Submitted URL: https://m7yfl.com/
Effective URL: https://holding.xilo.net/?utm_source=m7yfl.com
Submission: On September 21 via api from US — Scanned from GB

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 91.199.78.231, located in United Kingdom and belongs to A4N Network Services, GB. The main domain is holding.xilo.net.
TLS certificate: Issued by E6 on July 29th 2024. Valid for: 3 months.
This is the only time holding.xilo.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 91.199.78.231 44574 (A4N Netwo...)
9 2400:52e0:1e0... 60068 (CDN77 _)
2 2001:67c:1954... 44574 (A4N Netwo...)
3 2001:67c:1954... 44574 (A4N Netwo...)
15 4
Apex Domain
Subdomains
Transfer
15 xilo.net
holding.xilo.net
cdn.xilo.net
stat.xilo.net
stats.xilo.net
211 KB
1 m7yfl.com
m7yfl.com
2 KB
15 2
Domain Requested by
9 cdn.xilo.net holding.xilo.net
cdn.xilo.net
3 stats.xilo.net holding.xilo.net
stats.xilo.net
2 stat.xilo.net holding.xilo.net
stat.xilo.net
1 holding.xilo.net
1 m7yfl.com 1 redirects
15 5

This site contains links to these domains. Also see Links.

Domain
www.xilo.net
my.xilo.net
Subject Issuer Validity Valid
holding.xilo.net
E6
2024-07-29 -
2024-10-27
3 months crt.sh
cdn.xilo.net
R10
2024-09-10 -
2024-12-09
3 months crt.sh
stat.coconut.net
R11
2024-08-28 -
2024-11-26
3 months crt.sh
stats.coconut.net
R11
2024-09-15 -
2024-12-14
3 months crt.sh

This page contains 1 frames:

Primary Page: https://holding.xilo.net/?utm_source=m7yfl.com
Frame ID: 0B0AD1104446767DCF3673B46065734D
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

Holding Page - m7yfl.com

Page URL History Show full URLs

  1. https://m7yfl.com/ HTTP 302
    http://holding.xilo.net/?utm_source=m7yfl.com HTTP 307
    https://holding.xilo.net/?utm_source=m7yfl.com Page URL

Page Statistics

15
Requests

100 %
HTTPS

75 %
IPv6

2
Domains

5
Subdomains

4
IPs

2
Countries

211 kB
Transfer

1037 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://m7yfl.com/ HTTP 302
    http://holding.xilo.net/?utm_source=m7yfl.com HTTP 307
    https://holding.xilo.net/?utm_source=m7yfl.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
holding.xilo.net/
Redirect Chain
  • https://m7yfl.com/
  • http://holding.xilo.net/?utm_source=m7yfl.com
  • https://holding.xilo.net/?utm_source=m7yfl.com
6 KB
4 KB
Document
General
Full URL
https://holding.xilo.net/?utm_source=m7yfl.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.199.78.231 , United Kingdom, ASN44574 (A4N Network Services, GB),
Reverse DNS
vip-holding.xilo.net
Software
Webserver /
Resource Hash
2cf93ba47bd0dc105c5f06772a3fb8a233c3df8b848c80c16f6fda0bbb059e76
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Security-Policy default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
cache-control
max-age=0, no-cache
content-encoding
br br
content-security-policy
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp; report-to="default"
cross-origin-opener-policy
same-origin-allow-popups; report-to="default"
cross-origin-resource-policy
same-site
date
Sat, 21 Sep 2024 13:57:20 GMT
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
expires
Sat, 28 Sep 2024 13:57:20 GMT
last-modified
Sat, 21 Sep 2024 13:57:20 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
server
Webserver
vary
Accept-Encoding
x-cache-status
BYPASS
x-content-security-policy
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-page-speed
PS
x-via
lb01
x-webkit-csp
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-xss-protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://holding.xilo.net/?utm_source=m7yfl.com
Non-Authoritative-Reason
HSTS
main.m.css
cdn.xilo.net/xv3/css/
721 KB
66 KB
Stylesheet
General
Full URL
https://cdn.xilo.net/xv3/css/main.m.css
Requested by
Host: holding.xilo.net
URL: https://holding.xilo.net/?utm_source=m7yfl.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
d9ce768aa664a37d9260238ef610744499edaf5fae535d46b462bb76f7b53080
Security Headers
Name Value
Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://holding.xilo.net/

