staging.payment.heropay.co Open in urlscan Pro
2600:9000:225e:3a00:12:658b:4240:93a1  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response staging.payment.heropay.co/	1 KB 933 B	2123ms 154ms	Document text/html	2600:9000:225e:3a00:12:658b:4240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.payment.heropay.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:3a00:12:658b:4240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 516d3dd99c70db6aeced1172c1cd03dbc4610726a716b3bcde486f1e5e44c9d3 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=0,no-cache content-encoding gzip content-type text/html date Wed, 06 Sep 2023 13:15:17 GMT etag W/"ecf07351eb351940c72da64a88cba578" last-modified Wed, 06 Sep 2023 10:04:08 GMT server AmazonS3 vary Accept-Encoding via 1.1 307395f1eb3989f15e6f525475291c86.cloudfront.net (CloudFront) x-amz-cf-id 8pyxqqeSKMZdfmhyPQD1crwMLrsiSgiMo7ylF1l9o-iso7SV3veOww== x-amz-cf-pop FRA60-P4 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront
GET H2	200	css2 fonts.googleapis.com/	6 KB 1 KB	41ms 17ms	Stylesheet text/css	2a00:1450:4001:80e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter&family=Montserrat:wght@800;900&display=swap Requested by Host: staging.payment.heropay.co URL: https://staging.payment.heropay.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 44d186690a4ab63f4516fda1cf7782cab4bc4b517c3da1f7a55ac18a3abd0483 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://staging.payment.heropay.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Wed, 06 Sep 2023 13:15:16 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Wed, 06 Sep 2023 13:15:16 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 06 Sep 2023 13:15:16 GMT
GET H2	200	main.00497248.js Show response staging.payment.heropay.co/static/js/	1 MB 332 KB	122ms 121ms	Script text/javascript	2600:9000:225e:3a00:12:658b:4240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.payment.heropay.co/static/js/main.00497248.js Requested by Host: staging.payment.heropay.co URL: https://staging.payment.heropay.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:3a00:12:658b:4240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 64f08108c531e158ed982aedc4a15756f7846120da2ab0339eccf20679e8599f Request headers accept-language de-DE,de;q=0.9 Referer https://staging.payment.heropay.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Wed, 06 Sep 2023 13:15:17 GMT content-encoding gzip via 1.1 307395f1eb3989f15e6f525475291c86.cloudfront.net (CloudFront) last-modified Wed, 06 Sep 2023 10:04:08 GMT server AmazonS3 x-amz-cf-pop FRA60-P4 etag W/"536cce346a8c2984c61219ef3e8310f9" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type text/javascript cache-control max-age=0,no-cache x-amz-cf-id VYxj2z17T0i6pj0xLsfsTsgZAFWJKZ4abRCsFr2HcUBdKPZL3Ybx8w==
GET H2	200	main.ca728830.css staging.payment.heropay.co/static/css/	7 KB 2 KB	125ms 125ms	Stylesheet text/css	2600:9000:225e:3a00:12:658b:4240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://staging.payment.heropay.co/static/css/main.ca728830.css Requested by Host: staging.payment.heropay.co URL: https://staging.payment.heropay.co/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:225e:3a00:12:658b:4240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash bd82711b37b2a904fb46c3f7ebe3729e109b3f90ea4b5cb9286e69044dadc07c Request headers accept-language de-DE,de;q=0.9 Referer https://staging.payment.heropay.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Wed, 06 Sep 2023 13:15:17 GMT content-encoding gzip via 1.1 307395f1eb3989f15e6f525475291c86.cloudfront.net (CloudFront) last-modified Wed, 06 Sep 2023 10:04:08 GMT server AmazonS3 x-amz-cf-pop FRA60-P4 etag W/"32488d67cb233893f35271d901a7b095" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type text/css cache-control max-age=0,no-cache x-amz-cf-id HFs70MLFbA1DTF3_FKRTvqEfCBL7JcUn-xd-I_6A00rVtDbQBUPH0g==
GET H2	200	v3 Show response js.stripe.com/	524 KB 130 KB	77ms 20ms	Script text/javascript	13.227.219.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3 Requested by Host: staging.payment.heropay.co URL: https://staging.payment.heropay.co/static/js/main.00497248.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.227.219.27 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-219-27.ams54.r.cloudfront.net Software Cloudfront / Resource Hash 1f781e185bdcf46867fed4cdb4f4c72f8a2ede1b06ffeb68dceb0f0272fce618 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://staging.payment.heropay.co/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Wed, 06 Sep 2023 13:14:48 GMT via 1.1 80826ca6c4fd6005aeacf5a03c8d42e8.cloudfront.net (CloudFront) x-amz-cf-pop AMS54-C1 age 30 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 05 Sep 2023 21:12:46 GMT server Cloudfront etag W/"31b9dc91ed8adfd290800b06e9222e30" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=60 timing-allow-origin * x-amz-cf-id JEhucZx0-aTzdi0BnH61CquCzII5KaPWExxXL8Gcc7iNuObuDwaCSw==
GET H2	200	controller-cde881e7ca60ae9e9e1edd0dee08eab6.html Show response js.stripe.com/v3/ Frame F464	325 B 1 KB	22ms 22ms	Document text/html	13.227.219.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/controller-cde881e7ca60ae9e9e1edd0dee08eab6.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.227.219.27 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-219-27.ams54.r.cloudfront.net Software Cloudfront / Resource Hash a471d4d8a57f097ae34bc60cfd56f2bc91768b0def3b0015add0f079d232133c Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://staging.payment.heropay.co/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 21 alt-svc h3=":443"; ma=86400 cache-control max-age=60 content-length 325 content-security-policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Wed, 06 Sep 2023 13:15:01 GMT etag "cde881e7ca60ae9e9e1edd0dee08eab6" last-modified Tue, 05 Sep 2023 20:40:42 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 80826ca6c4fd6005aeacf5a03c8d42e8.cloudfront.net (CloudFront) x-amz-cf-id KSQwbASdrtW8tt94AMpRB426nentAAzEGwnzHx_kmDtq8nxCYpuQvQ== x-amz-cf-pop AMS54-C1 x-cache Hit from cloudfront x-content-type-options nosniff
