urlscan.io logo urlscan.io
SecurityTrails logo

shop.honest.com Open in urlscan Pro
54.91.59.199  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://shop.honest.com/
Effective URL: https://shop.honest.com/
Submission: On January 22 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 17 HTTP transactions. The main IP is 54.91.59.199, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is shop.honest.com.
TLS certificate: Issued by R3 on December 23rd 2023. Valid for: 3 months.
This is the only time shop.honest.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.220.57.224 14618 (AMAZON-AES)
7 54.91.59.199 14618 (AMAZON-AES)
7 151.101.194.132 54113 (FASTLY)
3 151.101.130.137 54113 (FASTLY)
17 3
Apex Domain
Subdomains		 Transfer
8 honest.com
shop.honest.com
84 KB
7 ketchcdn.com
global.ketchcdn.com — Cisco Umbrella Rank: 4803
6 KB
3 ketchjs.com
cdn.ketchjs.com — Cisco Umbrella Rank: 5075
144 KB
17 3
Domain Requested by
8 shop.honest.com 1 redirects shop.honest.com
7 global.ketchcdn.com shop.honest.com
cdn.ketchjs.com
3 cdn.ketchjs.com global.ketchcdn.com
17 3

This site contains links to these domains. Also see Links.

Domain
www.mikmak.com
Subject Issuer Validity Valid
shop.honest.com
R3		 2023-12-23 -
2024-03-22		 3 months crt.sh
global.ketchcdn.com
R3		 2024-01-12 -
2024-04-11		 3 months crt.sh
cdn.ketchjs.com
R3		 2023-12-23 -
2024-03-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://shop.honest.com/
Frame ID: 9811F8C3FDF57F0FE193BFB7380D44D2
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://shop.honest.com/ HTTP 307
    https://shop.honest.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

234 kB
Transfer

894 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://shop.honest.com/ HTTP 307
    https://shop.honest.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
shop.honest.com/
Redirect Chain
  • http://shop.honest.com/
  • https://shop.honest.com/
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shop.honest.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.91.59.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-59-199.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e28d099ea300aa0788a20dfae41db92367cfe8943a24873f566a5a38b97b2b1c
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=86400365; includeSubDomains; preload;
X-Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval'
Content-Type
text/html; charset=utf-8
Date
Mon, 22 Jan 2024 22:13:25 GMT
Etag
"aa7-L9NrPLtCH/tT26+FsUezy5i6WcU"
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Referrer-Policy
no-referrer-when-downgrade
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D
Server
Cowboy
Strict-Transport-Security
max-age=86400365; includeSubDomains; preload;
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 vegur
X-Content-Security-Policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff

Redirect headers

Cache-Control
no-cache
Connection
keep-alive
Content-Security-Policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval'
Date
Mon, 22 Jan 2024 22:13:25 GMT
Location
https://shop.honest.com/
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Referrer-Policy
no-referrer-when-downgrade
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D
Server
Cowboy
Strict-Transport-Security
max-age=86400365; includeSubDomains; preload;
Transfer-Encoding
chunked
Via
1.1 vegur
X-Content-Security-Policy
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
ketch_init.js
shop.honest.com/js/ 		381 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.honest.com/js/ketch_init.js
Requested by
Host: shop.honest.com
URL: https://shop.honest.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.91.59.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-59-199.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
8066d04a96073d55ee2644d867d37935b71c3619408e7f0a6edc3976edf7f7ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Mon, 22 Jan 2024 22:13:25 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Cowboy
Last-Modified
Tue, 05 Dec 2023 13:58:07 GMT
Etag
W/"17d-18c3a459198"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D"}]}
Content-Type
application/javascript; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D
manifest.dce1b727e0c0441ec242.js
shop.honest.com/_nuxt/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.honest.com/_nuxt/manifest.dce1b727e0c0441ec242.js
Requested by
Host: shop.honest.com
URL: https://shop.honest.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.91.59.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-59-199.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
d11d1127e8c98a74d64cf559e0ee55c4c3cfe6639a3457d913940ed8e0364667

