urlscan.io logo urlscan.io
SecurityTrails logo

auth.fitch.group Open in urlscan Pro
2600:9000:2250:c200:18:3431:cb00:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://app.fitchconnect.com/
Effective URL: https://auth.fitch.group/login?appCode=fitchConnect
Submission: On November 28 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 2600:9000:2250:c200:18:3431:cb00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is auth.fitch.group. The Cisco Umbrella rank of the primary domain is 555225.
TLS certificate: Issued by Amazon RSA 2048 M02 on July 17th 2023. Valid for: a year.
This is the only time auth.fitch.group was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.66.112.31 16509 (AMAZON-02)
1 3 2600:9000:225... 16509 (AMAZON-02)
6 2600:9000:264... 16509 (AMAZON-02)
4 2600:9000:211... 16509 (AMAZON-02)
3 2603:1020:203... 8075 (MICROSOFT...)
15 5
1    18.66.112.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-31.fra56.r.cloudfront.net
app.fitchconnect.com
3    2600:9000:2250:c200:18:3431:cb00:93a1 (United States)

ASN16509 (AMAZON-02, US)
auth.fitch.group
6    2600:9000:2646:6600:f:925c:e180:93a1 (United States)

ASN16509 (AMAZON-02, US)
assets.fitchconnect.com
4    2600:9000:211e:9000:5:75bb:30c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
infra.fitch.group
3    2603:1020:203:3::489 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
purple.fitchconnect.com
Apex Domain
Subdomains		 Transfer
10 fitchconnect.com
app.fitchconnect.com — Cisco Umbrella Rank: 417422
assets.fitchconnect.com — Cisco Umbrella Rank: 595667
purple.fitchconnect.com — Cisco Umbrella Rank: 485148
639 KB
7 fitch.group
auth.fitch.group — Cisco Umbrella Rank: 555225
infra.fitch.group — Cisco Umbrella Rank: 257310
87 KB
0 Failed
function sub() { [native code] }. Failed
15 3
Domain Requested by
6 assets.fitchconnect.com auth.fitch.group
assets.fitchconnect.com
4 infra.fitch.group assets.fitchconnect.com
auth.fitch.group
infra.fitch.group
3 purple.fitchconnect.com auth.fitch.group
purple.fitchconnect.com
3 auth.fitch.group 1 redirects auth.fitch.group
1 app.fitchconnect.com 1 redirects
0 truncated Failed infra.fitch.group
15 6

This site contains links to these domains. Also see Links.

Domain
www.fitchsolutions.com
Subject Issuer Validity Valid
fitch.group
Amazon RSA 2048 M02		 2023-07-17 -
2024-08-14		 a year crt.sh
assets.fitchconnect.com
Amazon RSA 2048 M01		 2023-05-10 -
2024-06-07		 a year crt.sh
*.fitch.group
Amazon RSA 2048 M02		 2023-03-13 -
2024-04-10		 a year crt.sh
purple.fitchconnect.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-12-14 -
2024-01-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://auth.fitch.group/login?appCode=fitchConnect
Frame ID: E5F559D9803CC1C25BE2119F506B6D98
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. http://app.fitchconnect.com/ HTTP 307
    https://app.fitchconnect.com/ HTTP 302
    https://auth.fitch.group/oauth/authorize?response_type=code&client_id=3f9bt62s8oabarnbr97djh069l&atte... HTTP 303
    http://auth.fitch.group/login?appCode=fitchConnect HTTP 307
    https://auth.fitch.group/login?appCode=fitchConnect Page URL