GET H3	200	shared-626d8f96f6f06c6c27458fdd6f0ace85.js Show response js.stripe.com/v3/fingerprinted/js/ Frame F464	458 KB 102 KB	16ms 16ms	Script text/javascript	13.227.219.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/shared-626d8f96f6f06c6c27458fdd6f0ace85.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/controller-cde881e7ca60ae9e9e1edd0dee08eab6.html Protocol H3 Security QUIC, , AES_128_GCM Server 13.227.219.27 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-219-27.ams54.r.cloudfront.net Software Cloudfront / Resource Hash f13fd9c9273b6e63dbc0b89edc31c5d9e178c5327a61064ab73053ac4dfbea18 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/controller-cde881e7ca60ae9e9e1edd0dee08eab6.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Wed, 06 Sep 2023 12:42:15 GMT via 1.1 b911c551065b8f78ad33b4c4564141be.cloudfront.net (CloudFront) age 1987 x-amz-cf-pop AMS54-C1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 05 Sep 2023 20:40:56 GMT server Cloudfront etag W/"28c7bc14129d312fb65922b84ba6b06f" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * x-amz-cf-id n3eoTlQSuvOUd0lvh4Va396OPftmf5wN9M5XpGZEfNebAOSRQGYL-Q==
GET H3	200	controller-f1b5efb5a4c50d1fb99741a13e5107ba.js Show response js.stripe.com/v3/fingerprinted/js/ Frame F464	574 KB 138 KB	19ms 18ms	Script text/javascript	13.227.219.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/controller-f1b5efb5a4c50d1fb99741a13e5107ba.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/controller-cde881e7ca60ae9e9e1edd0dee08eab6.html Protocol H3 Security QUIC, , AES_128_GCM Server 13.227.219.27 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-219-27.ams54.r.cloudfront.net Software Cloudfront / Resource Hash 4e4b536d5e82e2fdec2d92e4202ea3d9e5049b9ad917c4fdddd84c4779e0708f Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/controller-cde881e7ca60ae9e9e1edd0dee08eab6.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff date Wed, 06 Sep 2023 12:42:15 GMT via 1.1 b911c551065b8f78ad33b4c4564141be.cloudfront.net (CloudFront) age 1986 x-amz-cf-pop AMS54-C1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 last-modified Tue, 05 Sep 2023 20:40:54 GMT server Cloudfront etag W/"b96d0d862c9d20847d8c24079ffae261" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 timing-allow-origin * x-amz-cf-id Zhs3mJWo_0RqVIQHNPnbcbhRh8N9JPbWi08CVYjASOADRKHZt_LsAg==
POST H2	200	csp-report q.stripe.com/ Frame F464	0 717 B	544ms 176ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: staging.payment.heropay.co URL: https://staging.payment.heropay.co/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Content-Type application/csp-report Response headers date Wed, 06 Sep 2023 13:15:17 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1694006117775882 x-envoy-upstream-service-time 1 content-length 0 x-stripe-bg-intended-route-color blue pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS x-stripe-server-envoy-upstream-service-time-ms 1 access-control-allow-origin https://js.stripe.com x-stripe-client-envoy-start-time-us 1694006117775546 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-expose-headers Server, Range, Content-Type x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
GET H3	200	.deploy_status_henson.json Show response js.stripe.com/v3/ Frame F464	474 B 774 B	41ms 21ms	Fetch application/json	13.227.219.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/.deploy_status_henson.json Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/shared-626d8f96f6f06c6c27458fdd6f0ace85.js Protocol H3 Security QUIC, , AES_128_GCM Server 13.227.219.27 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-219-27.ams54.r.cloudfront.net Software Cloudfront / Resource Hash e7cbad90ebd08f4c2b40fce0ce38b3b087e05a464940fc59fe91c14fb1a7df8a Request headers Accept application/json Referer https://js.stripe.com/v3/controller-cde881e7ca60ae9e9e1edd0dee08eab6.html accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Wed, 06 Sep 2023 13:14:49 GMT via 1.1 630336d6cdf08cf266841fd503dc03d0.cloudfront.net (CloudFront) age 29 x-amz-cf-pop AMS54-C1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 content-length 474 last-modified Tue, 05 Sep 2023 21:12:47 GMT server Cloudfront etag "10e10c84d11d60183d2c81f51dd60ca8" vary Accept-Encoding content-type application/json access-control-allow-origin * cache-control max-age=60 accept-ranges bytes x-amz-cf-id ov9TvGM_zvRMVhedpXko8ndM8LNaW6gp8VauThzK85CIQ1kq_Kf2Bw==
GET H3	200	m-outer-93afeeb17bc37e711759584dbfc50d47.html Show response js.stripe.com/v3/ Frame 70A1	200 B 1 KB	16ms 16ms	Document text/html	13.227.219.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3 Protocol H3 Security QUIC, , AES_128_GCM Server 13.227.219.27 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-219-27.ams54.r.cloudfront.net Software Cloudfront / Resource Hash f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://staging.payment.heropay.co/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 451 alt-svc h3=":443"; ma=86400 cache-control max-age=31536000 content-length 200 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Wed, 06 Sep 2023 13:07:51 GMT etag "93afeeb17bc37e711759584dbfc50d47" last-modified Fri, 11 Aug 2023 20:01:24 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 b911c551065b8f78ad33b4c4564141be.cloudfront.net (CloudFront) x-amz-cf-id 3xTcU3j1ZolQRNFK8gAJ7BRUJoJL07kyTmM5nKYLh1J7_YEYllTEVg== x-amz-cf-pop AMS54-C1 x-cache Hit from cloudfront x-content-type-options nosniff