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding
br
etag
"b432b-6686fc42-bb9bf0ed890143fa;br"
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
x-content-type-options
nosniff
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
last-modified
Thu, 04 Jul 2024 19:47:14 GMT
content-type
text/css
cdn-cachedat
07/12/2024 10:23:25
cdn-cache
REVALIDATED
x-cache-status
HIT
cache-control
public, max-age=604800
cdn-requestpullsuccess
True
x-content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-webkit-csp
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-pullzone
2187119
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-xss-protection
1; mode=block
cdn-edgestorageid
1082
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
x-via
lb01
expires
Fri, 19 Jul 2024 10:23:25 GMT
date
Sat, 21 Sep 2024 13:57:20 GMT
vary
Accept-Encoding
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cdn-requestpullcode
200
content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-uid
6a0146eb-90ee-413f-be02-7886425fafb0
cdn-requestid
efe999af2330ed7fe114e51091bdff81
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
access-control-allow-origin
*
animate.m.css
cdn.xilo.net/xv3/css/
60 KB
5 KB
Stylesheet
General
Full URL
https://cdn.xilo.net/xv3/css/animate.m.css
Requested by
Host: holding.xilo.net
URL: https://holding.xilo.net/?utm_source=m7yfl.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
dd7be5b992b65b8884504d5211753f70da61f3b5ac4ce4ce928623f70d1db032
Security Headers
Name Value
Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://holding.xilo.net/

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding
br
etag
"ef5a-6686fc42-49d85db837b97da3;br"
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
x-content-type-options
nosniff
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
last-modified
Thu, 04 Jul 2024 19:47:14 GMT
content-type
text/css
cdn-cachedat
07/12/2024 10:23:25
cdn-cache
REVALIDATED
x-cache-status
HIT
cache-control
public, max-age=604800
cdn-requestpullsuccess
True
x-content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-webkit-csp
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-pullzone
2187119
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-xss-protection
1; mode=block
cdn-edgestorageid
1079
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
x-via
lb01
expires
Fri, 19 Jul 2024 10:23:25 GMT
date
Sat, 21 Sep 2024 13:57:20 GMT
vary
Accept-Encoding
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cdn-requestpullcode
200
content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-uid
6a0146eb-90ee-413f-be02-7886425fafb0
cdn-requestid
d53fe9db671f7eefc62fb492d78a6059
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
access-control-allow-origin
*
slick.m.css
cdn.xilo.net/xv3/css/
1 KB
2 KB
Stylesheet
General
Full URL
https://cdn.xilo.net/xv3/css/slick.m.css
Requested by
Host: holding.xilo.net
URL: https://holding.xilo.net/?utm_source=m7yfl.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
3a13842a583e6e6a0fc3032fb9ca288322effc1a96dc1dfbec4698bd67b49c39
Security Headers
Name Value
Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://holding.xilo.net/

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-encoding
br
etag
"531-6686fc42-d670c93b16c94fd8;br"
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
x-content-type-options
nosniff
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
last-modified
Thu, 04 Jul 2024 19:47:14 GMT
content-type
text/css
cdn-cachedat
07/23/2024 22:45:17
cdn-cache
REVALIDATED
x-cache-status
STALE
cache-control
public, max-age=604800
cdn-requestpullsuccess
True
x-content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-webkit-csp
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-pullzone
2187119
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-xss-protection
1; mode=block
cdn-edgestorageid
1081
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
x-via
lb01
expires
Tue, 30 Jul 2024 22:45:17 GMT
date
Sat, 21 Sep 2024 13:57:20 GMT
vary
Accept-Encoding
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cdn-requestpullcode
200
content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-uid
6a0146eb-90ee-413f-be02-7886425fafb0
cdn-requestid
b7ee521084f832e70db3396b524998ab
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
access-control-allow-origin
*
fitty.min.js
cdn.xilo.net/xv3/js/
4 KB
3 KB
Script
General
Full URL
https://cdn.xilo.net/xv3/js/fitty.min.js
Requested by
Host: holding.xilo.net
URL: https://holding.xilo.net/?utm_source=m7yfl.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
f5be15b599336b8f56857ca53fdbc4af7dfba2378d31fc920c028f8a95716b5d
Security Headers
Name Value
Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://holding.xilo.net/

Response headers

cdn-status
200
content-encoding
br
etag
"f0e-6686fc44-59324cbe68b667e7;br"
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
x-content-type-options
nosniff
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
last-modified
Thu, 04 Jul 2024 19:47:16 GMT
content-type
application/x-javascript
cdn-cachedat
08/10/2024 09:22:54
cdn-cache
HIT
x-cache-status
HIT
cache-control
public, max-age=604800
cdn-requestpullsuccess
True
x-content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-webkit-csp
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-pullzone
2187119
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-xss-protection
1; mode=block
cdn-edgestorageid
1082
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
x-via
lb01
expires
Sat, 17 Aug 2024 09:22:54 GMT
date
Sat, 21 Sep 2024 13:57:20 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cdn-requestpullcode
200
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-uid
6a0146eb-90ee-413f-be02-7886425fafb0
cdn-requestid
36aa67453e3af9c8a523c784d7d5e8be
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
access-control-allow-origin
*
script.js
stat.xilo.net/js/
1 KB
1 KB
Script
General
Full URL
https://stat.xilo.net/js/script.js
Requested by
Host: holding.xilo.net
URL: https://holding.xilo.net/?utm_source=m7yfl.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:1954::141 , United Kingdom, ASN44574 (A4N Network Services, GB),
Reverse DNS
Software
nginx /
Resource Hash
965387ce9489d0167cf33444ab52d064bb3fab35e94b12082ff5eb00a34c070c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://holding.xilo.net/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
public, max-age=86400, must-revalidate
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cross-origin-embedder-policy
require-corp
access-control-allow-origin
*
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
date
Sat, 21 Sep 2024 13:57:20 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
x-frame-options
SAMEORIGIN
xilo-logo.svg
cdn.xilo.net/xv3/images/
5 KB
3 KB
Image
General
Full URL
https://cdn.xilo.net/xv3/images/xilo-logo.svg
Requested by
Host: cdn.xilo.net
URL: https://cdn.xilo.net/xv3/css/main.m.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
076f188d6707d832f4f2a9b974cd000c9ca480d4b32b361823e883fe2fa605be
Security Headers
Name Value
Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cdn.xilo.net/xv3/css/main.m.css

Response headers

cdn-status
200
content-encoding
br
etag
W/"144f-6686fc44-8d6212975ff791c4;;;"
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
x-content-type-options
nosniff
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
last-modified
Thu, 04 Jul 2024 19:47:16 GMT
content-type
image/svg+xml
cdn-cachedat
07/25/2024 06:30:40
cdn-cache
HIT
x-cache-status
HIT
cache-control
public, max-age=604800
cdn-requestpullsuccess
True
x-content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-webkit-csp
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-pullzone
2187119
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-xss-protection
1; mode=block
cdn-edgestorageid
1079
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
x-via
lb01
expires
Thu, 01 Aug 2024 06:30:40 GMT
date
Sat, 21 Sep 2024 13:57:21 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cdn-requestpullcode
200
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-uid
6a0146eb-90ee-413f-be02-7886425fafb0
cdn-requestid
80028790963a413cf3bc5973144e384c
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
access-control-allow-origin
*
BrandonText-Regular.woff2
cdn.xilo.net/xv3/fonts/
24 KB
25 KB
Font
General
Full URL
https://cdn.xilo.net/xv3/fonts/BrandonText-Regular.woff2
Requested by
Host: cdn.xilo.net
URL: https://cdn.xilo.net/xv3/css/main.m.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
4dfb99872b53d5095e167e40092c1fa40fa263986c7cd6d9823de699863be86e
Security Headers
Name Value
Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://holding.xilo.net
Referer
https://cdn.xilo.net/xv3/css/main.m.css

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
etag
"5f8c-6686fc41-8ceb606baf854b16;;;"
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
x-content-type-options
nosniff
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
content-type
font/woff2
last-modified
Thu, 04 Jul 2024 19:47:13 GMT
cdn-cachedat
07/12/2024 10:23:29
cdn-cache
REVALIDATED
x-cache-status
HIT
cache-control
public, max-age=604800
cdn-requestpullsuccess
True
x-content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-webkit-csp
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-pullzone
2187119
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
accept-ranges
bytes
content-length
24460
x-xss-protection
1; mode=block
cdn-edgestorageid
1082
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
x-via
lb01
expires
Fri, 19 Jul 2024 10:23:29 GMT
date
Sat, 21 Sep 2024 13:57:21 GMT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cdn-requestpullcode
200
content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-uid
6a0146eb-90ee-413f-be02-7886425fafb0
cdn-requestid
e78f147af46021e8d8670ddc732276fc
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
access-control-allow-origin
*
BrandonText-Black.woff2
cdn.xilo.net/xv3/fonts/
24 KB
26 KB
Font
General
Full URL
https://cdn.xilo.net/xv3/fonts/BrandonText-Black.woff2
Requested by
Host: cdn.xilo.net
URL: https://cdn.xilo.net/xv3/css/main.m.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
d9107df6b6a2af8e68c66f8f304ddb3037ed68a0f955df86224359ab05708540
Security Headers
Name Value
Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://holding.xilo.net
Referer
https://cdn.xilo.net/xv3/css/main.m.css

