSize

2 Cookies

0 Outgoing links

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

kraftheinz.xelix.com Open in urlscan Pro
2600:9000:247b:600:1f:d425:1640:93a1 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

92 %
HTTPS

67 %
IPv6

4
Domains

7
Subdomains

7
IPs

2
Countries

1855 kB
Transfer

4716 kB
Size

2
Cookies

38 HTTP transactions
0 data transactions