urlscan.io logo urlscan.io
SecurityTrails logo

app.heylo.co Open in urlscan Pro
76.76.21.61  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.heylo.co/
Effective URL: https://app.heylo.co/
Submission: On October 31 via manual from CO — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 8 domains to perform 27 HTTP transactions. The main IP is 76.76.21.61, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is app.heylo.co.
TLS certificate: Issued by R10 on September 3rd 2024. Valid for: 3 months.
This is the only time app.heylo.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 76.76.21.61 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 34.128.128.0 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 151.101.64.176 54113 (FASTLY)
1 2400:52e0:1e0... 60068 (CDN77 _)
1 151.101.0.176 54113 (FASTLY)
27 8
15    76.76.21.61 (Walnut, United States)

ASN16509 (AMAZON-02, US)
app.heylo.co
2    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    34.128.128.0 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 0.128.128.34.bc.googleusercontent.com
featureassets.org
prodregistryv2.org
1    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
4    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com
content-firebaseappcheck.googleapis.com
1    151.101.64.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
1    2400:52e0:1e00::1081:1 (Germany)

ASN60068 (CDN77 _, GB)
heylo-gs.b-cdn.net
1    151.101.0.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
Apex Domain
Subdomains		 Transfer
15 heylo.co
app.heylo.co
2 MB
4 googleapis.com
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 617
content-firebaseappcheck.googleapis.com — Cisco Umbrella Rank: 81984
802 B
2 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1102
164 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 3
1000 B
1 prodregistryv2.org
prodregistryv2.org — Cisco Umbrella Rank: 6176
337 B
1 b-cdn.net
heylo-gs.b-cdn.net — Cisco Umbrella Rank: 915596
13 KB
1 gstatic.com
www.gstatic.com
217 KB
1 featureassets.org
featureassets.org — Cisco Umbrella Rank: 7241
1 KB
27 8
Domain Requested by
15 app.heylo.co app.heylo.co
2 content-firebaseappcheck.googleapis.com app.heylo.co
2 js.stripe.com app.heylo.co
js.stripe.com
2 firebaseinstallations.googleapis.com app.heylo.co
2 www.google.com app.heylo.co
www.gstatic.com
1 prodregistryv2.org app.heylo.co
1 heylo-gs.b-cdn.net app.heylo.co
1 www.gstatic.com www.google.com
1 featureassets.org app.heylo.co
27 9

This site contains no links.

Subject Issuer Validity Valid
app.heylo.co
R10		 2024-09-03 -
2024-12-02		 3 months crt.sh
*.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
featureassets.org
R11		 2024-10-20 -
2025-01-18		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-10-30 -
2025-02-06		 3 months crt.sh
*.b-cdn.net
Sectigo RSA Domain Validation Secure Server CA		 2023-11-05 -
2024-11-11		 a year crt.sh
prodregistryv2.org
R10		 2024-10-20 -
2025-01-18		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://app.heylo.co/
Frame ID: 43417ED0596CCAE354D1C7A51EFAFAAC
Requests: 23 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdJKyUqAAAAAJCb8d1VgFH3m_qGxm2O9BimloJ5&co=aHR0cHM6Ly9hcHAuaGV5bG8uY286NDQz&hl=de&v=-ZG7BC9TxCVEbzIO2m429usb&size=invisible&cb=2ld84jhosu1y
Frame ID: 474CEA97C79A5A0DCDE11FCE1E59FB0C
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-e3e7bc822c405d339de59a6bd9278e11.html
Frame ID: 39E8BDA4DC88486A9A7CDC2B19D7F28F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Heylo

Page URL History Show full URLs

  1. http://app.heylo.co/ HTTP 307
    https://app.heylo.co/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

27
Requests

100 %
HTTPS

50 %
IPv6

8
Domains

9
Subdomains

8
IPs

2
Countries

2214 kB
Transfer

7622 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.heylo.co/ HTTP 307
    https://app.heylo.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
app.heylo.co/
Redirect Chain
  • http://app.heylo.co/
  • https://app.heylo.co/
35 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
b8840bea14477a73e42fa5f3bcbbb5e270f44424263de440af5db7cfb8a0fdeb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
23286
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="[[...slug]]"
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 31 Oct 2024 00:44:14 GMT
etag
W/"a62d48c6ad03a263213d2dd60d60634d"
last-modified
Wed, 30 Oct 2024 18:16:08 GMT
server
Vercel
strict-transport-security
max-age=63072000
x-matched-path
/[[...slug]]
x-vercel-cache
HIT
x-vercel-id
fra1::69l8z-1730335454367-1770a1e978a3