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
etag
"610c-6686fc41-30432db6505df333;;;"
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
x-content-type-options
nosniff
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
content-type
font/woff2
last-modified
Thu, 04 Jul 2024 19:47:13 GMT
cdn-cachedat
07/24/2024 11:10:08
cdn-cache
HIT
x-cache-status
HIT
cache-control
public, max-age=604800
cdn-requestpullsuccess
True
x-content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-webkit-csp
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-pullzone
2187119
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
accept-ranges
bytes
content-length
24844
x-xss-protection
1; mode=block
cdn-edgestorageid
1082
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
x-via
lb01
expires
Wed, 31 Jul 2024 11:10:08 GMT
date
Sat, 21 Sep 2024 13:57:21 GMT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cdn-requestpullcode
200
content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-uid
6a0146eb-90ee-413f-be02-7886425fafb0
cdn-requestid
eb7f818218f75e855c8fed973a92c483
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
access-control-allow-origin
*
BrandonText-Medium.woff2
cdn.xilo.net/xv3/fonts/
25 KB
26 KB
Font
General
Full URL
https://cdn.xilo.net/xv3/fonts/BrandonText-Medium.woff2
Requested by
Host: cdn.xilo.net
URL: https://cdn.xilo.net/xv3/css/main.m.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
f06b8111929406c5f4e774baa7422f19bc22ee90790975b785898a08012ed0b0
Security Headers
Name Value
Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://holding.xilo.net
Referer
https://cdn.xilo.net/xv3/css/main.m.css

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
etag
"6334-6686fc42-4932ffaa723aec8a;;;"
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
x-content-type-options
nosniff
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
content-type
font/woff2
last-modified
Thu, 04 Jul 2024 19:47:14 GMT
cdn-cachedat
07/12/2024 10:23:29
cdn-cache
REVALIDATED
x-cache-status
HIT
cache-control
public, max-age=604800
cdn-requestpullsuccess
True
x-content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-webkit-csp
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-pullzone
2187119
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
accept-ranges
bytes
content-length
25396
x-xss-protection
1; mode=block
cdn-edgestorageid
1080
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
x-via
lb01
expires
Fri, 19 Jul 2024 10:23:29 GMT
date
Sat, 21 Sep 2024 13:57:21 GMT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cdn-requestpullcode
200
content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-uid
6a0146eb-90ee-413f-be02-7886425fafb0
cdn-requestid
6fc2e4ffb3731ddce8ad232ba23d0d58
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
access-control-allow-origin
*
m.js
stats.xilo.net/
132 KB
41 KB
Script
General
Full URL
https://stats.xilo.net/m.js
Requested by
Host: holding.xilo.net
URL: https://holding.xilo.net/?utm_source=m7yfl.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:1954::140 , United Kingdom, ASN44574 (A4N Network Services, GB),
Reverse DNS
Software
nginx /
Resource Hash
4307a4ce5eeb2076337a79a41033a0b277ee28accd3553e074103c8fdee1299c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://holding.xilo.net/

Response headers

content-encoding
gzip
etag
W/"664ec129-210fa"
x-content-type-options
nosniff
expires
Mon, 21 Oct 2024 13:57:21 GMT
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
date
Sat, 21 Sep 2024 13:57:21 GMT
content-type
application/javascript
last-modified
Thu, 23 May 2024 04:08:09 GMT
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
max-age=2592000
cross-origin-resource-policy
cross-origin
referrer-policy
strict-origin-when-cross-origin
cross-origin-embedder-policy
require-corp
server
nginx
event
stat.xilo.net/api/
2 B
220 B
XHR
General
Full URL
https://stat.xilo.net/api/event
Requested by
Host: stat.xilo.net
URL: https://stat.xilo.net/js/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:1954::141 , United Kingdom, ASN44574 (A4N Network Services, GB),
Reverse DNS
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://holding.xilo.net/

