Submitted URL: http://tout-oui.sncf.com/
Effective URL: https://tout-oui.sncf.com/
Submission: On July 01 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 16 HTTP transactions. The main IP is 2606:4700::6812:ff6, located in United States and belongs to CLOUDFLARENET, US. The main domain is tout-oui.sncf.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 24th 2024. Valid for: a year.
This is the only time tout-oui.sncf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
16 3
Apex Domain
Subdomains
Transfer
13 sncf.com
tout-oui.sncf.com
369 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83
3 KB
1 gstatic.com
fonts.gstatic.com
25 KB
16 3
Domain Requested by
13 tout-oui.sncf.com tout-oui.sncf.com
2 fonts.googleapis.com tout-oui.sncf.com
1 fonts.gstatic.com fonts.googleapis.com
16 3

This site contains links to these domains. Also see Links.

Domain
www.sncf.com
sncf.force.com
Subject Issuer Validity Valid
tout-oui.sncf.com
Cloudflare Inc ECC CA-3
2024-01-24 -
2024-12-31
a year crt.sh
upload.video.google.com
WR2
2024-06-13 -
2024-09-05
3 months crt.sh
*.gstatic.com
WR2
2024-06-13 -
2024-09-05
3 months crt.sh

This page contains 1 frames:

Primary Page: https://tout-oui.sncf.com/
Frame ID: C34D198ADDBA48EEF4935DCB57883A7B
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

TGV INOUI & Intercités : déposez votre réclamation | SNCF

Page URL History Show full URLs

  1. http://tout-oui.sncf.com/ HTTP 307
    https://tout-oui.sncf.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

397 kB
Transfer

1335 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tout-oui.sncf.com/ HTTP 307
    https://tout-oui.sncf.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
tout-oui.sncf.com/
Redirect Chain
  • http://tout-oui.sncf.com/
  • https://tout-oui.sncf.com/
1 KB
2 KB
Document
General
Full URL
https://tout-oui.sncf.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60bc381eb637f1310619b258b8c23a4de41a950575254ecb404130fe5474e152
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
public, max-age=0
cf-cache-status
DYNAMIC
cf-ray
89c6c44ccf30692b-FRA
content-encoding
gzip
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
same-origin
date
Mon, 01 Jul 2024 13:33:15 GMT
last-modified
Fri, 31 May 2024 14:49:06 GMT
origin-agent-cluster
?1
referrer-policy
no-referrer
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0