GET H3	200	m-outer-8cb24ab2d649fd36a488d04d8c457933.js Show response js.stripe.com/v3/fingerprinted/js/ Frame 70A1	631 B 1000 B	15ms 15ms	Script text/javascript	13.227.219.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html Protocol H3 Security QUIC, , AES_128_GCM Server 13.227.219.27 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-219-27.ams54.r.cloudfront.net Software Cloudfront / Resource Hash 250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload date Wed, 06 Sep 2023 13:07:45 GMT x-content-type-options nosniff via 1.1 b911c551065b8f78ad33b4c4564141be.cloudfront.net (CloudFront) age 3128 x-amz-cf-pop AMS54-C1 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 content-length 631 last-modified Fri, 11 Aug 2023 20:01:22 GMT server Cloudfront etag "f8f6a4584135f737b26927596ce6e0a7" vary Accept-Encoding content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes timing-allow-origin * x-amz-cf-id 5ReZinwEiQDzRyPZ-QKf94WMx_ZU_mS0rtEW8mqJ7IN5z0n50jTHgQ==
POST		0 r.stripe.com/ Frame F464	0 0
POST		0 r.stripe.com/ Frame F464	0 0
POST		0 r.stripe.com/ Frame F464	0 0
POST		0 r.stripe.com/ Frame F464	0 0
POST		0 r.stripe.com/ Frame F464	0 0
POST		0 r.stripe.com/ Frame F464	0 0
POST		0 r.stripe.com/ Frame F464	0 0
POST		0 r.stripe.com/ Frame F464	0 0
POST		0 r.stripe.com/ Frame F464	0 0
POST		0 r.stripe.com/ Frame F464	0 0
POST H2	200	csp-report q.stripe.com/ Frame 70A1	0 716 B	449ms 180ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: staging.payment.heropay.co URL: https://staging.payment.heropay.co/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Content-Type application/csp-report Response headers date Wed, 06 Sep 2023 13:15:17 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1694006117776423 x-envoy-upstream-service-time 3 content-length 0 x-stripe-bg-intended-route-color blue pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS x-stripe-server-envoy-upstream-service-time-ms 2 access-control-allow-origin https://js.stripe.com x-stripe-client-envoy-start-time-us 1694006117775650 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-expose-headers Server, Range, Content-Type x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
POST H2	200	csp-report q.stripe.com/ Frame 70A1	0 716 B	446ms 177ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: staging.payment.heropay.co URL: https://staging.payment.heropay.co/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Content-Type application/csp-report Response headers date Wed, 06 Sep 2023 13:15:17 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1694006117776116 x-envoy-upstream-service-time 2 content-length 0 x-stripe-bg-intended-route-color blue pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS x-stripe-server-envoy-upstream-service-time-ms 2 access-control-allow-origin https://js.stripe.com x-stripe-client-envoy-start-time-us 1694006117775786 cache-control max-age=0, no-cache, no-store, must-revalidate access-control-expose-headers Server, Range, Content-Type x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
GET H2	200	inner.html Show response m.stripe.network/ Frame 9369	930 B 1 KB	40ms 8ms	Document text/html	151.101.64.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.64.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1 Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 251 cache-control max-age=300, public content-encoding br content-length 540 content-security-policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Wed, 06 Sep 2023 13:15:17 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload vary Accept-Encoding, Origin via 1.1 varnish x-cache HIT x-cache-hits 212 x-content-type-options nosniff x-request-id f8743bc4-1ec9-4990-a2f6-b7f0886cea90 x-served-by cache-fra-eddf8230060-FRA x-timer S1694006117.456481,VS0,VE0
POST H2	200	csp-report q.stripe.com/ Frame 9369	0 490 B	389ms 177ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: staging.payment.heropay.co URL: https://staging.payment.heropay.co/ Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Content-Type application/csp-report Response headers date Wed, 06 Sep 2023 13:15:17 GMT strict-transport-security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload x-content-type-options nosniff x-stripe-server-envoy-start-time-us 1694006117776981 x-envoy-upstream-service-time 3 content-length 0 x-stripe-bg-intended-route-color blue pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin x-stripe-server-envoy-upstream-service-time-ms 1 x-stripe-client-envoy-start-time-us 1694006117775627 cache-control max-age=0, no-cache, no-store, must-revalidate x-robots-tag none expires 0
GET H2	200	out-4.5.43.js Show response m.stripe.network/ Frame 9369	87 KB 15 KB	19ms 15ms	Script text/javascript	151.101.64.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.43.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.64.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload date Wed, 06 Sep 2023 13:15:17 GMT x-content-type-options nosniff content-encoding br via 1.1 varnish age 178 x-cache HIT content-length 15509 x-request-id 89f84df3-c0ba-4548-ba60-8d336a0f7c0c x-served-by cache-fra-eddf8230060-FRA server Fastly x-timer S1694006117.493588,VS0,VE0 vary Accept-Encoding, Origin content-type text/javascript; charset=utf-8 cache-control max-age=300, public accept-ranges bytes x-cache-hits 151
POST		6 m.stripe.com/ Frame 9369	0 0
POST		/ o1086518.ingest.sentry.io/api/6098717/envelope/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