Page Statistics

15
Requests

100 %
HTTPS

80 %
IPv6

3
Domains

6
Subdomains

5
IPs

2
Countries

724 kB
Transfer

3046 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://app.fitchconnect.com/ HTTP 307
    https://app.fitchconnect.com/ HTTP 302
    https://auth.fitch.group/oauth/authorize?response_type=code&client_id=3f9bt62s8oabarnbr97djh069l&attemptedUrl=%2F&redirect_uri=https%3A%2F%2Fapp.fitchconnect.com%2Fauthentication%2Foauth&state=aHR0cDovL2FwcC5maXRjaGNvbm5lY3QuY29tLw%3D%3D&organizationId=&messageCode=sessionExpired&messageContent=Your%20session%20has%20ended%2C%20please%20log%20in%20again.&messageType=error HTTP 303
    http://auth.fitch.group/login?appCode=fitchConnect HTTP 307
    https://auth.fitch.group/login?appCode=fitchConnect Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
auth.fitch.group/
Redirect Chain
  • http://app.fitchconnect.com/
  • https://app.fitchconnect.com/
  • https://auth.fitch.group/oauth/authorize?response_type=code&client_id=3f9bt62s8oabarnbr97djh069l&attemptedUrl=%2F&redirect_uri=https%3A%2F%2Fapp.fitchconnect.com%2Fauthentication%2Foauth&state=aHR0...
  • http://auth.fitch.group/login?appCode=fitchConnect
  • https://auth.fitch.group/login?appCode=fitchConnect
7 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.fitch.group/login?appCode=fitchConnect
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:c200:18:3431:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
f9973663b3a25b8c19215106f78b3f4ff2c908b560fd4a6f8b8c4e3b2da147f1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.sjpf.io *.fpjs.io *.fitchconnect-dev.com *.fitchconnect-qa.com *.fitchconnect-stg.com *.fitchconnect.com *.fitch.group 'self' 'nonce-37ad88d7-461c-471a-bf33-3c705b1356c6' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; script-src-elem 'self' 'nonce-37ad88d7-461c-471a-bf33-3c705b1356c6' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; style-src 'self' https://*.fitch.group *.piwik.pro; font-src 'self' https://fonts.gstatic.com *.piwik.pro; img-src 'self' *.piwik.pro https://purple.fitchconnect.com *.fitchsolutions.com *.fitchconnect-stg.com *.fitchconnect.com https://*.fitch.group data:; frame-src 'self' https://www.google.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-language
de-DE
content-security-policy
default-src 'self' *.sjpf.io *.fpjs.io *.fitchconnect-dev.com *.fitchconnect-qa.com *.fitchconnect-stg.com *.fitchconnect.com *.fitch.group 'self' 'nonce-37ad88d7-461c-471a-bf33-3c705b1356c6' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; script-src-elem 'self' 'nonce-37ad88d7-461c-471a-bf33-3c705b1356c6' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; style-src 'self' https://*.fitch.group *.piwik.pro; font-src 'self' https://fonts.gstatic.com *.piwik.pro; img-src 'self' *.piwik.pro https://purple.fitchconnect.com *.fitchsolutions.com *.fitchconnect-stg.com *.fitchconnect.com https://*.fitch.group data:; frame-src 'self' https://www.google.com
content-type
text/html;charset=UTF-8
date
Tue, 28 Nov 2023 10:31:01 GMT
expires
0
pragma
no-cache
via
1.1 3072267d18c4d0ed9e535752800364e0.cloudfront.net (CloudFront)
x-amz-cf-id
5MgTx-hSptw884a9eiQ8r_bXxytxOK2tufGOylUOOF8gzHoMVdB6Xg==
x-amz-cf-pop
FRA60-P2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://auth.fitch.group/login?appCode=fitchConnect
Non-Authoritative-Reason
HSTS
system.min.js
assets.fitchconnect.com/npm/systemjs@6.7.1/dist/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.fitchconnect.com/npm/systemjs@6.7.1/dist/system.min.js
Requested by
Host: auth.fitch.group
URL: https://auth.fitch.group/login?appCode=fitchConnect
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:6600:f:925c:e180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
87723ec247c65e976701ec4ed0747bd1871b548e8a0a3341562eefeaaf7a3426

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.fitch.group/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 16 Sep 2023 07:36:33 GMT
content-encoding
gzip
via
1.1 dc57cbf9d7336ae929f762b5ada2ed98.cloudfront.net (CloudFront)
x-amz-version-id
1qoqsO2m.s5XeuO34pNzDo_mGvht8_xU
last-modified
Tue, 18 Jul 2023 21:34:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P5
age
6317669
etag
W/"1afd22cf18c43d0dbc84db3c1da1231f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
cache-control
public, max-age=8640000
x-amz-cf-id
z8Cn_jwZEQkqFygzhHP8ZiQ84R19zlBMigS27d2kaqWiGYz2H1Hg0w==
app.css
auth.fitch.group/resources/css/ 		866 B
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.fitch.group/resources/css/app.css
Requested by
Host: auth.fitch.group
URL: https://auth.fitch.group/login?appCode=fitchConnect
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:c200:18:3431:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
3d467da02a73f8ddc973d467fea1421f5dff104a13b22d57f1923c7e56b1583f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.sjpf.io *.fpjs.io *.fitchconnect-dev.com *.fitchconnect-qa.com *.fitchconnect-stg.com *.fitchconnect.com *.fitch.group 'self' 'nonce-d3ceff15-038f-466b-9d60-429a46e3bb04' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; script-src-elem 'self' 'nonce-d3ceff15-038f-466b-9d60-429a46e3bb04' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; style-src 'self' https://*.fitch.group *.piwik.pro; font-src 'self' https://fonts.gstatic.com *.piwik.pro; img-src 'self' *.piwik.pro https://purple.fitchconnect.com *.fitchsolutions.com *.fitchconnect-stg.com *.fitchconnect.com https://*.fitch.group data:; frame-src 'self' https://www.google.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.fitch.group/login?appCode=fitchConnect
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 10:31:01 GMT
content-security-policy
default-src 'self' *.sjpf.io *.fpjs.io *.fitchconnect-dev.com *.fitchconnect-qa.com *.fitchconnect-stg.com *.fitchconnect.com *.fitch.group 'self' 'nonce-d3ceff15-038f-466b-9d60-429a46e3bb04' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; script-src-elem 'self' 'nonce-d3ceff15-038f-466b-9d60-429a46e3bb04' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; style-src 'self' https://*.fitch.group *.piwik.pro; font-src 'self' https://fonts.gstatic.com *.piwik.pro; img-src 'self' *.piwik.pro https://purple.fitchconnect.com *.fitchsolutions.com *.fitchconnect-stg.com *.fitchconnect.com https://*.fitch.group data:; frame-src 'self' https://www.google.com
x-content-type-options
nosniff
via
1.1 3072267d18c4d0ed9e535752800364e0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
x-cache
Miss from cloudfront
content-length
866
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Mon, 13 Nov 2023 19:50:01 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, max-age=0, must-revalidate
accept-ranges
bytes
x-amz-cf-id
0hdSogBKPfmtvrv5BbaZn75OnSR7TewXjdYkJjHZI5W2aHlZSec6IA==
expires
0
infra.importmap
infra.fitch.group/ 		1 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://infra.fitch.group/infra.importmap
Requested by
Host: assets.fitchconnect.com
URL: https://assets.fitchconnect.com/npm/systemjs@6.7.1/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:9000:5:75bb:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2b61c7ee9a41970685a03e71dfd69f14dce04ee39d6d7f46dffb2cf76a4042d5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchsolutions.com *.fitchgroup.co; child-src 'self' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.thefitchgroup.com *.fitchgroup.co; font-src 'self' data: *.sustainablefitch.com *.fitchratings.com *.fitch.group fonts.gstatic.com *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; frame-ancestors 'self' *.sustainablefitch.com *.fitchratings.com *.fitch.group *.thefitchgroup.com *.fitchgroup.co; frame-src 'self' *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com; img-src 'self' data: images.ctfassets.net *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co www.google-analytics.com stats.g.doubleclick.net l.betrad.com metrics.brightcove.com cf-images.us-east-1.prod.boltdns.net httpsak-a.akamaihd.net l.evidon.com cdnjs.cloudflare.com; media-src 'self' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.funnelenvy.com *.brightcove.com videos.ctfassets.net *.brightcove.net *.idio.co *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com manifest.prod.boltdns.net *.akamaihd.net videos.ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.polyfill.io *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co tagmanager.google.com players.brightcove.net munchkin.marketo.net assets.map.brightcove.com static.hotjar.com js.idio.co script.hotjar.com s.idio.co api.idio.co cdn2.funnelenvy.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com vjs.zencdn.net c.evidon.com; style-src 'self' 'unsafe-inline' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group fonts.googleapis.com cdnjs.cloudflare.com; upgrade-insecure-requests; object-src 'none'; worker-src 'self' blob:
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.fitch.group/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 10:31:03 GMT
via
1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self' https: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchsolutions.com *.fitchgroup.co; child-src 'self' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.thefitchgroup.com *.fitchgroup.co; font-src 'self' data: *.sustainablefitch.com *.fitchratings.com *.fitch.group fonts.gstatic.com *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; frame-ancestors 'self' *.sustainablefitch.com *.fitchratings.com *.fitch.group *.thefitchgroup.com *.fitchgroup.co; frame-src 'self' *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com; img-src 'self' data: images.ctfassets.net *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co www.google-analytics.com stats.g.doubleclick.net l.betrad.com metrics.brightcove.com cf-images.us-east-1.prod.boltdns.net httpsak-a.akamaihd.net l.evidon.com cdnjs.cloudflare.com; media-src 'self' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.funnelenvy.com *.brightcove.com videos.ctfassets.net *.brightcove.net *.idio.co *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com manifest.prod.boltdns.net *.akamaihd.net videos.ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.polyfill.io *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co tagmanager.google.com players.brightcove.net munchkin.marketo.net assets.map.brightcove.com static.hotjar.com js.idio.co script.hotjar.com s.idio.co api.idio.co cdn2.funnelenvy.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com vjs.zencdn.net c.evidon.com; style-src 'self' 'unsafe-inline' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group fonts.googleapis.com cdnjs.cloudflare.com; upgrade-insecure-requests; object-src 'none'; worker-src 'self' blob:
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-amz-cf-pop
FRA56-C2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
content-length
1055
x-xss-protection
1; mode=block
last-modified
Fri, 17 Nov 2023 21:46:42 GMT
server
AmazonS3
etag
"8b78da9af5631b97f85685b5a2a1a82a"
access-control-max-age
30
access-control-allow-methods
GET, HEAD
content-type
application/importmap+json
access-control-allow-origin
https://auth.fitch.group
cache-control
public, must-revalidate, max-age=10;
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-frame-options
DENY
x-amz-cf-id
iqasfzOYjNVNpGNVpI9jQEkdKCWuBHJcoiEtxjw_j3K_tbawee24fQ==
5e1ac330-7840-40fe-9f33-088d1a350319.js
purple.fitchconnect.com/containers/ 		215 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://purple.fitchconnect.com/containers/5e1ac330-7840-40fe-9f33-088d1a350319.js
Requested by
Host: auth.fitch.group
URL: https://auth.fitch.group/login?appCode=fitchConnect
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2603:1020:203:3::489 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ec0cbebed298647dcda07bb787361e0db46b495afc2f5d498ba19edecc023f51
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.fitch.group/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 10:31:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
referrer-policy
origin
etag
W/"447db4d5aa28b88-5fec603756fa685b"
vary
Accept-Encoding, Accept-Encoding, Cookie
x-frame-options
sameorigin
content-type
application/javascript; charset=utf-8
cache-control
public, must-revalidate
x-robots-tag
none
fitchconnect.importmap
assets.fitchconnect.com/ 		4 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://assets.fitchconnect.com/fitchconnect.importmap
Requested by
Host: assets.fitchconnect.com
URL: https://assets.fitchconnect.com/npm/systemjs@6.7.1/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:6600:f:925c:e180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dd615d1256f6e0b84f46979282c0c7cb7dd57ae5f6d3508d169ba1cb3ed863b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.fitch.group/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 10:31:02 GMT
x-amz-version-id
b98ZgvV5064o.SBnoYPBMAS.wAMwWmz1
via
1.1 765a91ad9951d0108fc1de53e348bac4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
x-cache
Miss from cloudfront
content-length
4092
last-modified
Thu, 16 Nov 2023 23:18:00 GMT
server
AmazonS3
etag
"f98c2ab35a76f75ce63bb5007a70d2f8"
access-control-max-age
3600
access-control-allow-methods
HEAD, GET, PUT, POST, DELETE
content-type
application/importmap+json
access-control-allow-origin
https://auth.fitch.group
cache-control
public, must-revalidate, max-age=10;
access-control-allow-credentials
true
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
5LObDt2JsAp2oGTbIenpwmC35tZIDS5JMYrWwHtFGNI3a8h24sg7iQ==
ppms.js
purple.fitchconnect.com/ 		81 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://purple.fitchconnect.com/ppms.js
Requested by
Host: auth.fitch.group
URL: https://auth.fitch.group/login?appCode=fitchConnect
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2603:1020:203:3::489 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aedad022078cb437a32070ff433707c7a239b77d3c05a6591c8cb9cc9a9fc515
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.fitch.group/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 10:31:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
last-modified
Wed, 04 Oct 2023 12:04:58 GMT
referrer-policy
origin
etag
W/"651d54ea-14404"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
cache-control
max-age=21600
expires
Tue, 28 Nov 2023 16:31:02 GMT
ppms.php
purple.fitchconnect.com/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://purple.fitchconnect.com/ppms.php
Requested by
Host: purple.fitchconnect.com
URL: https://purple.fitchconnect.com/ppms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2603:1020:203:3::489 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://auth.fitch.group/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers
fg-design-system.min.css
infra.fitch.group/apps/design-system/6.3.0/ 		423 KB
60 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://infra.fitch.group/apps/design-system/6.3.0/fg-design-system.min.css
Requested by
Host: auth.fitch.group
URL: https://auth.fitch.group/login?appCode=fitchConnect
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:9000:5:75bb:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
626fc34874ce3d8c60c47e0467e4d9dd07368ba97ba40ae02dd2b3845e2d67c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.fitch.group/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 10:31:02 GMT
content-encoding
gzip
via
1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
last-modified
Fri, 17 Nov 2023 21:46:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
age
40
x-amz-server-side-encryption
AES256
etag
W/"e9200453a6c0b2e8557d052737f922c0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=8640000
x-amz-cf-id
DOAWwVp3u5w4yDK_fGezBrGXt0MztCUTegXYvGEnBTXIAj2RZ9NuLA==
Generic-theme.css
infra.fitch.group/apps/design-system/6.3.0/theming/ 		49 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://infra.fitch.group/apps/design-system/6.3.0/theming/Generic-theme.css
Requested by
Host: auth.fitch.group
URL: https://auth.fitch.group/login?appCode=fitchConnect
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:9000:5:75bb:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
458936c76dab0f7c1e354d6d64851b5540991d86bf63b95c440525172708d063