Redirect headers

Location
https://tout-oui.sncf.com/
Non-Authoritative-Reason
HttpsUpgrades
index-66ade0eb.js
tout-oui.sncf.com/assets/
591 KB
195 KB
Script
General
Full URL
https://tout-oui.sncf.com/assets/index-66ade0eb.js
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
425f6b4a5043c95db8faf143b705cf1804dc2fc2da750160120eb4dcb87d1301
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://tout-oui.sncf.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:15 GMT
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 31 May 2024 14:49:06 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
etag
W/"93c9e-18fcf2036d0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
origin-agent-cluster
?1
cache-control
public, max-age=14400
cf-ray
89c6c44d4fb1692b-FRA
expires
Mon, 01 Jul 2024 17:33:15 GMT
index-d281c252.css
tout-oui.sncf.com/assets/
602 KB
87 KB
Stylesheet
General
Full URL
https://tout-oui.sncf.com/assets/index-d281c252.css
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d281c2521f0f2bee8bf422867e62906881ffa02f1e5c7d8ddf8016516c9f76eb
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:15 GMT
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 31 May 2024 14:49:06 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
etag
W/"967a3-18fcf2036d0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
origin-agent-cluster
?1
cache-control
public, max-age=14400
cf-ray
89c6c44d4fae692b-FRA
expires
Mon, 01 Jul 2024 17:33:15 GMT
css
fonts.googleapis.com/
22 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,700
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/assets/index-d281c252.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6be755af024193288462dbefee1d1c4f60a253639df19ae10072d64f28676931
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Jul 2024 13:33:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 12:27:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jul 2024 13:33:15 GMT
css
fonts.googleapis.com/
717 B
443 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/assets/index-d281c252.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
77d9907ca853ab885fd7a35a29faaf4206b8fe47347cd9c12391d64451ad6f37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Jul 2024 13:33:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 12:05:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jul 2024 13:33:15 GMT
/
tout-oui.sncf.com/api/history/
23 B
593 B
XHR
General
Full URL
https://tout-oui.sncf.com/api/history/
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/assets/index-66ade0eb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9264b4d50475527c06343025e4a00c1bed9ae96fdb08657dc7a5cbbf70749d9
Security Headers
Name Value
Content-Security-Policy script-src 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:16 GMT
content-security-policy
script-src 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
content-length
23
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"17-0irPX+2YhLGRVXRJ0FUUY5iOHf0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cf-ray
89c6c44f5a11692b-FRA
refresh
tout-oui.sncf.com/api/auth/
18 B
284 B
XHR
General
Full URL
https://tout-oui.sncf.com/api/auth/refresh
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/assets/index-66ade0eb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8aa06759da6af9878325a7b76e0c2a27516b85ca0022c140bd02d236e4ce81e5
Security Headers
Name Value
Content-Security-Policy script-src 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:16 GMT
content-security-policy
script-src 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
content-length
18
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"12-5Ti4RxX6tW4QHCzTPHbTwIiTtA8"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cf-ray
89c6c44f8a56692b-FRA
logo-sncf-485aacc1.svg
tout-oui.sncf.com/assets/
6 KB
3 KB
Image
General
Full URL
https://tout-oui.sncf.com/assets/logo-sncf-485aacc1.svg
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
485aacc1c20d2abe93ef19c976fd70bfb9056c429b0614748da8fd725615d639
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:16 GMT
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 31 May 2024 14:49:06 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
etag
W/"17c2-18fcf2036d0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
origin-agent-cluster
?1
cache-control
public, max-age=14400
cf-ray
89c6c44f8a5a692b-FRA
expires
Mon, 01 Jul 2024 17:33:16 GMT
user-a1b40fcc.svg
tout-oui.sncf.com/assets/
4 KB
2 KB
Image
General
Full URL
https://tout-oui.sncf.com/assets/user-a1b40fcc.svg
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1b40fcc46baf2c832f945b124839b03145e55d162dd41e38bfb392e9c63a9ab
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:16 GMT
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 31 May 2024 14:49:06 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
etag
W/"1182-18fcf2036d0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
origin-agent-cluster
?1
cache-control
public, max-age=14400
cf-ray
89c6c44f8a5e692b-FRA
expires
Mon, 01 Jul 2024 17:33:16 GMT
french-75bab17e.svg
tout-oui.sncf.com/assets/
968 B
586 B
Image
General
Full URL
https://tout-oui.sncf.com/assets/french-75bab17e.svg
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75bab17ecbb9b3323fa6bcd342cf48869c9a546d8087aeb918901240e13a1816