Redirect headers

Location
https://app.heylo.co/
Non-Authoritative-Reason
HttpsUpgrades
69a8f2bee9283094.css
app.heylo.co/_next/static/css/ 		694 B
932 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/css/69a8f2bee9283094.css
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
9c8c301a6f257252b07f4aa72547d502997a44cfe056397d3efb85d73ba383dd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
x-vercel-cache
HIT
etag
"70df2331b8cdac12494e635c1f5e6e37"
age
23222
x-matched-path
/_next/static/css/69a8f2bee9283094.css
accept-ranges
bytes
access-control-allow-origin
*
content-length
694
date
Thu, 31 Oct 2024 00:44:14 GMT
content-disposition
inline; filename="69a8f2bee9283094.css"
content-type
text/css; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:12 GMT
x-vercel-id
fra1::69l8z-1730335454444-b3cc6b43c415
webpack-462600422087eb5f.js
app.heylo.co/_next/static/chunks/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/chunks/webpack-462600422087eb5f.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
b452157ebe03dd90d587eb54483fbcc59daf66624981c0ff5ddbac3bb602b6b1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"cc4f352a008d290749c5dee5834c66c4"
age
23222
x-matched-path
/_next/static/chunks/webpack-462600422087eb5f.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:14 GMT
content-disposition
inline; filename="webpack-462600422087eb5f.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:12 GMT
x-vercel-id
fra1::zv8n6-1730335454444-d292242df32e
framework-8383bf789d61bcef.js
app.heylo.co/_next/static/chunks/ 		138 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/chunks/framework-8383bf789d61bcef.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
b3f5cfaaffb65ebc43135022f92ebb0aefec87ea3ce0dc13212359bbf22e8b77
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"d2e8ba4e8ecff89eafff901ca74f53c4"
age
23222
x-matched-path
/_next/static/chunks/framework-8383bf789d61bcef.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:14 GMT
content-disposition
inline; filename="framework-8383bf789d61bcef.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:12 GMT
x-vercel-id
fra1::hkgsw-1730335454473-dc55f40ba9de
main-3a526b03aa4e0f3f.js
app.heylo.co/_next/static/chunks/ 		107 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/chunks/main-3a526b03aa4e0f3f.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
70432b1b576f5e626d1ebdb90020cef5c673c20937852105c3903704e87b34f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"02846462f7de7fb30eb7f1e96efe7762"
age
23222
x-matched-path
/_next/static/chunks/main-3a526b03aa4e0f3f.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:14 GMT
content-disposition
inline; filename="main-3a526b03aa4e0f3f.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:12 GMT
x-vercel-id
fra1::zv8n6-1730335454473-47e3c04717e8
_app-0c743676d0f35aad.js
app.heylo.co/_next/static/chunks/pages/ 		3 MB
747 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/chunks/pages/_app-0c743676d0f35aad.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
41bed845195c732111feb25e8e94aa4396b6ab6b7b218bb605abba648e49232c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"19ddb6bb2c7db11713ad30dea9bcfef3"
age
23222
x-matched-path
/_next/static/chunks/pages/_app-0c743676d0f35aad.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:14 GMT
content-disposition
inline; filename="_app-0c743676d0f35aad.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:12 GMT
x-vercel-id
fra1::cqnz2-1730335454473-219897c1d602
%5B%5B...slug%5D%5D-dc3e05e501dceeee.js