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.fitch.group/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 10:31:02 GMT
content-encoding
gzip
via
1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
last-modified
Fri, 17 Nov 2023 21:46:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
age
40
x-amz-server-side-encryption
AES256
etag
W/"7968fded754cac18f83e732bac1a8363"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=8640000
x-amz-cf-id
vhfWhNEEVzJK5F35_END3bbNOrnOJAA1y40TdfoTqs2dLEq-fMshiA==
react.production.min.js
assets.fitchconnect.com/npm/react@17.0.2/umd/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.fitchconnect.com/npm/react@17.0.2/umd/react.production.min.js
Requested by
Host: assets.fitchconnect.com
URL: https://assets.fitchconnect.com/npm/systemjs@6.7.1/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:6600:f:925c:e180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
229bbf4d0e7488209564152c6723497f1ac3934136ca1684233d2fa88fa4146f

Request headers

Referer
https://auth.fitch.group/
Origin
https://auth.fitch.group
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 16 Sep 2023 07:36:34 GMT
x-amz-version-id
hyn5NqEMt9l7gK.CEIWS6rZPJq5oDWQw
content-encoding
gzip
via
1.1 765a91ad9951d0108fc1de53e348bac4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
age
6317668
x-cache
Hit from cloudfront
last-modified
Tue, 18 Jul 2023 21:34:24 GMT
server
AmazonS3
etag
W/"61699b70cf57abe63fdf5f4007d36ec1"
access-control-max-age
3600
access-control-allow-methods
HEAD, GET, PUT, POST, DELETE
content-type
application/x-javascript
access-control-allow-origin
https://auth.fitch.group
cache-control
public, max-age=8640000
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
97HlXL_zxkZ5MMd0Tw65M_pLAs5P3hVpnW_dYRVLGGzArMTDH5_xKQ==
react-dom.production.min.js
assets.fitchconnect.com/npm/react-dom@17.0.2/umd/ 		118 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.fitchconnect.com/npm/react-dom@17.0.2/umd/react-dom.production.min.js
Requested by
Host: assets.fitchconnect.com
URL: https://assets.fitchconnect.com/npm/systemjs@6.7.1/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:6600:f:925c:e180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9db33292007ab6c38527b39d5663e976a305564e19b2a5a8713ea2b2c00f505d

