app.surmount.ai Open in urlscan Pro
54.166.232.15  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request signup Show response app.surmount.ai/	2 KB 1 KB	569ms 92ms	Document text/html	54.166.232.15 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.surmount.ai/signup Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.166.232.15 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-166-232-15.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash a0740b4fa72860b485772ed06eedaddab179ea6df96d8e9a6b53fe3db159bfdf Security Headers Name Value Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-security-policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; content-type text/html; charset=utf-8 date Tue, 05 Sep 2023 17:39:43 GMT etag W/"64f5cf63-801" last-modified Mon, 04 Sep 2023 12:36:51 GMT permissions-policy interest-cohort=() referrer-policy strict-origin-when-cross-origin server nginx/1.18.0 (Ubuntu) strict-transport-security max-age=31536000; includeSubDomains; preload vary Accept-Encoding x-content-type-options nosniff x-xss-protection 1; mode=block
GET H2	200	css2 fonts.googleapis.com/	4 KB 947 B	42ms 18ms	Stylesheet text/css	2a00:1450:4001:80e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap Requested by Host: app.surmount.ai URL: https://app.surmount.ai/signup Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash aef306d8dc297f057d650b2e03a3c79b8f8aa29aeaa9f7f19b4f4a5c5d3e88f1 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 05 Sep 2023 17:39:44 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 05 Sep 2023 17:39:33 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 05 Sep 2023 17:39:44 GMT
GET H2	200	hotjar-3505981.js Show response static.hotjar.com/c/	9 KB 4 KB	126ms 70ms	Script application/javascript	108.156.60.77 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-3505981.js?sv=6 Requested by Host: app.surmount.ai URL: https://app.surmount.ai/signup Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.156.60.77 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-156-60-77.ams1.r.cloudfront.net Software / Resource Hash 33952461c85d424efb03547c0c9cfae0e7ae5fc59410497a35f314381e83f040 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 6851e5f468b237438eae4078fbc9d3b8.cloudfront.net (CloudFront) x-amz-cf-pop AMS1-P2 etag W/f4a6576a8ad263120dd64b9abf40cc86 vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control max-age=60 x-cache-hit 1 cross-origin-resource-policy cross-origin x-amz-cf-id NjDQRYjbdUtXRLBTnOfgoQdeV0ncDdQJmNrqfKJHNIM-gqK7AS_DGQ==
GET H2	200	main.488b0610.js Show response app.surmount.ai/static/js/	2 MB 684 KB	188ms 187ms	Script application/javascript	54.166.232.15 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.surmount.ai/static/js/main.488b0610.js Requested by Host: app.surmount.ai URL: https://app.surmount.ai/signup Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.166.232.15 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-166-232-15.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash b4349e37c281a28efccd62e358ccc09c452e6b8be1a596927ac452ff8021f436 Security Headers Name Value Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/signup User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin last-modified Mon, 04 Sep 2023 12:36:51 GMT server nginx/1.18.0 (Ubuntu) content-security-policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; content-encoding gzip etag W/"64f5cf63-20b1ad" vary Accept-Encoding content-type application/javascript; charset=utf-8 permissions-policy interest-cohort=() x-xss-protection 1; mode=block
GET H2	200	main.b2fbcc17.css app.surmount.ai/static/css/	209 KB 31 KB	282ms 282ms	Stylesheet text/css	54.166.232.15 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.surmount.ai/static/css/main.b2fbcc17.css Requested by Host: app.surmount.ai URL: https://app.surmount.ai/signup Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.166.232.15 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-166-232-15.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash e889e38e88d3ef3584428a1441326ac0846165da4634fe08fb0d85b55c633b43 Security Headers Name Value Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/signup User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin last-modified Mon, 04 Sep 2023 12:36:51 GMT server nginx/1.18.0 (Ubuntu) content-security-policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; content-encoding gzip etag W/"64f5cf63-34536" vary Accept-Encoding content-type text/css permissions-policy interest-cohort=() x-xss-protection 1; mode=block
GET H2	200	modules.bbdf8270c8746f2ed4c0.js Show response script.hotjar.com/	223 KB 55 KB	31ms 8ms	Script application/javascript	52.222.236.43 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.bbdf8270c8746f2ed4c0.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-3505981.js?sv=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.222.236.43 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-236-43.fra56.r.cloudfront.net Software / Resource Hash 30fc4ef01aa7ddd7a4e91462689e618dbb7d7a4c91697d2f19e0d782912157fa Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Mon, 04 Sep 2023 10:55:06 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 5519a8cb450b567e8b7111ae986a9b4c.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P4 age 110678 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 55559 last-modified Mon, 04 Sep 2023 10:54:34 GMT etag "0999491c338e3f98c88fed8030484427" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes x-robots-tag none x-amz-cf-id f1-i7_iiCoOIW43XNTl1lHFNS92xMG2i83ekbnNcfyBcvWQoHo_INA==