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Mon, 22 Jan 2024 22:13:25 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Cowboy
Last-Modified
Tue, 05 Dec 2023 13:58:51 GMT
Etag
W/"846-18c3a463d78"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D"}]}
Content-Type
application/javascript; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D
default.3f698a3d284650eec031.js
shop.honest.com/_nuxt/layouts/ 		326 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.honest.com/_nuxt/layouts/default.3f698a3d284650eec031.js
Requested by
Host: shop.honest.com
URL: https://shop.honest.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.91.59.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-59-199.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
7d7b811e92ab44c9054370c6e3f3772a80759bbf00b9a41529b2f7dc8a2caa75

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Mon, 22 Jan 2024 22:13:25 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Cowboy
Last-Modified
Tue, 05 Dec 2023 13:58:51 GMT
Etag
W/"146-18c3a463d78"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D"}]}
Content-Type
application/javascript; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D
index.6800febf00bb410cc26f.js
shop.honest.com/_nuxt/pages/ 		330 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.honest.com/_nuxt/pages/index.6800febf00bb410cc26f.js
Requested by
Host: shop.honest.com
URL: https://shop.honest.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.91.59.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-59-199.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
fb87d2e04d8ff6583b6e3de7c2ecc620ec1eb09563a79dc3347c65aac91f8ab3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Mon, 22 Jan 2024 22:13:25 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Cowboy
Last-Modified
Tue, 05 Dec 2023 13:58:51 GMT
Etag
W/"14a-18c3a463d78"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D"}]}
Content-Type
application/javascript; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705961605&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=4DgCXjKvMFzE3v4Puh6M%2Bd%2BtvH78vkPsYfDg5%2FWzBV0%3D
vendor.a1bd118510ee9732eba5.js
shop.honest.com/_nuxt/ 		152 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.honest.com/_nuxt/vendor.a1bd118510ee9732eba5.js
Requested by
Host: shop.honest.com
URL: https://shop.honest.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.91.59.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-59-199.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
421a3907da3bb358a839a02dbf5588a417bd651d0cc228bcb720a6f638e9c809

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Mon, 22 Jan 2024 22:13:26 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Cowboy
Last-Modified
Tue, 05 Dec 2023 13:58:51 GMT
Etag
W/"26083-18c3a463d78"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705961606&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=1kBhOQ04XrYPzkXEW8CiFYTQjR1%2Bj4qlFF62ByKE6n4%3D"}]}
Content-Type
application/javascript; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705961606&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=1kBhOQ04XrYPzkXEW8CiFYTQjR1%2Bj4qlFF62ByKE6n4%3D
app.1fac9c1b651e63631ed1.js
shop.honest.com/_nuxt/ 		65 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.honest.com/_nuxt/app.1fac9c1b651e63631ed1.js
Requested by
Host: shop.honest.com
URL: https://shop.honest.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.91.59.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-59-199.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
bd5e93a38d18ad91821216e88865568869b7838c4240a62391138128dc18447c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Mon, 22 Jan 2024 22:13:26 GMT
Content-Encoding
gzip
Via
1.1 vegur
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Server
Cowboy
Last-Modified
Tue, 05 Dec 2023 13:58:51 GMT
Etag
W/"103d7-18c3a463d78"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1705961606&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=1kBhOQ04XrYPzkXEW8CiFYTQjR1%2Bj4qlFF62ByKE6n4%3D"}]}
Content-Type
application/javascript; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1705961606&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=1kBhOQ04XrYPzkXEW8CiFYTQjR1%2Bj4qlFF62ByKE6n4%3D
boot.js
global.ketchcdn.com/web/v2/config/mikmak/embed/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://global.ketchcdn.com/web/v2/config/mikmak/embed/boot.js
Requested by
Host: shop.honest.com
URL: https://shop.honest.com/js/ketch_init.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f48aea50d05a08d7ef6a71420094ae6b371b07445f18f93006923973804b8179
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src 'self'
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 varnish, 1.1 varnish
date
Mon, 22 Jan 2024 22:13:25 GMT
age
526
x-cache
HIT, HIT
request-id
35687276-6770-455d-8ec4-612861dc930d
content-length
1187
x-xss-protection
1; mode=block
x-request-id
ff286dfa-2285-44e0-a458-5b40c8008a9a
x-served-by
cache-pdx12324-PDX, cache-fra-eddf8230043-FRA
x-timer
S1705961606.840453,VS0,VE1
x-frame-options
deny
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=1200
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
43, 1
lanyard.js
cdn.ketchjs.com/lanyard/v1/ 		314 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ketchjs.com/lanyard/v1/lanyard.js
Requested by
Host: global.ketchcdn.com
URL: https://global.ketchcdn.com/web/v2/config/mikmak/embed/boot.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7b5ea0f8411929461e9a57744836e04e423fb44a2c3234303b01bddecde99ede
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src 'self'
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600; includeSubDomains; preload
age
909
date
Mon, 22 Jan 2024 22:13:25 GMT
x-cache
HIT, HIT
request-id
9b026dc4-de0b-4bb7-8e29-71f019bef0f0
content-length
74118
x-xss-protection
1; mode=block
x-served-by
cache-pdx12329-PDX, cache-fra-eddf8230095-FRA
last-modified
Mon, 08 Jan 2024 19:35:56 GMT
x-timer
S1705961606.877900,VS0,VE0
etag
"18a66854e8380133ca385895bb89e1c8"
x-frame-options
deny
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=1200
accept-ranges
bytes
x-cache-hits
372636, 19
plugins.js
cdn.ketchjs.com/plugins/v1/ 		223 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ketchjs.com/plugins/v1/plugins.js
Requested by
Host: global.ketchcdn.com
URL: https://global.ketchcdn.com/web/v2/config/mikmak/embed/boot.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f74d1e6b52abba5218bfc3d87983b75ca497be93b469b992dd949303a02e72b3
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src 'self'
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600; includeSubDomains; preload
age
364
date
Mon, 22 Jan 2024 22:13:25 GMT
x-cache
HIT, HIT
request-id
151b4fa6-3832-4a4c-91dd-5b9f2084b27d
content-length
46165
x-xss-protection
1; mode=block
x-served-by
cache-pdx12326-PDX, cache-fra-eddf8230095-FRA
last-modified
Mon, 22 Jan 2024 14:19:47 GMT
x-timer
S1705961606.878175,VS0,VE0
etag
"2b7fdd7367baab151b4a99547dfe0296"
x-frame-options
deny
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=1200
accept-ranges
bytes
x-cache-hits
3642, 6
ketch.js
cdn.ketchjs.com/ketchtag/stable/v2.12/ 		104 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ketchjs.com/ketchtag/stable/v2.12/ketch.js
Requested by
Host: global.ketchcdn.com
URL: https://global.ketchcdn.com/web/v2/config/mikmak/embed/boot.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dd97f83749ecc8d053b95d6cc019ba6a8059d8e1336dbffdb20bfba8142721b1
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31557600; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://shop.honest.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src 'self'
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600; includeSubDomains; preload
age
362
date
Mon, 22 Jan 2024 22:13:25 GMT
x-cache
HIT, HIT
request-id
51513ae6-175d-4704-9def-5dd71d80c2f7
content-length
26791
x-xss-protection
1; mode=block
x-served-by
cache-pdx12326-PDX, cache-fra-eddf8230095-FRA
last-modified
Fri, 12 Jan 2024 17:54:30 GMT
x-timer
S1705961606.878165,VS0,VE0
etag
"03d3a9dd8292e1d24d4e0b27b2e525e3"
x-frame-options
deny
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=1200
accept-ranges
bytes
x-cache-hits
4892, 3
ip
global.ketchcdn.com/web/v2/ 		51 B
412 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://global.ketchcdn.com/web/v2/ip
Requested by
Host: cdn.ketchjs.com
URL: https://cdn.ketchjs.com/ketchtag/stable/v2.12/ketch.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
dc9e45a199895e8a5f6380f6b656dd3602d9a43fa2946f61f1dbdc03456bba7f
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31557600; includeSubDomains; preload

Request headers

Accept
application/json
Referer
https://shop.honest.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 22:13:25 GMT
via
1.1 varnish
content-security-policy
default-src 'self'
strict-transport-security
max-age=31557600; includeSubDomains; preload
x-cache
MISS
request-id
69e091ee-9c03-4ead-86c6-e82b72c381ee
content-length
51
x-request-id
69e091ee-9c03-4ead-86c6-e82b72c381ee
x-served-by
cache-fra-eddf8230130-FRA
server
Varnish
x-timer
S1705961606.939071,VS0,VE0
vary
Origin, User-Agent
content-type
application/json
access-control-allow-origin
https://shop.honest.com
cache-control
private, max-age=86400
accept-ranges
bytes
retry-after
0
x-cache-hits
0
config.json
global.ketchcdn.com/web/v2/config/mikmak/embed/production/12527405806069176866/gdpr/en-US/ 		27 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://global.ketchcdn.com/web/v2/config/mikmak/embed/production/12527405806069176866/gdpr/en-US/config.json
Requested by
Host: cdn.ketchjs.com
URL: https://cdn.ketchjs.com/ketchtag/stable/v2.12/ketch.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
25e0cc647a1f7595f8689880b99bf08a43964c6bae46a847b4f27c9a0cc19b9c
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://shop.honest.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy
default-src 'self'
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 varnish, 1.1 varnish
date
Mon, 22 Jan 2024 22:13:25 GMT
age
288602
x-cache
HIT, HIT
request-id
2db1afac-d70e-458d-af35-eb4532cfd95b
content-length
3168
x-xss-protection
1; mode=block
x-request-id
fb57988f-5a32-408b-a598-0bc107d2505a
x-served-by
cache-pdx12323-PDX, cache-fra-eddf8230130-FRA
x-timer
S1705961606.949153,VS0,VE1
x-frame-options
deny
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://shop.honest.com
cache-control
public, max-age=31536000
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
6, 1
get
global.ketchcdn.com/web/v2/consent/mikmak/ 		148 B
309 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://global.ketchcdn.com/web/v2/consent/mikmak/get
Requested by
Host: cdn.ketchjs.com
URL: https://cdn.ketchjs.com/ketchtag/stable/v2.12/ketch.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1787e9a42efaeedabbef674b616397c28ec8c3aef7ec7841e172fcde9c63a6d1
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://shop.honest.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
via
1.1 varnish, 1.1 varnish
date
Mon, 22 Jan 2024 22:13:26 GMT
x-cache
MISS, MISS
request-id
027c4076-eac2-4bc0-b90a-3e2519f5fe65
content-length
143
x-xss-protection
1; mode=block
x-request-id
537aaec5-9981-4185-93a5-776af3bc10b2
x-served-by
cache-pdx12323-PDX, cache-fra-eddf8230130-FRA
x-timer
S1705961606.151077,VS0,VE193
x-frame-options
deny
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://shop.honest.com
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0, 0
get
global.ketchcdn.com/web/v2/consent/mikmak/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://global.ketchcdn.com/web/v2/consent/mikmak/get
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://shop.honest.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Accept,Authorization
access-control-allow-methods
GET,HEAD,POST,PUT,DELETE
access-control-allow-origin
https://shop.honest.com
content-length
0
content-security-policy
default-src 'self'
date
Mon, 22 Jan 2024 22:13:26 GMT
request-id
1c37d419-0787-4341-893c-94fefbcf60df
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-frame-options
deny
x-request-id
661da454-a5a9-4f0a-af1b-0a8e8ab9b50b
x-served-by
cache-pdx12331-PDX, cache-fra-eddf8230130-FRA
x-timer
S1705961606.971659,VS0,VE172
x-xss-protection
1; mode=block
update
global.ketchcdn.com/web/v2/consent/mikmak/ 		264 B
446 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://global.ketchcdn.com/web/v2/consent/mikmak/update
Requested by
Host: cdn.ketchjs.com
URL: https://cdn.ketchjs.com/ketchtag/stable/v2.12/ketch.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a1c9f9306a79fa06d961d903f008fe620e0ef1887d690590a568c7354d0bb11b
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://shop.honest.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/json

Response headers

content-security-policy
default-src 'self'
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
via
1.1 varnish, 1.1 varnish
date
Mon, 22 Jan 2024 22:13:26 GMT
x-cache
MISS, MISS
request-id
14bb2819-49e0-4d20-a86f-880801680b5b
content-length
209
x-xss-protection
1; mode=block
x-request-id
d7177ba3-9975-4e7b-964c-b04c34ef414a
x-served-by
cache-pdx12331-PDX, cache-fra-eddf8230130-FRA
x-timer
S1705961607.541328,VS0,VE187
x-frame-options
deny
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://shop.honest.com
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0, 0
update
global.ketchcdn.com/web/v2/consent/mikmak/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://global.ketchcdn.com/web/v2/consent/mikmak/update
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://shop.honest.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Accept,Authorization
access-control-allow-methods
GET,HEAD,POST,PUT,DELETE
access-control-allow-origin
https://shop.honest.com
content-length
0
content-security-policy
default-src 'self'
date
Mon, 22 Jan 2024 22:13:26 GMT
request-id
917f01b8-eace-4c81-a0a3-28a34c7a08fc
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-frame-options
deny
x-request-id
a716b311-db2e-420e-8f6d-14fb794be800
x-served-by
cache-pdx12331-PDX, cache-fra-eddf8230130-FRA
x-timer
S1705961606.352817,VS0,VE174
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| semaphore object| __NUXT__ function| ketch function| webpackJsonp object| dataLayer object| ketchConsent function| setImmediate function| clearImmediate object| __core-js_shared__ object| _nuxtReadyCbs function| onNuxtReady object| $nuxt

3 Cookies

Domain/Path Name / Value
.honest.com/ Name: _swb
Value: eea0b2ad-9a2b-4279-a670-e9279004c18e
.honest.com/ Name: _swb_consent_
Value: eyJvcmdhbml6YXRpb25Db2RlIjoibWlrbWFrIiwicHJvcGVydHlDb2RlIjoiZW1iZWQiLCJlbnZpcm9ubWVudENvZGUiOiJwcm9kdWN0aW9uIiwiaWRlbnRpdGllcyI6eyJzd2JfZW1iZWQiOiJlZWEwYjJhZC05YTJiLTQyNzktYTY3MC1lOTI3OTAwNGMxOGUifSwianVyaXNkaWN0aW9uQ29kZSI6ImdkcHIiLCJwdXJwb3NlcyI6eyJlc3NlbnRpYWxfc2VydmljZXMiOnsiYWxsb3dlZCI6InRydWUiLCJsZWdhbEJhc2lzQ29kZSI6ImxlZ2l0aW1hdGVpbnRlcmVzdCJ9fSwiY29sbGVjdGVkQXQiOjE3MDU5NjE2MDZ9
.honest.com/ Name: _ketch_consent_v1_
Value: eyJlc3NlbnRpYWxfc2VydmljZXMiOnsic3RhdHVzIjoiZ3JhbnRlZCIsImNhbm9uaWNhbFB1cnBvc2VzIjpbImVzc2VudGlhbF9zZXJ2aWNlcyJdfX0%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=86400365; includeSubDomains; preload;
X-Content-Security-Policy default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options nosniff