Response headers

x-request-id
F_dG_oeX2jjlZEAAJyUC
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
*
content-length
2
date
Sat, 21 Sep 2024 13:57:21 GMT
content-type
text/plain; charset=utf-8
server
nginx
m.php
stats.xilo.net/
0
375 B
Ping
General
Full URL
https://stats.xilo.net/m.php?send_image=0&action_name=Holding%20Page%20-%20m7yfl.com&idsite=glojqojDke&rec=1&r=268573&h=14&m=57&s=21&url=https%3A%2F%2Fholding.xilo.net%2F%3Futm_source%3Dm7yfl.com&_id=2a80bceff3f830ee&_idn=1&&_rcn=m7yfl.com&_refts=1726927041&pv_id=JFsCpW&pf_net=78&pf_srv=312&pf_tfr=4&pf_dm1=350&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200
Requested by
Host: stats.xilo.net
URL: https://stats.xilo.net/m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:1954::140 , United Kingdom, ASN44574 (A4N Network Services, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8
Referer
https://holding.xilo.net/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
none
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cross-origin-embedder-policy
require-corp
access-control-allow-origin
https://holding.xilo.net
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
date
Sat, 21 Sep 2024 13:57:21 GMT
vary
Origin
server
nginx
x-frame-options
SAMEORIGIN
configs.php
stats.xilo.net/plugins/HSR/
125 B
463 B
Script
General
Full URL
https://stats.xilo.net/plugins/HSR/configs.php?idsite=glojqojDke&trackerid=8C3Qik&url=https%3A%2F%2Fholding.xilo.net%2F%3Futm_source%3Dm7yfl.com
Requested by
Host: stats.xilo.net
URL: https://stats.xilo.net/m.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:1954::140 , United Kingdom, ASN44574 (A4N Network Services, GB),
Reverse DNS
Software
nginx /
Resource Hash
4c090245c46fdb5d0151f060f9e6ef00f41ffe95756cc13ff2770f9d653a8236
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://holding.xilo.net/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cross-origin-embedder-policy
require-corp
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
date
Sat, 21 Sep 2024 13:57:21 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx
x-frame-options
SAMEORIGIN
favicon.ico
cdn.xilo.net/xv3/favicons/
34 KB
8 KB
Other
General
Full URL
https://cdn.xilo.net/xv3/favicons/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
BunnyCDN-DE1-1082 /
Resource Hash
ffb803ec706bf385a889431b8b0e309c4316bf204d83657ba69c0d06eb355cd8
Security Headers
Name Value
Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Security-Policy default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://holding.xilo.net/

Response headers

cdn-status
200
content-encoding
br
etag
W/"86be-6686fc44-273a167d286a8720;;;"
expect-ct
max-age=0, report-uri="https://xcdn.report-uri.com/r/d/ct/reportOnly"
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://xcdn.report-uri.com/a/d/g"}],"include_subdomains":true}
x-content-type-options
nosniff
alternate-protocol
443:npn-spdy/3,443:npn-spdy/2
last-modified
Thu, 04 Jul 2024 19:47:16 GMT
content-type
image/x-icon
cdn-cachedat
08/05/2024 03:19:36
cdn-cache
HIT
x-cache-status
HIT
cache-control
public, max-age=604800
cdn-requestpullsuccess
True
x-content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
x-webkit-csp
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-pullzone
2187119
referrer-policy
strict-origin-when-cross-origin
cdn-proxyver
1.04
x-xss-protection
1; mode=block
cdn-edgestorageid
1079
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
x-via
lb01
expires
Mon, 12 Aug 2024 03:19:36 GMT
date
Sat, 21 Sep 2024 13:57:21 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cdn-requestpullcode
200
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-security-policy
default-src *; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
cdn-uid
6a0146eb-90ee-413f-be02-7886425fafb0
cdn-requestid
12d58c5ee6b510b7a5bfd91d86eb6380
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=(), interest-cohort=()
access-control-allow-origin
*

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| fitty object| _paq function| plausible object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log

5 Cookies

Domain/Path Name / Value
holding.xilo.net/ Name: c__tracker
Value: %7B%220%22%3A%22index%22%2C%22token%22%3A%220e43738bd02e0db20604afa57ccdf6d752cef984b097a30cf4ed9c9a727425aaf08a1bed520b73dfd83db7c3ab4637a0%22%7D
holding.xilo.net/ Name: c__csrf_token
Value: b3550e6b6aef174e4cd1175333b2a12ff71ccf14
holding.xilo.net/ Name: _pk_ref.glojqojDke.f8c4
Value: %5B%22m7yfl.com%22%2C%22%22%2C1726927041%2C%22%22%5D
holding.xilo.net/ Name: _pk_id.glojqojDke.f8c4
Value: 2a80bceff3f830ee.1726927041.
holding.xilo.net/ Name: _pk_ses.glojqojDke.f8c4
Value: 1

1 Console Messages

Source Level URL
Text
security error URL: https://holding.xilo.net/?utm_source=m7yfl.com
Message:
Unrecognized Content-Security-Policy directive 'prefetch-src'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Security-Policy default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://xcdn.report-uri.com/r/d/csp/enforce
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block