Request headers

Referer
https://auth.fitch.group/
Origin
https://auth.fitch.group
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Mon, 25 Sep 2023 06:54:40 GMT
x-amz-version-id
kp2xqgNphYv6U9VV1oJi6v5axPlCLGIH
content-encoding
gzip
via
1.1 765a91ad9951d0108fc1de53e348bac4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
age
5542583
x-cache
Hit from cloudfront
last-modified
Tue, 18 Jul 2023 21:34:23 GMT
server
AmazonS3
etag
W/"23bfe7e99565ee8f34afd63c06f4c24b"
access-control-max-age
3600
access-control-allow-methods
HEAD, GET, PUT, POST, DELETE
content-type
application/x-javascript
access-control-allow-origin
https://auth.fitch.group
cache-control
public, max-age=8640000
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
DI91NsHhMPriF84h0l_5tmTy5U1wDtLlQdEmeVSoaQxqH9XMLp7gvw==
single-spa.min.js
assets.fitchconnect.com/npm/single-spa@5.9.1/lib/system/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.fitchconnect.com/npm/single-spa@5.9.1/lib/system/single-spa.min.js
Requested by
Host: assets.fitchconnect.com
URL: https://assets.fitchconnect.com/npm/systemjs@6.7.1/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:6600:f:925c:e180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
da9e25c10f45eb8c7faf62cfc043ea3acdb51af402adb558c57116a3b5d1370a

Request headers

Referer
https://auth.fitch.group/
Origin
https://auth.fitch.group
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 04:17:14 GMT
x-amz-version-id
VJ_sRzo506sM9v.wfBCzAIkmfY1os2eR
content-encoding
gzip
via
1.1 765a91ad9951d0108fc1de53e348bac4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
age
4688029
x-cache
Hit from cloudfront
last-modified
Tue, 18 Jul 2023 21:34:24 GMT
server
AmazonS3
etag
W/"bed6e792bc950a1aa405be6204a38b70"
access-control-max-age
3600
access-control-allow-methods
HEAD, GET, PUT, POST, DELETE
content-type
application/x-javascript
access-control-allow-origin
https://auth.fitch.group
cache-control
public, max-age=8640000
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
9q_shJ1agQgouABYgXtR2P5zxMvUGtrBJvckCoutN6DDIAJMDS46eg==
fitch-login.js
assets.fitchconnect.com/fitch-login/release-000500/1/ 		2 MB
499 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.fitchconnect.com/fitch-login/release-000500/1/fitch-login.js
Requested by
Host: assets.fitchconnect.com
URL: https://assets.fitchconnect.com/npm/systemjs@6.7.1/dist/system.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2646:6600:f:925c:e180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9c68ad917d55f4ff462bccc62e44b95ffd8b1bab26cc235446db41cbbef5cdf0

Request headers

Referer
https://auth.fitch.group/
Origin
https://auth.fitch.group
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 22:55:12 GMT
x-amz-version-id
YXQbsVPd6dC9Un_yFSJukoqmMsT9CaoO
content-encoding
gzip
via
1.1 765a91ad9951d0108fc1de53e348bac4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
age
1769751
x-cache
Hit from cloudfront
last-modified
Tue, 07 Nov 2023 22:54:59 GMT
server
AmazonS3
etag
W/"8a92cce4bbf597a540a2adac9d481231"
access-control-max-age
3600
access-control-allow-methods
HEAD, GET, PUT, POST, DELETE
content-type
application/x-javascript
access-control-allow-origin
https://auth.fitch.group
cache-control
public, max-age=8640000
access-control-allow-credentials
true
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
MQexH4DYTEEE1Wq_9MdczU14d7Q6-SPj1oTCOMIGWnpWdZ4oug6eOw==
truncated
/ 		0
0
cfaa07be5a6e0ef0dda4.svg
infra.fitch.group/apps/design-system/6.3.0/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://infra.fitch.group/apps/design-system/6.3.0/cfaa07be5a6e0ef0dda4.svg
Requested by
Host: infra.fitch.group
URL: https://infra.fitch.group/apps/design-system/6.3.0/fg-design-system.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:9000:5:75bb:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f3a0a56ba6f3d6a26a5799e08b188d92de02cf2a45897cc11010bca526cd0a0f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchsolutions.com *.fitchgroup.co; child-src 'self' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.thefitchgroup.com *.fitchgroup.co; font-src 'self' data: *.sustainablefitch.com *.fitchratings.com *.fitch.group fonts.gstatic.com *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; frame-ancestors 'self' *.sustainablefitch.com *.fitchratings.com *.fitch.group *.thefitchgroup.com *.fitchgroup.co; frame-src 'self' *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com; img-src 'self' data: images.ctfassets.net *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co www.google-analytics.com stats.g.doubleclick.net l.betrad.com metrics.brightcove.com cf-images.us-east-1.prod.boltdns.net httpsak-a.akamaihd.net l.evidon.com cdnjs.cloudflare.com; media-src 'self' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.funnelenvy.com *.brightcove.com videos.ctfassets.net *.brightcove.net *.idio.co *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com manifest.prod.boltdns.net *.akamaihd.net videos.ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.polyfill.io *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co tagmanager.google.com players.brightcove.net munchkin.marketo.net assets.map.brightcove.com static.hotjar.com js.idio.co script.hotjar.com s.idio.co api.idio.co cdn2.funnelenvy.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com vjs.zencdn.net c.evidon.com; style-src 'self' 'unsafe-inline' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group fonts.googleapis.com cdnjs.cloudflare.com; upgrade-insecure-requests; object-src 'none'; worker-src 'self' blob:
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://infra.fitch.group/apps/design-system/6.3.0/fg-design-system.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 10:31:02 GMT
content-encoding
gzip
via
1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
content-security-policy
default-src 'self' https: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchsolutions.com *.fitchgroup.co; child-src 'self' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.thefitchgroup.com *.fitchgroup.co; font-src 'self' data: *.sustainablefitch.com *.fitchratings.com *.fitch.group fonts.gstatic.com *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; frame-ancestors 'self' *.sustainablefitch.com *.fitchratings.com *.fitch.group *.thefitchgroup.com *.fitchgroup.co; frame-src 'self' *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com; img-src 'self' data: images.ctfassets.net *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co www.google-analytics.com stats.g.doubleclick.net l.betrad.com metrics.brightcove.com cf-images.us-east-1.prod.boltdns.net httpsak-a.akamaihd.net l.evidon.com cdnjs.cloudflare.com; media-src 'self' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group *.funnelenvy.com *.brightcove.com videos.ctfassets.net *.brightcove.net *.idio.co *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com manifest.prod.boltdns.net *.akamaihd.net videos.ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.polyfill.io *.sustainablefitch.com *.fitchratings.com *.fitch.group *.fitchgroup.co tagmanager.google.com players.brightcove.net munchkin.marketo.net assets.map.brightcove.com static.hotjar.com js.idio.co script.hotjar.com s.idio.co api.idio.co cdn2.funnelenvy.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com vjs.zencdn.net c.evidon.com; style-src 'self' 'unsafe-inline' blob: *.sustainablefitch.com *.fitchratings.com *.fitch.group fonts.googleapis.com cdnjs.cloudflare.com; upgrade-insecure-requests; object-src 'none'; worker-src 'self' blob:
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
age
17
x-amz-cf-pop
FRA56-C2
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 17 Nov 2023 21:46:40 GMT
server
AmazonS3
etag
W/"5efc64b0bd60e5710d440f28cbe0f094"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=8640000
x-amz-cf-id
BzWRUTh-RL6c5CzSWCwuhB-uPXfYjv6zNZW8OFk9PnwF0lGwIQIqCQ==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
truncated
URL
data:truncated

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| System object| dataLayer object| ppms object| sevenTag object| wgxpath object| _paq object| Piwik object| AnalyticsTracker function| piwik_log object| React function| singleSpaNavigate object| ReactDOM object| webpackChunklogin function| _

7 Cookies

Domain/Path Name / Value
auth.fitch.group/ Name: XSRF-TOKEN
Value: 22d80dd8-18da-496e-8ee7-7d451110c086
auth.fitch.group/ Name: SESSION
Value: MzdlODcxNDMtNzE3NS00MmY2LTk3MDYtYTE3NWQwZWQxZGU3
auth.fitch.group/ Name: stg_traffic_source_priority
Value: 1
auth.fitch.group/ Name: _pk_id.5e1ac330-7840-40fe-9f33-088d1a350319.9b82
Value: 98fab132000f8340.1701167462.1.1701167462.1701167462.
auth.fitch.group/ Name: _pk_ses.5e1ac330-7840-40fe-9f33-088d1a350319.9b82
Value: *
auth.fitch.group/ Name: stg_last_interaction
Value: Tue%2C%2028%20Nov%202023%2010:31:02%20GMT
auth.fitch.group/ Name: stg_returning_visitor
Value: Tue%2C%2028%20Nov%202023%2010:31:02%20GMT

1 Console Messages

Source Level URL
Text
security error URL: https://auth.fitch.group/login?appCode=fitchConnect
Message:
Refused to load the font 'data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAABWoAAsAAAAAJ9AAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAAmYAAAR2ZcBn9U9TLzIAAANwAAAAQQAAAFZWUVMIY21hcAAAA7QAAAIcAAAFnIMq5ipnbHlmAAAF0AAAC80AABVszjC1ZWhlYWQAABGgAAAANAAAADZ2zsSBaGhlYQAAEdQAAAAeAAAAJAfSBDFobXR4AAAR9AAAABcAAAE0xzj/+2xvY2EAABIMAAAAdQAAAJwYJx3EbWF4cAAAEoQAAAAfAAAAIAFjAKpuYW1lAAASpAAAATUAAAJG5xgJvXBvc3QAABPcAAAByQAAAqgIzxhUeJx9lEtyElEUhv+mm0gCJilFjRhjovEVXzF2uhuaRx4QEDJwYFkOnMSyyrKKcsQ6XIAryNAVuAAHrsAFOHDo2PK7h0ZMBuEWze3z+M9//3Mu8iT...EOs8qQI6xxlGMcZ50TnOQUpznDWc5xngtc5BKXucJVrnGdG9zkFre5w10y7nGfB2zwkEc85glPecZzXvCSV7zmDW95x3s+8JFPfOYLX/nGd37wk1/8ZpM/rYEoCqcKEbQ1HeGcnfq28LIjhZGqTOVYuDCUYyW3t+wsmwOVr+8L2uQqKFdpI4Ja25cbs9e5Im1pXVbrSFw3kqYyvi+tCU7IoPJE2nonlc5635Z+ksaTbSS58jJVsxigO7+zjZ6a1SLOypfVjsp8Kfy4HVFnpMs4Ph1p50NSOF2nhbNNncSGkJRqFDqlNjFHt7Qi16boVWKmK72rkkqZphdzL5hRs5AYa9TA2JCJsrRTlad1dFHtWpu01hMberVTE20bP3TRzGZbTQjWZHY0Wj0omNTpYhwSLyaq76tol+V2avbgv1iDBZy39RY4pg5xTWvBKXVwr8tzydbK9BqzeA+CAocioLEYpngkJWO22WIW/0ZORUPNDhNG7LZafwFegLa2AAAA' because it violates the following Content Security Policy directive: "font-src 'self' https://fonts.gstatic.com *.piwik.pro".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.sjpf.io *.fpjs.io *.fitchconnect-dev.com *.fitchconnect-qa.com *.fitchconnect-stg.com *.fitchconnect.com *.fitch.group 'self' 'nonce-37ad88d7-461c-471a-bf33-3c705b1356c6' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; script-src-elem 'self' 'nonce-37ad88d7-461c-471a-bf33-3c705b1356c6' https://www.google.com/recaptcha/api.js https://www.gstatic.com https://visitors.fitchconnect.com/sdk.js https://unpkg.com/browse/whatwg-fetch@3.6.2/dist/fetch.umd.js https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs-pro@3/dist/fp.min.js https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js https://cdn.jsdelivr.net/npm/single-spa@5.9.0/lib/system/single-spa.min.js https://cdn.jsdelivr.net/npm/react@16.12.0/umd/react.production.min.js https://cdn.jsdelivr.net/npm/react-dom@16.12.0/umd/react-dom.production.min.js https://*.fitchconnect-dev.com https://*.fitchconnect-qa.com https://*.fitchconnect-stg.com http://*.fitchconnect.com https://*.fitch.group *.piwik.pro; style-src 'self' https://*.fitch.group *.piwik.pro; font-src 'self' https://fonts.gstatic.com *.piwik.pro; img-src 'self' *.piwik.pro https://purple.fitchconnect.com *.fitchsolutions.com *.fitchconnect-stg.com *.fitchconnect.com https://*.fitch.group data:; frame-src 'self' https://www.google.com
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block