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:16 GMT
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 31 May 2024 14:49:06 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
etag
W/"3c8-18fcf2036d0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
origin-agent-cluster
?1
cache-control
public, max-age=14400
cf-ray
89c6c44f9a60692b-FRA
expires
Mon, 01 Jul 2024 17:33:16 GMT
conversation
tout-oui.sncf.com/api/
818 B
616 B
XHR
General
Full URL
https://tout-oui.sncf.com/api/conversation
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/assets/index-66ade0eb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c0fc914b7656a3eef18f62714942fa4b5f9fac5193548d787929fb0c4909954
Security Headers
Name Value
Content-Security-Policy script-src 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
X-Connect-Token
false
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:16 GMT
content-security-policy
script-src 'self';default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"332-OVeVn6W8itTCtuMrLpZTbpydgQ4"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cf-ray
89c6c44fdaa3692b-FRA
icon-a408abe8.svg
tout-oui.sncf.com/assets/
6 KB
3 KB
Other
General
Full URL
https://tout-oui.sncf.com/assets/icon-a408abe8.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a408abe8c59fbdde768972930410568a90bd6629a44b371badd1bebdf526354a
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:16 GMT
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 31 May 2024 14:49:06 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
etag
W/"1713-18fcf2036d0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
origin-agent-cluster
?1
cache-control
public, max-age=14400
cf-ray
89c6c4501ae2692b-FRA
expires
Mon, 01 Jul 2024 17:33:16 GMT
favicon.ico
tout-oui.sncf.com/
16 B
123 B
Other
General
Full URL
https://tout-oui.sncf.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fb202078e6c0e710ebd2dfcc6085b272d84f99bccdaa72a024aff5334adff7b
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:16 GMT
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
unsafe-none
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
origin-agent-cluster
?1
cf-ray
89c6c4507b56692b-FRA
fontawesome-webfont-2adefcbc.woff2
tout-oui.sncf.com/assets/
75 KB
76 KB
Font
General
Full URL
https://tout-oui.sncf.com/assets/fontawesome-webfont-2adefcbc.woff2?v=4.7.0
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/assets/index-d281c252.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://tout-oui.sncf.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:17 GMT
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
content-length
77160
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 31 May 2024 14:49:06 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
etag
W/"12d68-18fcf2036d0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff2
origin-agent-cluster
?1
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
89c6c4563988692b-FRA
expires
Mon, 01 Jul 2024 17:33:17 GMT
navigate_next-24px-1307080e.svg
tout-oui.sncf.com/assets/
196 B
301 B
Image
General
Full URL
https://tout-oui.sncf.com/assets/navigate_next-24px-1307080e.svg
Requested by
Host: tout-oui.sncf.com
URL: https://tout-oui.sncf.com/assets/index-d281c252.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:ff6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1307080ec170fb0354ced5e0c318ef73cdee34afe67926adf62e8d5ea87840a6
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 13:33:18 GMT
content-security-policy
default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
MISS
x-permitted-cross-domain-policies
none
content-encoding
gzip
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Fri, 31 May 2024 14:49:06 GMT
server
cloudflare
cross-origin-opener-policy
unsafe-none
etag
W/"c4-18fcf2036d0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
origin-agent-cluster
?1
cache-control
public, max-age=14400
cf-ray
89c6c45c58d5692b-FRA
expires
Mon, 01 Jul 2024 17:33:18 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/
24 KB
25 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://tout-oui.sncf.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 15:46:29 GMT
x-content-type-options
nosniff
age
337609
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24984
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:04:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Jun 2025 15:46:29 GMT

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| __VUE_INSTANCE_SETTERS__ function| saveAs boolean| __VUE__

1 Cookies

Domain/Path Name / Value
tout-oui.sncf.com/ Name: x-access-token
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijc2MTE5MzkiLCJzZWNyZXQiOiJqeGpkMml3dmt2Z2ltMmxtYmpmbWh1ZHg5czg3dG1tIiwiaWF0IjoxNzE5ODQwNzk2LCJleHAiOjE4MDI2NDA3OTZ9.AJr8rwOL2edwB0zALr-vHoLXiy1Gq7BeVbC5uzyRR1I

1 Console Messages

Source Level URL
Text
network error URL: https://tout-oui.sncf.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';script-src 'self' https://tout-oui.sncf.com/js/ 'sha256-cQLIXFYXmc59cSVqeeIMtB16t2OWl8VEINe04Lfzmsk=';connect-src 'self';img-src 'self' https://tout-oui.sncf.com/img/;font-src 'self' https://fonts.gstatic.com/s/ https://tout-oui.sncf.com/fonts/;object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://tout-oui.sncf.com/css/;frame-ancestors 'self';base-uri 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0