app.heylo.co/_next/static/chunks/pages/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/chunks/pages/%5B%5B...slug%5D%5D-dc3e05e501dceeee.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
866d2e68f6e2a253f6b493e3dd15746ad78dc944b5645470b82d5cd1155d9802
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"c79c1f8abd0a04cc664a3ddda8bf08b5"
age
23222
x-matched-path
/_next/static/chunks/pages/%5B%5B...slug%5D%5D-dc3e05e501dceeee.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:14 GMT
content-disposition
inline; filename="[[...slug]]-dc3e05e501dceeee.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:12 GMT
x-vercel-id
fra1::4n7p6-1730335454473-215d7108dd48
_buildManifest.js
app.heylo.co/_next/static/cm_X6W77zgLCyF9YzL44x/ 		1 KB
625 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/cm_X6W77zgLCyF9YzL44x/_buildManifest.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
0613caac54332368cb51f8d7222f86b0828156ae0d8a72b9e66aad7328c0702e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"a86c6e886a776637b0689be001225eb7"
age
23222
x-matched-path
/_next/static/cm_X6W77zgLCyF9YzL44x/_buildManifest.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:14 GMT
content-disposition
inline; filename="_buildManifest.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:12 GMT
x-vercel-id
fra1::9qkgn-1730335454473-aadbccc1673a
_ssgManifest.js
app.heylo.co/_next/static/cm_X6W77zgLCyF9YzL44x/ 		77 B
247 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/cm_X6W77zgLCyF9YzL44x/_ssgManifest.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
x-vercel-cache
HIT
etag
"b6652df95db52feb4daf4eca35380933"
age
23222
x-matched-path
/_next/static/cm_X6W77zgLCyF9YzL44x/_ssgManifest.js
accept-ranges
bytes
access-control-allow-origin
*
content-length
77
date
Thu, 31 Oct 2024 00:44:14 GMT
content-disposition
inline; filename="_ssgManifest.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:12 GMT
x-vercel-id
fra1::mspw6-1730335454473-a2ab3a614a7b
enterprise.js
www.google.com/recaptcha/ 		1 KB
1000 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/pages/_app-0c743676d0f35aad.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
34113d9450918613d7795ddbe770d1764ab631ebb84a23dd9a8811acbe2fa459
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Thu, 31 Oct 2024 00:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Thu, 31 Oct 2024 00:44:15 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
9081.65b19bdd8028e68f.js
app.heylo.co/_next/static/chunks/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/chunks/9081.65b19bdd8028e68f.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/webpack-462600422087eb5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
bbbadce6e9a16ab4968784c4ca9c6a4f1cb3d0920c8d26ec44af5a3ee956b9b9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"7483facd39a49ec40df02c27995cacb4"
age
23220
x-matched-path
/_next/static/chunks/9081.65b19bdd8028e68f.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:15 GMT
content-disposition
inline; filename="9081.65b19bdd8028e68f.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:14 GMT
x-vercel-id
fra1::69l8z-1730335455114-cd6d7ffb4517
initialize
featureassets.org/v1/ 		3 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://featureassets.org/v1/initialize?k=client-DmfD8NFrCwb2K8QtA1kn0QfVHC4reXa1U0c3gsYgneU&st=javascript-client-react&sv=3.0.0&t=1730335455116&sid=3fa967f6-3501-4d82-8644-e99f1fbf8613&se=1
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/pages/_app-0c743676d0f35aad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
b36ba602d3d65dd0c4c40ab34205a536451fb2ce0c4d43fc53c4fd652fe83b3b
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.heylo.co/

Response headers

content-security-policy
frame-ancestors *.statsig.com
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
via
1.1 google
x-statsig-region
gke-europe-west1
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
982
date
Thu, 31 Oct 2024 00:44:15 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
recaptcha__de.js
www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/ 		547 KB
217 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5abe2a12140edf2387d5be35225df3caa4f0f0a05d8f5614008c8cc90af4a156
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://app.heylo.co
Referer
https://app.heylo.co/

Response headers

content-encoding
gzip
age
7929
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Thu, 30 Oct 2025 22:32:06 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 30 Oct 2024 22:32:06 GMT
last-modified
Tue, 22 Oct 2024 00:01:33 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
222594
x-xss-protection
0
server
sffe
installations
firebaseinstallations.googleapis.com/v1/projects/piccup-82257/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/piccup-82257/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://app.heylo.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://app.heylo.co
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 31 Oct 2024 00:44:15 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/piccup-82257/ 		626 B
664 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/piccup-82257/installations
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/pages/_app-0c743676d0f35aad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d8c3fdb031b0ed37251a7d2a1ae884cb0d515b3abf5ecd2bac94782519b09e5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

x-firebase-client
eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjkuMTMgZmlyZS1jb3JlLWVzbTIwMTcvMC45LjEzIGZpcmUtanMvIGZpcmUtYXV0aC8wLjIzLjIgZmlyZS1hdXRoLWVzbTIwMTcvMC4yMy4yIGZpcmUtY29yZS1jb21wYXQvMC4yLjEzIGZpcmUtanMtYWxsLWFwcC1jb21wYXQvOS4yMy4wIGZpcmUtcnRkYi8wLjE0LjQgZmlyZS1ydGRiLWVzbTIwMTcvMC4xNC40IGZpcmUtZm4vMC4xMC4wIGZpcmUtZm4tZXNtMjAxNy8wLjEwLjAgZmlyZS1nY3MvMC4xMS4yIGZpcmUtZ2NzLWVzbTIwMTcvMC4xMS4yIGZpcmUtanMtYWxsLWFwcC85LjIzLjAgZmlyZS1hcHAtY2hlY2svMC44LjAgZmlyZS1hdXRoLWNvbXBhdC8wLjQuMiBmaXJlLXJ0ZGItY29tcGF0LzAuMy40IGZpcmUtZm4tY29tcGF0LzAuMy41IGZpcmUtZ2NzLWNvbXBhdC8wLjMuMiIsImRhdGVzIjpbIjIwMjQtMTAtMzEiXX1dfQ
x-goog-api-key
AIzaSyC8LKU83EyCRNv0iNUxf5vCAGW8CQOFVGM
Referer
https://app.heylo.co/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
application/json
content-type
application/json

Response headers

cache-control
private
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-origin
https://app.heylo.co
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
498
date
Thu, 31 Oct 2024 00:44:15 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
vary
Origin, X-Origin, Referer
server
ESF
x-frame-options
SAMEORIGIN
1951-d64c6d7cd6a4f9f2.js
app.heylo.co/_next/static/chunks/ 		2 MB
363 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/chunks/1951-d64c6d7cd6a4f9f2.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/webpack-462600422087eb5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
c69cca9ca520bf11c683aeed642eb0ce1598010a265444ef0347c831d1952cab
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"130091e44586194fac2a48ecce8ab44b"
age
23220
x-matched-path
/_next/static/chunks/1951-d64c6d7cd6a4f9f2.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:15 GMT
content-disposition
inline; filename="1951-d64c6d7cd6a4f9f2.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:14 GMT
x-vercel-id
fra1::bvx44-1730335455145-b877a6d1e5d8
4334-75eeec7a9f899a54.js
app.heylo.co/_next/static/chunks/ 		812 KB
231 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/chunks/4334-75eeec7a9f899a54.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/webpack-462600422087eb5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
f734f3fd12cac3781cecdfc8eeaaf804f2cf4450a6ec88221cec76ed2b61c871
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"28e6b4969728fd62f55eb6ed4f4e78a1"
age
23220
x-matched-path
/_next/static/chunks/4334-75eeec7a9f899a54.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:15 GMT
content-disposition
inline; filename="4334-75eeec7a9f899a54.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:14 GMT
x-vercel-id
fra1::69l8z-1730335455145-c160a62f566b
drip.wav
app.heylo.co/ 		345 KB
345 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/drip.wav
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/9081.65b19bdd8028e68f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
d34a3679063f25f4d075930a43daac7fc9a4aa82f759e9a3e8a11fcdf64d4a83
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

strict-transport-security
max-age=63072000
cache-control
public, max-age=0, must-revalidate
x-vercel-cache
HIT
etag
"ec5aa5ba3051aac901a9773c8f7cedb3"
age
23220
x-matched-path
/drip.wav
accept-ranges
bytes
access-control-allow-origin
*
content-length
352846
date
Thu, 31 Oct 2024 00:44:15 GMT
content-disposition
inline; filename="drip.wav"
content-type
audio/wave
server
Vercel
last-modified
Wed, 30 Oct 2024 18:17:14 GMT
x-vercel-id
fra1::4n7p6-1730335455177-ed84179246c3
anchor
www.google.com/recaptcha/enterprise/ Frame 474C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdJKyUqAAAAAJCb8d1VgFH3m_qGxm2O9BimloJ5&co=aHR0cHM6Ly9hcHAuaGV5bG8uY286NDQz&hl=de&v=-ZG7BC9TxCVEbzIO2m429usb&size=invisible&cb=2ld84jhosu1y
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-ZG7BC9TxCVEbzIO2m429usb/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-kQxwrmP85pXFZaoYyj8GXA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://app.heylo.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-kQxwrmP85pXFZaoYyj8GXA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Thu, 31 Oct 2024 00:44:15 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
v3
js.stripe.com/ 		674 KB
164 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/1951-d64c6d7cd6a4f9f2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
2bea4bfdb845e2fdee34cf138bd40e7a6eb727ce4d1da92e9e415fb9a24d6870
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

x-request-id
4a2292c3-56e7-4a87-a478-f2308f76688e
content-encoding
br
etag
"78aaea0b91bf05493002b40f2441bc59"
age
40
x-content-type-options
nosniff
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT
date
Thu, 31 Oct 2024 00:44:15 GMT
last-modified
Wed, 30 Oct 2024 20:37:41 GMT
content-type
text/javascript; charset=utf-8
x-served-by
cache-ams21078-AMS
x-cache-hits
2
vary
Accept-Encoding
strict-transport-security
max-age=31556926; includeSubDomains; preload
cache-control
max-age=60
timing-allow-origin
*
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
167161
server
Fastly
7080.0c851ec0d06facdc.js
app.heylo.co/_next/static/chunks/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/_next/static/chunks/7080.0c851ec0d06facdc.js
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/webpack-462600422087eb5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
7d100e17f382531a907af4b8b38e82a3568992288abd6458860041f43f30bc34
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/login

Response headers

strict-transport-security
max-age=63072000
cache-control
public,max-age=31536000,immutable
content-encoding
br
x-vercel-cache
HIT
etag
W/"c9175ad6e1d8b5ae2e8f98411887ee55"
age
8173
x-matched-path
/_next/static/chunks/7080.0c851ec0d06facdc.js
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:15 GMT
content-disposition
inline; filename="7080.0c851ec0d06facdc.js"
content-type
application/javascript; charset=utf-8
server
Vercel
last-modified
Wed, 30 Oct 2024 22:28:01 GMT
x-vercel-id
fra1::5d7dd-1730335455654-f59892319ff7
assets%2Fheylo-with-text.png
heylo-gs.b-cdn.net/v0/b/piccup-82257.appspot.com/o/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heylo-gs.b-cdn.net/v0/b/piccup-82257.appspot.com/o/assets%2Fheylo-with-text.png?alt=media&token=2c5004a8-353b-46f1-a53e-36a75a29f1b0&quality=85
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1081 /
Resource Hash
4138708967763be4fb9a1894a1cc2bada8cc5146f2737d5ab9d0ff7ba14d8cdd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/

Response headers

cdn-status
200
etag
"66fdd1e8-3262"
cdn-fileserver
893
date
Thu, 31 Oct 2024 00:44:15 GMT
cdn-storageserver
DE-633
content-type
image/webp
last-modified
Wed, 02 Oct 2024 23:06:16 GMT
cdn-cachedat
10/03/2024 20:10:48
cdn-cache
HIT
cdn-requestpullcode
200
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-uid
1d5b8a04-f93c-454b-b531-2a38f724a1a6
cdn-requestid
d6045d45e6e35e9f3ff4fdcf24cfd4ee
cdn-pullzone
1771887
cdn-proxyver
1.04
accept-ranges
bytes
content-length
12898
cdn-edgestorageid
1081
perma-cache
HIT
server
BunnyCDN-DE1-1081
cdn-requestcountrycode
DE
controller-with-preconnect-e3e7bc822c405d339de59a6bd9278e11.html
js.stripe.com/v3/ Frame 39E8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-with-preconnect-e3e7bc822c405d339de59a6bd9278e11.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.heylo.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
40
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=60, stale-while-revalidate=900
content-encoding
br
content-length
402
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Thu, 31 Oct 2024 00:44:16 GMT
etag
"e3e7bc822c405d339de59a6bd9278e11"
last-modified
Wed, 30 Oct 2024 20:03:28 GMT
origin-agent-cluster
?1
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
7
x-content-type-options
nosniff
x-request-id
2bee86e2-b5a9-41a4-9cbf-f7d8ba24de06
x-served-by
cache-ams2100113-AMS
rgstr
prodregistryv2.org/v1/ 		16 B
337 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prodregistryv2.org/v1/rgstr?k=client-DmfD8NFrCwb2K8QtA1kn0QfVHC4reXa1U0c3gsYgneU&st=javascript-client-react&sv=3.0.0&t=1730335456089&sid=3fa967f6-3501-4d82-8644-e99f1fbf8613&ec=4
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/pages/_app-0c743676d0f35aad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.128.128.0 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
0.128.128.34.bc.googleusercontent.com
Software
/
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.statsig.com
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://app.heylo.co/

Response headers

content-security-policy
frame-ancestors *.statsig.com
access-control-allow-credentials
true
x-content-type-options
nosniff, nosniff
referrer-policy
strict-origin-when-cross-origin
via
1.1 google
permissions-policy
interest-cohort=()
x-response-time
0 ms
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
date
Thu, 31 Oct 2024 00:44:15 GMT
content-type
application/json
x-frame-options
SAMEORIGIN
1:1067426857439:web:965d57cce23f1a2369c46a:exchangeRecaptchaEnterpriseToken
content-firebaseappcheck.googleapis.com/v1/projects/piccup-82257/apps/ 		114 B
138 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://content-firebaseappcheck.googleapis.com/v1/projects/piccup-82257/apps/1:1067426857439:web:965d57cce23f1a2369c46a:exchangeRecaptchaEnterpriseToken?key=AIzaSyC8LKU83EyCRNv0iNUxf5vCAGW8CQOFVGM
Requested by
Host: app.heylo.co
URL: https://app.heylo.co/_next/static/chunks/pages/_app-0c743676d0f35aad.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c1304f0b908cd30ef0ae464bcb56e91d1bb7e71384c5b67055a81b72d1a78af0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://app.heylo.co/

Response headers

cache-control
private
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
content-encoding
gzip
x-content-type-options
nosniff
access-control-allow-origin
https://app.heylo.co
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
114
date
Thu, 31 Oct 2024 00:44:16 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
vary
Origin, X-Origin, Referer
server
ESF
x-frame-options
SAMEORIGIN
1:1067426857439:web:965d57cce23f1a2369c46a:exchangeRecaptchaEnterpriseToken
content-firebaseappcheck.googleapis.com/v1/projects/piccup-82257/apps/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://content-firebaseappcheck.googleapis.com/v1/projects/piccup-82257/apps/1:1067426857439:web:965d57cce23f1a2369c46a:exchangeRecaptchaEnterpriseToken?key=AIzaSyC8LKU83EyCRNv0iNUxf5vCAGW8CQOFVGM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.heylo.co
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://app.heylo.co
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Thu, 31 Oct 2024 00:44:16 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
favicon.ico
app.heylo.co/ 		21 KB
21 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://app.heylo.co/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.76.21.61 Walnut, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
04669f53cfc98a11cc67de2afda84ae46b4037363632799ffdd4a977170ce3c7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://app.heylo.co/login

Response headers

strict-transport-security
max-age=63072000
cache-control
public, max-age=0, must-revalidate
content-encoding
br
x-vercel-cache
HIT
etag
W/"a8223ed447f783b150b2f474605639f0"
age
23288
x-matched-path
/favicon.ico
access-control-allow-origin
*
date
Thu, 31 Oct 2024 00:44:16 GMT
content-disposition
inline; filename="favicon.ico"
content-type
image/vnd.microsoft.icon
server
Vercel
last-modified
Wed, 30 Oct 2024 18:16:08 GMT
x-vercel-id
fra1::5894c-1730335456450-c084672ccb7b

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| webpackChunk_N_E function| __next_set_public_path__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E function| _ object| __STATSIG__ object| analyticsConnectorInstances function| __NEXT_PRELOADREADY object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST object| __SENTRY__ boolean| __reactResponderSystemActive object| recaptchaVerifier object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| HowlerGlobal object| Howler function| Howl function| Sound object| recaptcha object| closure_lm_142342 function| ExpoModulesCore_CodedError function| _makeShareableClone function| _scheduleOnJS function| _log object| regeneratorRuntime object| UpdatePropsManager object| ProgressTransitionRegister object| _frameCallbackRegistry object| webpackChunkStripeJSouter function| noop function| Stripe

4 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09ANOXeZzTnWBt4nNqUSD5dVJAn_qvR1FSnCkqOuTIKMwiCT__ykX6WTS_toBImVYU40VsVwGdzsqDCjUYjp9flTU
.heylo.co/ Name: AMP_bfddd43b35
Value: JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJmZGJhNzI0Yy1jOTVkLTQ1MzktYmM0Mi1hZmI4NjM4OGYwYTIlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzMwMzM1NDU1MDIxJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJwYWdlQ291bnRlciUyMiUzQTAlN0Q=
.heylo.co/ Name: AMP_ff804a0300
Value: JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjJmMzI1NTZkNC1mZDliLTQxZjEtYjIyNC0yZmFjM2MwZmQyZTMlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzMwMzM1NDU1MDIxJTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJwYWdlQ291bnRlciUyMiUzQTAlN0Q=
.heylo.co/ Name: mp_0591e996b9e76dcbf56778545433b13f_mixpanel
Value: %7B%22distinct_id%22%3A%20%22fz7qHsZUT6-QqnV54RP6Gk%22%2C%22%24device_id%22%3A%20%22192e007b721428-0c95f68c65493f-17462c6e-1d4c00-192e007b7221359%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22%24user_id%22%3A%20%22fz7qHsZUT6-QqnV54RP6Gk%22%2C%22locale%22%3A%20%22de-DE%22%7D

1 Console Messages

Source Level URL
Text
network error URL: https://content-firebaseappcheck.googleapis.com/v1/projects/piccup-82257/apps/1:1067426857439:web:965d57cce23f1a2369c46a:exchangeRecaptchaEnterpriseToken?key=AIzaSyC8LKU83EyCRNv0iNUxf5vCAGW8CQOFVGM
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.heylo.co
content-firebaseappcheck.googleapis.com
featureassets.org
firebaseinstallations.googleapis.com
heylo-gs.b-cdn.net
js.stripe.com
prodregistryv2.org
www.google.com
www.gstatic.com
151.101.0.176
151.101.64.176
2400:52e0:1e00::1081:1
2a00:1450:4001:809::2003
2a00:1450:4001:830::200a
2a00:1450:4001:831::2004
34.128.128.0
76.76.21.61
04669f53cfc98a11cc67de2afda84ae46b4037363632799ffdd4a977170ce3c7
0613caac54332368cb51f8d7222f86b0828156ae0d8a72b9e66aad7328c0702e
2bea4bfdb845e2fdee34cf138bd40e7a6eb727ce4d1da92e9e415fb9a24d6870
34113d9450918613d7795ddbe770d1764ab631ebb84a23dd9a8811acbe2fa459
4138708967763be4fb9a1894a1cc2bada8cc5146f2737d5ab9d0ff7ba14d8cdd
41bed845195c732111feb25e8e94aa4396b6ab6b7b218bb605abba648e49232c
5abe2a12140edf2387d5be35225df3caa4f0f0a05d8f5614008c8cc90af4a156
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
70432b1b576f5e626d1ebdb90020cef5c673c20937852105c3903704e87b34f6
7d100e17f382531a907af4b8b38e82a3568992288abd6458860041f43f30bc34
866d2e68f6e2a253f6b493e3dd15746ad78dc944b5645470b82d5cd1155d9802
9c8c301a6f257252b07f4aa72547d502997a44cfe056397d3efb85d73ba383dd
b36ba602d3d65dd0c4c40ab34205a536451fb2ce0c4d43fc53c4fd652fe83b3b
b3f5cfaaffb65ebc43135022f92ebb0aefec87ea3ce0dc13212359bbf22e8b77
b452157ebe03dd90d587eb54483fbcc59daf66624981c0ff5ddbac3bb602b6b1
b8840bea14477a73e42fa5f3bcbbb5e270f44424263de440af5db7cfb8a0fdeb
bbbadce6e9a16ab4968784c4ca9c6a4f1cb3d0920c8d26ec44af5a3ee956b9b9
c1304f0b908cd30ef0ae464bcb56e91d1bb7e71384c5b67055a81b72d1a78af0
c69cca9ca520bf11c683aeed642eb0ce1598010a265444ef0347c831d1952cab
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
d34a3679063f25f4d075930a43daac7fc9a4aa82f759e9a3e8a11fcdf64d4a83
d8c3fdb031b0ed37251a7d2a1ae884cb0d515b3abf5ecd2bac94782519b09e5d
f734f3fd12cac3781cecdfc8eeaaf804f2cf4450a6ec88221cec76ed2b61c871