GET H2	204	3505981 Show response vc.hotjar.io/sessions/	0 257 B	72ms 40ms	XHR text/plain	18.66.112.19 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://vc.hotjar.io/sessions/3505981?s=0.25&r=0.043750643794628896 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.bbdf8270c8746f2ed4c0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.19 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-19.fra56.r.cloudfront.net Software Python/3.8 aiohttp/3.8.4 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) server Python/3.8 aiohttp/3.8.4 x-amz-cf-pop FRA56-P5 x-cache Miss from cloudfront access-control-allow-origin * cache-control no-store x-amz-cf-id pU7xnmmXJh4kVIDDM6p815cN82Q9Yv26b78lh3TKkTFecCh6LA532A==
GET H2	200	browser-perf.1c7ecd2be12644b9e658.js Show response script.hotjar.com/	6 KB 2 KB	11ms 10ms	Script application/javascript	52.222.236.43 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/browser-perf.1c7ecd2be12644b9e658.js Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.bbdf8270c8746f2ed4c0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.222.236.43 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-236-43.fra56.r.cloudfront.net Software / Resource Hash 37c5396a8f8c91466be1ab221bf6f86330013f0ce91cec575b8d9163b517da68 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Fri, 18 Aug 2023 09:10:36 GMT content-encoding br x-content-type-options nosniff strict-transport-security max-age=2592000; includeSubDomains via 1.1 5519a8cb450b567e8b7111ae986a9b4c.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P4 age 1585748 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 2011 last-modified Fri, 18 Aug 2023 09:05:29 GMT etag "45a46deaac94afc7df5a17fb8b1a8233" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes x-robots-tag none x-amz-cf-id EafjG6_zo8xv0svNwm5lX-Dg3nE1ioK9ZA0lvacesi6HLfqCGs5vBw==
POST H2	200	/ Show response content.hotjar.io/	56 B 161 B	127ms 35ms	XHR application/json	52.214.104.6 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.hotjar.io/?gzip=1 Requested by Host: script.hotjar.com URL: https://script.hotjar.com/modules.bbdf8270c8746f2ed4c0.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 52.214.104.6 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-214-104-6.eu-west-1.compute.amazonaws.com Software / Resource Hash d97f266446df391ba4cdce455a3835b3b1a5505fa7439bf3c24b9e5a64ab3b15 Request headers Referer https://app.surmount.ai/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Content-Type text/plain; charset=UTF-8 Response headers access-control-allow-origin * date Tue, 05 Sep 2023 17:39:44 GMT content-length 56 vary Origin content-type application/json
OPTIONS H2	200	/ prod.surmount.ai/socket.io/	0 0	585ms 92ms	Preflight text/plain	3.234.110.172 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://prod.surmount.ai/socket.io/?EIO=4&transport=polling&t=OfcRSNd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.234.110.172 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-234-110-172.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' Request headers Accept */* Access-Control-Request-Headers authorization Access-Control-Request-Method GET Origin https://app.surmount.ai Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization access-control-allow-methods OPTIONS, GET, POST access-control-allow-origin https://app.surmount.ai content-encoding gzip content-security-policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' content-type text/plain; charset=utf-8 date Tue, 05 Sep 2023 17:39:45 GMT server nginx/1.18.0 (Ubuntu) vary Accept-Encoding
OPTIONS H2	200	/ cognito-identity.ap-southeast-2.amazonaws.com/	0 0	966ms 279ms	Preflight	2406:da1c:2ac:1102:6222:c70:17af:4084 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cognito-identity.ap-southeast-2.amazonaws.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2406:da1c:2ac:1102:6222:c70:17af:4084 Sydney, Australia, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept */* Access-Control-Request-Headers content-type,x-amz-target Access-Control-Request-Method POST Origin https://app.surmount.ai Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers access-control-allow-headers content-type,x-amz-target access-control-allow-methods POST access-control-allow-origin * access-control-expose-headers x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date access-control-max-age 172800 content-length 0 date Tue, 05 Sep 2023 17:39:45 GMT strict-transport-security max-age=31536000; includeSubDomains x-amzn-requestid d7e5153f-7601-4bc7-8e06-531951423ddd
GET H2	200	/ Show response prod.surmount.ai/socket.io/	97 B 369 B	94ms 94ms	XHR text/plain	3.234.110.172 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://prod.surmount.ai/socket.io/?EIO=4&transport=polling&t=OfcRSNd Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.234.110.172 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-234-110-172.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 3369fba49f0a04609bbe59b116f4f6ce96eb20dac0695235ca389c889495e4f2 Security Headers Name Value Content-Security-Policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' Request headers Accept */* Referer https://app.surmount.ai/ accept-language de-DE,de;q=0.9 authorization Bearer null User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:45 GMT content-security-policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' content-encoding gzip server nginx/1.18.0 (Ubuntu) vary Accept-Encoding content-type text/plain; charset=UTF-8 access-control-allow-origin https://app.surmount.ai access-control-allow-credentials true
POST H2	200	/ Show response cognito-identity.ap-southeast-2.amazonaws.com/	68 B 322 B	281ms 281ms	Fetch application/x-amz-json-1.1	2406:da1c:2ac:1102:6222:c70:17af:4084 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cognito-identity.ap-southeast-2.amazonaws.com/ Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2406:da1c:2ac:1102:6222:c70:17af:4084 Sydney, Australia, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a1d5047ad6a7ee984c00ac21e78b3bb6b2003ecac44d3cfd3ed25e0327e9a171 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://app.surmount.ai/ x-amz-target AWSCognitoIdentityService.GetId accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 content-type application/x-amz-json-1.1 Response headers access-control-allow-origin * date Tue, 05 Sep 2023 17:39:45 GMT strict-transport-security max-age=31536000; includeSubDomains access-control-expose-headers x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date x-amzn-requestid 4cef3289-d736-432d-aba3-44d98f08848e content-length 68 content-type application/x-amz-json-1.1
GET H2	200	translation.json Show response app.surmount.ai/i18n/en-US/	2 KB 1 KB	91ms 91ms	Fetch text/html	54.166.232.15 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.surmount.ai/i18n/en-US/translation.json Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.166.232.15 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-166-232-15.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash a0740b4fa72860b485772ed06eedaddab179ea6df96d8e9a6b53fe3db159bfdf Security Headers Name Value Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/signup User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin last-modified Mon, 04 Sep 2023 12:36:51 GMT server nginx/1.18.0 (Ubuntu) content-security-policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; content-encoding gzip etag W/"64f5cf63-801" vary Accept-Encoding content-type text/html; charset=utf-8 permissions-policy interest-cohort=() x-xss-protection 1; mode=block
GET H2	200	translation.json Show response app.surmount.ai/i18n/en/	107 B 505 B	92ms 91ms	Fetch application/json	54.166.232.15 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.surmount.ai/i18n/en/translation.json Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.166.232.15 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-166-232-15.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash fb5cc8d650af137fc181dd08561a0e1940705b3aaf46dacb1e697358ee263c75 Security Headers Name Value Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/signup User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin last-modified Mon, 04 Sep 2023 12:36:51 GMT server nginx/1.18.0 (Ubuntu) content-security-policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; content-encoding gzip etag W/"64f5cf63-6b" vary Accept-Encoding content-type application/json permissions-policy interest-cohort=() x-xss-protection 1; mode=block
GET H2	200	webConfig Show response firebase.googleapis.com/v1alpha/projects/-/apps/1:752050372875:web:49a07ece0e2f7b1a8ba20e/	277 B 379 B	38ms 37ms	Fetch application/json	2a00:1450:4001:830::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebase.googleapis.com/v1alpha/projects/-/apps/1:752050372875:web:49a07ece0e2f7b1a8ba20e/webConfig Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 5a35826b8d3c180538e973762b007a4b352f9382a57cd8c9343f3b4be8b29348 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept application/json Referer https://app.surmount.ai/ x-goog-api-key AIzaSyDq61Ty0bzRSFP2E2JINl6GzLA44HEYMKY accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT content-encoding gzip x-content-type-options nosniff server ESF vary Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type application/json; charset=UTF-8 access-control-allow-origin https://app.surmount.ai access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 190 x-xss-protection 0
OPTIONS H2	200	webConfig firebase.googleapis.com/v1alpha/projects/-/apps/1:752050372875:web:49a07ece0e2f7b1a8ba20e/	0 0	69ms 23ms	Preflight text/html	2a00:1450:4001:830::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebase.googleapis.com/v1alpha/projects/-/apps/1:752050372875:web:49a07ece0e2f7b1a8ba20e/webConfig Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-api-key Access-Control-Request-Method GET Origin https://app.surmount.ai Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers access-control-allow-headers x-goog-api-key access-control-allow-methods DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT access-control-allow-origin https://app.surmount.ai access-control-max-age 3600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/html date Tue, 05 Sep 2023 17:39:44 GMT server ESF vary origin referer x-origin x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 0
GET H2	200	614.879ff4db.chunk.js Show response app.surmount.ai/static/js/	31 KB 12 KB	97ms 97ms	Script application/javascript	54.166.232.15 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.surmount.ai/static/js/614.879ff4db.chunk.js Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.166.232.15 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-166-232-15.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash f622ba4084ab7f84d324fc4b1c1b1271323a5a423e77d00c709e52c564e06a28 Security Headers Name Value Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/signup User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin last-modified Mon, 04 Sep 2023 12:36:51 GMT server nginx/1.18.0 (Ubuntu) content-security-policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; content-encoding gzip etag W/"64f5cf63-7d04" vary Accept-Encoding content-type application/javascript; charset=utf-8 permissions-policy interest-cohort=() x-xss-protection 1; mode=block
GET DATA	200 OK	truncated /	105 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b2b448b69e2b96f241fc62551529e2339b2dda07a5cac0913dd0b585d18ba728 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET H2	200	hamburger.00ea888af1437231e5a63de3f1fd2e9d.svg app.surmount.ai/static/media/	711 B 708 B	93ms 93ms	Image image/svg+xml	54.166.232.15 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://app.surmount.ai/static/media/hamburger.00ea888af1437231e5a63de3f1fd2e9d.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.166.232.15 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-166-232-15.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 683e7e8f855643ddf6d6a9a5694232658232194cf0d25e57a8dd20584b396dd6 Security Headers Name Value Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/signup User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin last-modified Mon, 04 Sep 2023 12:36:51 GMT server nginx/1.18.0 (Ubuntu) content-security-policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; content-encoding gzip etag W/"64f5cf63-2c7" vary Accept-Encoding content-type image/svg+xml permissions-policy interest-cohort=() x-xss-protection 1; mode=block
GET H2	200	bg-gradient.8556bb129cf52faba97f773dbf1f6378.svg app.surmount.ai/static/media/	2 KB 1 KB	91ms 90ms	Image image/svg+xml	54.166.232.15 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://app.surmount.ai/static/media/bg-gradient.8556bb129cf52faba97f773dbf1f6378.svg Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.166.232.15 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-166-232-15.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 7c8282fc17c4006499e7fa913c0ad29df651721fa628f7edb59eeb5f6dab0cfd Security Headers Name Value Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/signup User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:44 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin last-modified Mon, 04 Sep 2023 12:36:51 GMT server nginx/1.18.0 (Ubuntu) content-security-policy default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; content-encoding gzip etag W/"64f5cf63-76f" vary Accept-Encoding content-type image/svg+xml permissions-policy interest-cohort=() x-xss-protection 1; mode=block
GET H2	200	/ Show response prod.surmount.ai/api/user/anonymous-tracking-id/	54 B 655 B	387ms 94ms	XHR application/json	3.234.110.172 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://prod.surmount.ai/api/user/anonymous-tracking-id/ Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.234.110.172 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-234-110-172.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 2a752b8652a41ca17ab7ff8da353a04a9d50aa940e305f7e55a6c3eb86860459 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Accept application/json, text/plain, */* Referer https://app.surmount.ai/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:45 GMT content-encoding gzip x-content-type-options nosniff referrer-policy same-origin server nginx/1.18.0 (Ubuntu) cross-origin-opener-policy same-origin x-frame-options DENY vary Accept-Encoding, Accept, Origin content-type application/json allow GET, HEAD, OPTIONS access-control-allow-origin https://app.surmount.ai access-control-expose-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range access-control-allow-credentials true access-control-allow-methods GET, POST, OPTIONS, PATCH access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
GET H2	200	pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v20/	8 KB 8 KB	255ms 17ms	Font font/woff2	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://app.surmount.ai accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Thu, 31 Aug 2023 00:08:32 GMT x-content-type-options nosniff age 495073 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7816 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:11:40 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 30 Aug 2024 00:08:32 GMT
GET H2	200	pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v20/	8 KB 8 KB	247ms 9ms	Font font/woff2	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://app.surmount.ai accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Sat, 02 Sep 2023 07:15:26 GMT x-content-type-options nosniff age 296659 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7748 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:21:30 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 01 Sep 2024 07:15:26 GMT
GET H2	200	pxiEyp8kv8JHgFVrJJfecg.woff2 fonts.gstatic.com/s/poppins/v20/	8 KB 8 KB	250ms 12ms	Font font/woff2	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://app.surmount.ai accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Fri, 01 Sep 2023 04:53:10 GMT x-content-type-options nosniff age 391595 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 7884 x-xss-protection 0 last-modified Wed, 27 Apr 2022 17:03:52 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 31 Aug 2024 04:53:10 GMT
GET H2	200	pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v20/	8 KB 8 KB	248ms 10ms	Font font/woff2	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://app.surmount.ai accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Fri, 01 Sep 2023 07:35:17 GMT x-content-type-options nosniff age 381868 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8000 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:59:07 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 31 Aug 2024 07:35:17 GMT
POST H2	200	installations Show response firebaseinstallations.googleapis.com/v1/projects/trackingsurmountai/	625 B 679 B	328ms 327ms	Fetch application/json	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebaseinstallations.googleapis.com/v1/projects/trackingsurmountai/installations Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 1a64a6be4efc967d3fe740e9ea7d5702f9060620ae2053a2373f5d9b54aa6802 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept application/json Referer https://app.surmount.ai/ x-goog-api-key AIzaSyDq61Ty0bzRSFP2E2JINl6GzLA44HEYMKY accept-language de-DE,de;q=0.9 x-firebase-client eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjguMiBmaXJlLWNvcmUtZXNtMjAxNy8wLjguMiBmaXJlLWpzLyBmaXJlLWpzLWFsbC1hcHAvOS4xMi4xIGZpcmUtaWlkLzAuNS4xNSBmaXJlLWlpZC1lc20yMDE3LzAuNS4xNSBmaXJlLWFuYWx5dGljcy8wLjguMyBmaXJlLWFuYWx5dGljcy1lc20yMDE3LzAuOC4zIiwiZGF0ZXMiOlsiMjAyMy0wOS0wNSJdfV19 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 content-type application/json Response headers date Tue, 05 Sep 2023 17:39:45 GMT content-encoding gzip x-content-type-options nosniff server ESF vary Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type application/json; charset=UTF-8 access-control-allow-origin https://app.surmount.ai access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 489 x-xss-protection 0
OPTIONS H2	200	installations firebaseinstallations.googleapis.com/v1/projects/trackingsurmountai/	0 0	99ms 15ms	Preflight text/html	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebaseinstallations.googleapis.com/v1/projects/trackingsurmountai/installations Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers content-type,x-firebase-client,x-goog-api-key Access-Control-Request-Method POST Origin https://app.surmount.ai Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers access-control-allow-headers content-type,x-firebase-client,x-goog-api-key access-control-allow-methods DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT access-control-allow-origin https://app.surmount.ai access-control-max-age 3600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 content-type text/html date Tue, 05 Sep 2023 17:39:45 GMT server ESF vary origin referer x-origin x-content-type-options nosniff x-frame-options SAMEORIGIN x-xss-protection 0
GET H2	200	js Show response www.googletagmanager.com/gtag/	211 KB 76 KB	48ms 23ms	Script application/javascript	2a00:1450:4001:80f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-CSCQ9DGQGW Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 79abc1e02567f93f9aefeb623f44a38e8db2a947df9a5c81d27bb064ccbd59c0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://app.surmount.ai/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Tue, 05 Sep 2023 17:39:45 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 77129 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 05 Sep 2023 17:39:45 GMT
OPTIONS H2	200	/ prod.surmount.ai/socket.io/	0 0	204ms 203ms	Preflight text/plain	3.234.110.172 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://prod.surmount.ai/socket.io/?EIO=4&transport=polling&t=OfcRSZI&sid=jTBIQ2YQEp2OasheAAA2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.234.110.172 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-234-110-172.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' Request headers Accept */* Access-Control-Request-Headers authorization Access-Control-Request-Method POST Origin https://app.surmount.ai Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization access-control-allow-methods OPTIONS, GET, POST access-control-allow-origin https://app.surmount.ai content-encoding gzip content-security-policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' content-type text/plain; charset=utf-8 date Tue, 05 Sep 2023 17:39:45 GMT server nginx/1.18.0 (Ubuntu) vary Accept-Encoding
POST H2	200	/ Show response prod.surmount.ai/socket.io/	2 B 281 B	93ms 93ms	XHR text/plain	3.234.110.172 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://prod.surmount.ai/socket.io/?EIO=4&transport=polling&t=OfcRSZI&sid=jTBIQ2YQEp2OasheAAA2 Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.234.110.172 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-234-110-172.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Security Headers Name Value Content-Security-Policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' Request headers Accept */* Referer https://app.surmount.ai/ accept-language de-DE,de;q=0.9 authorization Bearer null User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Content-type text/plain;charset=UTF-8 Response headers date Tue, 05 Sep 2023 17:39:45 GMT content-security-policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' content-encoding gzip server nginx/1.18.0 (Ubuntu) vary Accept-Encoding content-type text/plain; charset=utf-8 access-control-allow-origin https://app.surmount.ai access-control-allow-credentials true
OPTIONS H2	200	/ prod.surmount.ai/socket.io/	0 0	204ms 204ms	Preflight text/plain	3.234.110.172 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://prod.surmount.ai/socket.io/?EIO=4&transport=polling&t=OfcRSZJ&sid=jTBIQ2YQEp2OasheAAA2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.234.110.172 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-234-110-172.compute-1.amazonaws.com Software nginx/1.18.0 (Ubuntu) / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' Request headers Accept */* Access-Control-Request-Headers authorization Access-Control-Request-Method GET Origin https://app.surmount.ai Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers authorization access-control-allow-methods OPTIONS, GET, POST access-control-allow-origin https://app.surmount.ai content-encoding gzip content-security-policy default-src 'self' wss://prod.surmount.ai http: https: data: blob: 'unsafe-inline' content-type text/plain; charset=utf-8 date Tue, 05 Sep 2023 17:39:45 GMT server nginx/1.18.0 (Ubuntu) vary Accept-Encoding
GET		/ prod.surmount.ai/socket.io/	0 0
POST H2	200	/ Show response cognito-identity.ap-southeast-2.amazonaws.com/	1 KB 1 KB	281ms 281ms	Fetch application/x-amz-json-1.1	2406:da1c:2ac:1102:6222:c70:17af:4084 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cognito-identity.ap-southeast-2.amazonaws.com/ Requested by Host: app.surmount.ai URL: https://app.surmount.ai/static/js/main.488b0610.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2406:da1c:2ac:1102:6222:c70:17af:4084 Sydney, Australia, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7ba255efd7d6f932d5aafb22d0d60c901276cd5922d65dcb491eceaae8e999e9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://app.surmount.ai/ x-amz-target AWSCognitoIdentityService.GetOpenIdToken accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 content-type application/x-amz-json-1.1 Response headers access-control-allow-origin * date Tue, 05 Sep 2023 17:39:46 GMT strict-transport-security max-age=31536000; includeSubDomains access-control-expose-headers x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date x-amzn-requestid f69ca705-485e-43d2-95a3-9b5ff6084dcb content-length 1034 content-type application/x-amz-json-1.1
OPTIONS H2	200	/ cognito-identity.ap-southeast-2.amazonaws.com/	0 0	275ms 274ms	Preflight	2406:da1c:2ac:1102:6222:c70:17af:4084 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cognito-identity.ap-southeast-2.amazonaws.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2406:da1c:2ac:1102:6222:c70:17af:4084 Sydney, Australia, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept */* Access-Control-Request-Headers content-type,x-amz-target Access-Control-Request-Method POST Origin https://app.surmount.ai Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers access-control-allow-headers content-type,x-amz-target access-control-allow-methods POST access-control-allow-origin * access-control-expose-headers x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date access-control-max-age 172800 content-length 0 date Tue, 05 Sep 2023 17:39:46 GMT strict-transport-security max-age=31536000; includeSubDomains x-amzn-requestid 2c2fcea1-73af-4115-b5c6-c5041ce629da
POST		/ sts.ap-southeast-2.amazonaws.com/	0 0
POST		/ metrics.hotjar.io/	0 0
POST		/ cognito-identity.ap-southeast-2.amazonaws.com/	0 0
OPTIONS		/ cognito-identity.ap-southeast-2.amazonaws.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

prod.surmount.ai

URL

https://prod.surmount.ai/socket.io/?EIO=4&transport=polling&t=OfcRSZJ&sid=jTBIQ2YQEp2OasheAAA2

Domain

sts.ap-southeast-2.amazonaws.com

URL

https://sts.ap-southeast-2.amazonaws.com/

Domain

metrics.hotjar.io

URL

https://metrics.hotjar.io/?v=5

Domain

cognito-identity.ap-southeast-2.amazonaws.com

URL

https://cognito-identity.ap-southeast-2.amazonaws.com/

Domain

cognito-identity.ap-southeast-2.amazonaws.com

URL

https://cognito-identity.ap-southeast-2.amazonaws.com/

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| hj object| _hjSettings object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| webpackChunksurmount_ai_app object| dataLayer function| gtag object| google_tag_manager object| google_tag_data object| gaGlobal

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.surmount.ai/	1970-01-20 23:17:51	Name: _hjSessionUser_3505981 Value: eyJpZCI6IjgwMmU2MzhlLWJiZDMtNTczMy1iYTRhLWI0NjA0NTZmMmM5MSIsImNyZWF0ZWQiOjE2OTM5MzU1ODQzMDIsImV4aXN0aW5nIjpmYWxzZX0=
			.surmount.ai/	1970-01-20 14:32:17	Name: _hjFirstSeen Value: 1
			.surmount.ai/	1970-01-20 14:32:15	Name: _hjIncludedInSessionSample_3505981 Value: 1
			.surmount.ai/	1970-01-20 14:32:17	Name: _hjSession_3505981 Value: eyJpZCI6IjQ3YjE4OTc5LTU2MzMtNDlmMi1iODk4LWI2MmU2NTZlZTcxZCIsImNyZWF0ZWQiOjE2OTM5MzU1ODQzMDMsImluU2FtcGxlIjp0cnVlfQ==
			.surmount.ai/	1970-01-20 14:32:17	Name: _hjAbsoluteSessionInProgress Value: 1
			.app.surmount.ai/	1970-01-20 15:15:27	Name: cwr_u Value: a97bf96e-99b3-4125-a096-6eabac40adb0
			.app.surmount.ai/	1970-01-20 14:32:17	Name: cwr_s Value: eyJzZXNzaW9uSWQiOiI1NDgwZjI5ZC1lYTNmLTQ4NjQtYjkyYy03NWEwNjhlZGFmMzIiLCJyZWNvcmQiOnRydWUsImV2ZW50Q291bnQiOjExLCJwYWdlIjp7InBhZ2VJZCI6Ii9zaWdudXAiLCJpbnRlcmFjdGlvbiI6MCwicmVmZXJyZXIiOiIiLCJyZWZlcnJlckRvbWFpbiI6IiIsInN0YXJ0IjoxNjkzOTM1NTg0NzcxfX0=
			.surmount.ai/	1970-01-21 00:08:15	Name: _ga_CSCQ9DGQGW Value: GS1.1.1693935585.1.0.1693935585.0.0.0
			.surmount.ai/	1970-01-21 00:08:15	Name: _ga Value: GA1.1.388993324.1693935586

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
security	error	URL: https://script.hotjar.com/modules.bbdf8270c8746f2ed4c0.js(Line 1) Message: Refused to connect to 'wss://ws.hotjar.com/api/v2/client/ws' because it violates the following Content Security Policy directive: "default-src 'self' http: https: data: blob: 'unsafe-inline'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://app.surmount.ai/static/js/main.488b0610.js(Line 1) Message: Refused to connect to 'wss://prod.surmount.ai/socket.io/?EIO=4&transport=websocket&sid=jTBIQ2YQEp2OasheAAA2' because it violates the following Content Security Policy directive: "default-src 'self' http: https: data: blob: 'unsafe-inline'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-CSCQ9DGQGW(Line 122) Message: Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-CSCQ9DGQGW&gtm=45je38u0&_p=839813497&_fid=eRLLyE6vA8G_sfuAEmQBV9&cid=388993324.1693935586&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1693935585&sct=1&seg=0&dl=https%3A%2F%2Fapp.surmount.ai%2Fsignup&dt=Signup%20%7C%20Surmount%20AI&en=page_view&_fv=2&_nsi=1&_ss=2&_c=1&_ee=1&ep.origin=firebase' because it violates the following Content Security Policy directive: "connect-src 'self' wss: https://*.surmount.ai https://*.googleapis.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.clarity.ms https://*.amazonaws.com https://*.posthog.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.surmount.ai
cognito-identity.ap-southeast-2.amazonaws.com
content.hotjar.io
firebase.googleapis.com
firebaseinstallations.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
metrics.hotjar.io
prod.surmount.ai
script.hotjar.com
static.hotjar.com
sts.ap-southeast-2.amazonaws.com
vc.hotjar.io
www.googletagmanager.com
cognito-identity.ap-southeast-2.amazonaws.com
metrics.hotjar.io
prod.surmount.ai
sts.ap-southeast-2.amazonaws.com
108.156.60.77
18.66.112.19
2406:da1c:2ac:1102:6222:c70:17af:4084
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2008
2a00:1450:4001:811::200a
2a00:1450:4001:828::2003
2a00:1450:4001:830::200a
3.234.110.172
52.214.104.6
52.222.236.43
54.166.232.15
1a64a6be4efc967d3fe740e9ea7d5702f9060620ae2053a2373f5d9b54aa6802
2a752b8652a41ca17ab7ff8da353a04a9d50aa940e305f7e55a6c3eb86860459
30fc4ef01aa7ddd7a4e91462689e618dbb7d7a4c91697d2f19e0d782912157fa
3369fba49f0a04609bbe59b116f4f6ce96eb20dac0695235ca389c889495e4f2
33952461c85d424efb03547c0c9cfae0e7ae5fc59410497a35f314381e83f040
37c5396a8f8c91466be1ab221bf6f86330013f0ce91cec575b8d9163b517da68
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a35826b8d3c180538e973762b007a4b352f9382a57cd8c9343f3b4be8b29348
683e7e8f855643ddf6d6a9a5694232658232194cf0d25e57a8dd20584b396dd6
79abc1e02567f93f9aefeb623f44a38e8db2a947df9a5c81d27bb064ccbd59c0
7ba255efd7d6f932d5aafb22d0d60c901276cd5922d65dcb491eceaae8e999e9
7c8282fc17c4006499e7fa913c0ad29df651721fa628f7edb59eeb5f6dab0cfd
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
a0740b4fa72860b485772ed06eedaddab179ea6df96d8e9a6b53fe3db159bfdf
a1d5047ad6a7ee984c00ac21e78b3bb6b2003ecac44d3cfd3ed25e0327e9a171
aef306d8dc297f057d650b2e03a3c79b8f8aa29aeaa9f7f19b4f4a5c5d3e88f1
b2b448b69e2b96f241fc62551529e2339b2dda07a5cac0913dd0b585d18ba728
b4349e37c281a28efccd62e358ccc09c452e6b8be1a596927ac452ff8021f436
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d97f266446df391ba4cdce455a3835b3b1a5505fa7439bf3c24b9e5a64ab3b15
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e889e38e88d3ef3584428a1441326ac0846165da4634fe08fb0d85b55c633b43
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f622ba4084ab7f84d324fc4b1c1b1271323a5a423e77d00c709e52c564e06a28
fb5cc8d650af137fc181dd08561a0e1940705b3aaf46dacb1e697358ee263c75