r.stripe.com

URL

https://r.stripe.com/0

Domain

m.stripe.com

URL

https://m.stripe.com/6

Domain

o1086518.ingest.sentry.io

URL

https://o1086518.ingest.sentry.io/api/6098717/envelope/?sentry_key=7262edb465024b42b2679f761d28657b&sentry_version=7&sentry_client=sentry.javascript.react%2F7.29.0

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture object| __SENTRY__ object| webpackChunkStripeJSouter function| noop function| Stripe

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
js.stripe.com
m.stripe.com
m.stripe.network
o1086518.ingest.sentry.io
q.stripe.com
r.stripe.com
staging.payment.heropay.co
m.stripe.com
o1086518.ingest.sentry.io
r.stripe.com
13.227.219.27
151.101.64.176
2600:9000:225e:3a00:12:658b:4240:93a1
2a00:1450:4001:80e::200a
54.187.159.182
1f781e185bdcf46867fed4cdb4f4c72f8a2ede1b06ffeb68dceb0f0272fce618
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
44d186690a4ab63f4516fda1cf7782cab4bc4b517c3da1f7a55ac18a3abd0483
4e4b536d5e82e2fdec2d92e4202ea3d9e5049b9ad917c4fdddd84c4779e0708f
516d3dd99c70db6aeced1172c1cd03dbc4610726a716b3bcde486f1e5e44c9d3
64f08108c531e158ed982aedc4a15756f7846120da2ab0339eccf20679e8599f
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
a471d4d8a57f097ae34bc60cfd56f2bc91768b0def3b0015add0f079d232133c
bd82711b37b2a904fb46c3f7ebe3729e109b3f90ea4b5cb9286e69044dadc07c
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7cbad90ebd08f4c2b40fce0ce38b3b087e05a464940fc59fe91c14fb1a7df8a
f13fd9c9273b6e63dbc0b89edc31c5d9e178c5327a61064ab73053ac4dfbea18
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca