app.midtrans.com Open in urlscan Pro
104.26.15.196  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 1735208509378 Show response app.midtrans.com/payment-links/	71 KB 26 KB	849ms 828ms	Document text/html	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aa9d80ffd864f9dedc88d080b631ae6114a3da3e9e4caf2f5aee4632233cb190 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers cf-cache-status DYNAMIC cf-ray 8f85b1f13b8febff-NRT content-encoding br content-type text/html; charset=utf-8 cross-origin-opener-policy same-origin date Fri, 27 Dec 2024 01:56:37 GMT etag W/"11d53-LXljACPho9vo3K3A8t5ZW8b8S4c" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} origin-agent-cluster ?1 referrer-policy no-referrer report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqTvTRznUc%2FayveGTi3hwXIKf3Mv%2FB%2FDou0RQDZrc%2BMwXrjY36myfJMmk6rovPjjNzElGW9Z1xw39uwlmEJ6jBX9Jo7OxyDmQNrwHRXngEzI76GCsBIJbk1LNYK9hqiKUr0%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=1034&min_rtt=987&rtt_var=229&sent=8&recv=12&lost=0&retrans=0&sent_bytes=4003&recv_bytes=2374&delivery_rate=3820183&cwnd=253&unsent_bytes=0&cid=75b4cd55d114ff7e&ts=834&x=0" strict-transport-security max-age=63072000; includeSubDomains; preload via kong/0.14.1 x-content-type-options nosniff x-dns-prefetch-control off x-download-options noopen x-envoy-decorator-operation nexus-app-gsh-stable.online-merchant-group.svc.cluster.local:5124/* x-envoy-upstream-service-time 350 x-frame-options SAMEORIGIN x-kong-proxy-latency 2 x-kong-upstream-latency 352 x-permitted-cross-domain-policies none x-ratelimit-limit-minute 80 x-ratelimit-remaining-minute 79 x-xss-protection 0
GET H2	200	css2 fonts.googleapis.com/	3 KB 913 B	157ms 54ms	Stylesheet text/css	2404:6800:400a:80e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700 Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:400a:80e::200a Osaka, Japan, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2a21242a6f1802459b4c1515fd4ae9abb4cd9f5f887f91d3549faa1ef1c9537c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding gzip x-content-type-options nosniff expires Fri, 27 Dec 2024 01:56:37 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 27 Dec 2024 01:56:37 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Fri, 27 Dec 2024 01:56:37 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
GET H2	200	payment_page.css app.midtrans.com/payment-links/assets/payment-page/styles/	153 KB 16 KB	21ms 19ms	Stylesheet text/css	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.midtrans.com/payment-links/assets/payment-page/styles/payment_page.css Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a3506d001aed8ab146a4212a965633cfdd4458bb138d09ae88d7d02924922e4 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT age 85299 x-permitted-cross-domain-policies none report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0xewssjk8EPCIdyKqNU0OKiReSSs%2FRg4IRIpzXvM%2FNDsAMlDgxnc%2FBRUg1%2F1pWbu%2F%2BuMA9kbRSyYcW1bIJtQdYL6YUZt3h1gaNNiuNNwNIMdj8pjVUVYv6SYrtRaMlsJA4o%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-ratelimit-remaining-minute 79 x-kong-proxy-latency 2 server-timing cfL4;desc="?proto=TCP&rtt=1470&min_rtt=987&rtt_var=43&sent=29&recv=31&lost=0&retrans=0&sent_bytes=20341&recv_bytes=2611&delivery_rate=11405815&cwnd=257&unsent_bytes=0&cid=75b4cd55d114ff7e&ts=885&x=0" date Fri, 27 Dec 2024 01:56:37 GMT content-type text/css; charset=UTF-8 last-modified Wed, 20 Nov 2024 06:53:40 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=86400 x-dns-prefetch-control off cross-origin-opener-policy same-origin nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-envoy-upstream-service-time 5 referrer-policy no-referrer x-download-options noopen via kong/0.14.1 x-envoy-decorator-operation nexus-app-gsh-stable.online-merchant-group.svc.cluster.local:5124/* x-kong-upstream-latency 7 x-ratelimit-limit-minute 80 cf-ray 8f85b1f698fbebff-NRT x-xss-protection 0 origin-agent-cluster ?1 server cloudflare
GET H2	200	snap.js Show response app.midtrans.com/snap/assets/	26 KB 10 KB	16ms 15ms	Script application/javascript	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.midtrans.com/snap/assets/snap.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 11f51b3e8b54c176bfa3a05916ed4ef9a17adf45cdfcb77d5a8b5b7ca5379c40 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers strict-transport-security max-age=63072000; includeSubDomains; preload nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status HIT etag W/"6763daa7-6768" age 5902 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B7Tw9SWovH494F6%2FwdAG7DrWFnTkHKhS9iJP1%2BXnDps8oB28In%2FZknnDsjNlJbQoXVxhMZKoCWIxXW7Tas98KrCqBqblZ948yAtHQ1hUhnrkiQWtj%2FpWkJopZQTbKo%2Fmev8%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f85b1f698fdebff-NRT server-timing cfL4;desc="?proto=TCP&rtt=1501&min_rtt=987&rtt_var=472&sent=16&recv=21&lost=0&retrans=0&sent_bytes=9483&recv_bytes=2611&delivery_rate=4917004&cwnd=257&unsent_bytes=0&cid=75b4cd55d114ff7e&ts=880&x=0" date Fri, 27 Dec 2024 01:56:37 GMT content-type application/javascript last-modified Thu, 19 Dec 2024 08:34:47 GMT vary Accept-Encoding server cloudflare
GET H2	200	es6-promise.auto.min.js Show response cdn.jsdelivr.net/npm/es6-promise/dist/	6 KB 3 KB	14ms 2ms	Script application/javascript	2a04:4e42::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/es6-promise/dist/es6-promise.auto.min.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 5f1addaf2e9f5922aed63d802f2b8afe01c543ed81a7be99ad1e9fdd05c8e3b6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers access-control-expose-headers * content-encoding br etag W/"1962-NLNASu4jwzBScgHcLDtueKdlX1E" age 40045 x-content-type-options nosniff x-jsd-version-type version alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 x-cache HIT, HIT date Fri, 27 Dec 2024 01:56:37 GMT content-type application/javascript; charset=utf-8 x-served-by cache-fra-etou8220073-FRA, cache-nrt-rjtf7700081-NRT vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=604800, s-maxage=43200 timing-allow-origin * cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * content-length 2588 x-jsd-version 4.2.8
GET H2	200	index.umd.min.js Show response cdn.jsdelivr.net/npm/wcag-contrast@3.0.0/dist/	1 KB 900 B	16ms 4ms	Script application/javascript	2a04:4e42::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/wcag-contrast@3.0.0/dist/index.umd.min.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash c978bdddbbd34229aba94d7b319fe7a9052a2d8f677543ee87d45d68e79c07c9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers access-control-expose-headers * content-encoding br etag W/"4d3-IF+3Gf/hRaQRf8/mATq70TQcAXs" age 1948090 x-content-type-options nosniff x-jsd-version-type version alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 x-cache HIT, HIT date Fri, 27 Dec 2024 01:56:37 GMT content-type application/javascript; charset=utf-8 x-served-by cache-fra-etou8220122-FRA, cache-nrt-rjtf7700081-NRT vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * content-length 735 x-jsd-version 3.0.0
GET H2	200	index.min.js Show response cdn.jsdelivr.net/npm/rgb@0.1.0/	2 KB 1 KB	16ms 4ms	Script application/javascript	2a04:4e42::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/rgb@0.1.0/index.min.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 6e5553463e33a2aa001596f81ac2140818a6018896431d3340599770b341972c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers access-control-expose-headers * content-encoding br etag W/"9b1-FCgFBLIhoh19jjLUOsMHaEXX8IA" age 1347372 x-content-type-options nosniff x-jsd-version-type version alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 x-cache HIT, HIT date Fri, 27 Dec 2024 01:56:37 GMT content-type application/javascript; charset=utf-8 x-served-by cache-fra-etou8220099-FRA, cache-nrt-rjtf7700081-NRT vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * content-length 1231 x-jsd-version 0.1.0
GET H2	200	bg.jpg app.midtrans.com/payment-links/assets/	3 KB 4 KB	16ms 16ms	Image image/jpeg	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://app.midtrans.com/payment-links/assets/bg.jpg Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5325379f79c74e499f0f8cba89e2a269ce58cb7fd0d175645e2fe3f731b46f64 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://app.midtrans.com/payment-links/1735208509378 Response headers cf-cache-status HIT age 59795 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hbpbqMfv2xIrfEU%2FajPFGoswNZeToAYvMh1hfI4GNJZidzc0Qp9yWQuEsBZ3L%2BGWvQ%2ByasCXSsSz6BQTKRAJy5hQa5PQdTmvvdAUe7k31dQ5jjvei8Fd1JALsuVXdx8PqQw%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-ratelimit-remaining-minute 79 server-timing cfL4;desc="?proto=TCP&rtt=1193&min_rtt=987&rtt_var=55&sent=74&recv=58&lost=0&retrans=0&sent_bytes=58464&recv_bytes=3121&delivery_rate=20487084&cwnd=257&unsent_bytes=0&cid=75b4cd55d114ff7e&ts=1140&x=0" content-type image/jpeg last-modified Wed, 20 Nov 2024 06:53:40 GMT cache-control public, max-age=86400 x-envoy-upstream-service-time 2 referrer-policy no-referrer x-envoy-decorator-operation nexus-app-gsh-stable.online-merchant-group.svc.cluster.local:5124/* accept-ranges bytes x-ratelimit-limit-minute 80 content-length 3507 x-xss-protection 0 origin-agent-cluster ?1 server cloudflare cf-bgj h2pri x-permitted-cross-domain-policies none x-kong-proxy-latency 2 date Fri, 27 Dec 2024 01:56:37 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-dns-prefetch-control off cross-origin-opener-policy same-origin via kong/0.14.1 cf-ray 8f85b1f83adeebff-NRT x-download-options noopen x-kong-upstream-latency 4
GET H/1.1	200 OK	snap_2Flogos_2FM131419_2F3e5f9974-da82-4afa-adb2-d2377e70e945_2Fapple-icon.png vtcheckout-production-assets.s3.amazonaws.com/snap/logos/M131419/	5 KB 6 KB	267ms 116ms	Image image/png	3.5.148.112 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://vtcheckout-production-assets.s3.amazonaws.com/snap/logos/M131419/snap_2Flogos_2FM131419_2F3e5f9974-da82-4afa-adb2-d2377e70e945_2Fapple-icon.png Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 3.5.148.112 Singapore, Singapore, ASN16509 (AMAZON-02, US), Reverse DNS s3-w.ap-southeast-1.amazonaws.com Software AmazonS3 / Resource Hash 9fc6b43d1f36e42ef58c36327ddae5692556358e65e85477a8a05741d8c8a245 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers ETag "441f1d696538d32929e663f2aa648065" x-amz-request-id G5EKEB6007120KS6 Accept-Ranges bytes Content-Length 5246 Date Fri, 27 Dec 2024 01:56:38 GMT Last-Modified Thu, 31 May 2018 09:12:20 GMT Content-Type image/png Server AmazonS3 x-amz-id-2 BKnxHTSO0QZDiS9mmMLp7h8spA6D1dMq29b/tzJbVyb2KmPF6h1qKFOH9w74shrAmer6TDc0BkSn2bBLXxxaAVw8D2J34ExMrSlMmCAH3tU=
GET H2	200	close.svg app.midtrans.com/payment-links/assets/	520 B 783 B	26ms 25ms	Image image/svg+xml	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://app.midtrans.com/payment-links/assets/close.svg Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ae5972596aa84a6facd2155c5476cd50284290649e7f81fa9e396a1ffddb97bf Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT age 85298 x-permitted-cross-domain-policies none report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wCrFoiq7SDNn3Eddb5XWFIMnTVrWPSjIN%2FopS8ZSFCXYskVNtZQPE%2BlsAKdhAYe4YeIs0goBoj6QFxDn8rC2Cg2nACw5M3rzmY2MD%2FMqdHGwbEkklnxrK43Tai2Trdib114%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-ratelimit-remaining-minute 79 x-kong-proxy-latency 2 server-timing cfL4;desc="?proto=TCP&rtt=1155&min_rtt=970&rtt_var=57&sent=182&recv=61&lost=0&retrans=0&sent_bytes=187064&recv_bytes=3121&delivery_rate=20487084&cwnd=257&unsent_bytes=8653&cid=75b4cd55d114ff7e&ts=1152&x=0" date Fri, 27 Dec 2024 01:56:37 GMT content-type image/svg+xml last-modified Wed, 20 Nov 2024 06:53:40 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=86400 x-dns-prefetch-control off cross-origin-opener-policy same-origin nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-envoy-upstream-service-time 7 referrer-policy no-referrer x-download-options noopen via kong/0.14.1 x-envoy-decorator-operation nexus-app-gsh-stable.online-merchant-group.svc.cluster.local:5124/* x-kong-upstream-latency 9 x-ratelimit-limit-minute 80 cf-ray 8f85b1f83ae2ebff-NRT x-xss-protection 0 origin-agent-cluster ?1 server cloudflare
GET H2	200	tracker.js Show response app.midtrans.com/payment-links/assets/payment-page/scripts/	846 KB 180 KB	23ms 22ms	Script application/javascript	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.midtrans.com/payment-links/assets/payment-page/scripts/tracker.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6fdd253620789e043fe1a1b34ec94656ebcc30fa1f2dd8a15eb0cf0990562014 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT age 85299 x-permitted-cross-domain-policies none report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xfvpm4sJTJCN3FjI%2FEfSKctJDtbXjCl5EWKLf%2Byq9YkmL3G8Eux7eDeQ%2FD7nl%2FhsK4spc%2BKAaTzLr25zE8niDcQjiI7UMpLvqv67Z%2FYowJegiyHab6veTYdlw0I2f5JmQsc%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-ratelimit-remaining-minute 79 x-kong-proxy-latency 1 server-timing cfL4;desc="?proto=TCP&rtt=1155&min_rtt=970&rtt_var=57&sent=82&recv=61&lost=0&retrans=0&sent_bytes=62904&recv_bytes=3121&delivery_rate=20487084&cwnd=257&unsent_bytes=0&cid=75b4cd55d114ff7e&ts=1151&x=0" date Fri, 27 Dec 2024 01:56:37 GMT content-type application/javascript; charset=UTF-8 last-modified Wed, 20 Nov 2024 06:53:40 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=86400 x-dns-prefetch-control off cross-origin-opener-policy same-origin nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-envoy-upstream-service-time 5 referrer-policy no-referrer x-download-options noopen via kong/0.14.1 x-envoy-decorator-operation nexus-app-gsh-stable.online-merchant-group.svc.cluster.local:5124/* x-kong-upstream-latency 6 x-ratelimit-limit-minute 80 cf-ray 8f85b1f83ae1ebff-NRT x-xss-protection 0 origin-agent-cluster ?1 server cloudflare
GET H2	200	payment_page.js Show response app.midtrans.com/payment-links/assets/payment-page/scripts/	1 MB 280 KB	26ms 26ms	Script application/javascript	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.midtrans.com/payment-links/assets/payment-page/scripts/payment_page.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e01f6f82b3c3671a142ef906cd24d22d5583e1164fe6aa220d6107a51dfed94f Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT age 59795 x-permitted-cross-domain-policies none report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ha6eZ6jZNPcGx56OaCYGM6fxsf3YuVIsqQeMaCfZcVAD2ZdSPCh9evEmkN01ZK8bxgKRFMUzfLuv7F7d2BdPvMKu7R3TlNVFmpHj13wXfzJdqA3arPFHR%2Fy2IkQRYgg8cy4%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-ratelimit-remaining-minute 79 x-kong-proxy-latency 2 server-timing cfL4;desc="?proto=TCP&rtt=2021&min_rtt=970&rtt_var=195&sent=229&recv=115&lost=0&retrans=0&sent_bytes=248429&recv_bytes=3121&delivery_rate=51690224&cwnd=265&unsent_bytes=0&cid=75b4cd55d114ff7e&ts=1155&x=0" date Fri, 27 Dec 2024 01:56:37 GMT content-type application/javascript; charset=UTF-8 last-modified Wed, 20 Nov 2024 06:53:40 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=86400 x-dns-prefetch-control off cross-origin-opener-policy same-origin nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-envoy-upstream-service-time 5 referrer-policy no-referrer x-download-options noopen via kong/0.14.1 x-envoy-decorator-operation nexus-app-gsh-stable.online-merchant-group.svc.cluster.local:5124/* x-kong-upstream-latency 7 x-ratelimit-limit-minute 80 cf-ray 8f85b1f83ae3ebff-NRT x-xss-protection 0 origin-agent-cluster ?1 server cloudflare
GET H2	200	common.js Show response app.midtrans.com/payment-links/assets/payment-page/scripts/	893 KB 196 KB	30ms 30ms	Script application/javascript	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.midtrans.com/payment-links/assets/payment-page/scripts/common.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dd8c83c0cd2cd7b0b8dff110508ae258d4d2e4ad1740d61500f9b6742bc3d0e8 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT age 85298 x-permitted-cross-domain-policies none report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pq2JkSSFgxj%2FEkRxtHOUyEJLooqNfChtYzLMNo8mXJLbeWxEC%2FLvrut3HMD4hOxNKAPwIPjlhSFGzazLZe5H4QFWeA2yvOBNGEFPcCoUpsktsyRalKvzaoISrMPZ2fEO5rI%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-ratelimit-remaining-minute 79 x-kong-proxy-latency 4 server-timing cfL4;desc="?proto=TCP&rtt=2889&min_rtt=970&rtt_var=45&sent=342&recv=190&lost=0&retrans=0&sent_bytes=400617&recv_bytes=3121&delivery_rate=56477499&cwnd=271&unsent_bytes=0&cid=75b4cd55d114ff7e&ts=1159&x=0" date Fri, 27 Dec 2024 01:56:37 GMT content-type application/javascript; charset=UTF-8 last-modified Wed, 20 Nov 2024 06:53:40 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=86400 x-dns-prefetch-control off cross-origin-opener-policy same-origin nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-envoy-upstream-service-time 4 referrer-policy no-referrer x-download-options noopen via kong/0.14.1 x-envoy-decorator-operation nexus-app-gsh-stable.online-merchant-group.svc.cluster.local:5124/* x-kong-upstream-latency 5 x-ratelimit-limit-minute 80 cf-ray 8f85b1f83ae4ebff-NRT x-xss-protection 0 origin-agent-cluster ?1 server cloudflare
GET H3	200	pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v22/	8 KB 8 KB	63ms 11ms	Font font/woff2	142.250.76.131 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.76.131 Plainview, United States, ASN15169 (GOOGLE, US), Reverse DNS kix07s06-in-f3.1e100.net Software sffe / Resource Hash cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://app.midtrans.com Referer https://fonts.googleapis.com/ Response headers age 536261 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Sat, 20 Dec 2025 20:58:56 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 20 Dec 2024 20:58:56 GMT last-modified Wed, 04 Dec 2024 06:54:05 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 7748 x-xss-protection 0 server sffe
GET H3	200	pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v22/	8 KB 8 KB	62ms 10ms	Font font/woff2	142.250.76.131 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.76.131 Plainview, United States, ASN15169 (GOOGLE, US), Reverse DNS kix07s06-in-f3.1e100.net Software sffe / Resource Hash f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://app.midtrans.com Referer https://fonts.googleapis.com/ Response headers age 533699 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Sat, 20 Dec 2025 21:41:38 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 20 Dec 2024 21:41:38 GMT last-modified Wed, 04 Dec 2024 06:53:31 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 8000 x-xss-protection 0 server sffe
GET H3	200	pxiEyp8kv8JHgFVrJJfecg.woff2 fonts.gstatic.com/s/poppins/v22/	8 KB 8 KB	65ms 13ms	Font font/woff2	142.250.76.131 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.76.131 Plainview, United States, ASN15169 (GOOGLE, US), Reverse DNS kix07s06-in-f3.1e100.net Software sffe / Resource Hash 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://app.midtrans.com Referer https://fonts.googleapis.com/ Response headers age 535583 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Sat, 20 Dec 2025 21:10:14 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 20 Dec 2024 21:10:14 GMT last-modified Wed, 04 Dec 2024 06:53:08 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 7884 x-xss-protection 0 server sffe
GET H2	200	nr-spa-1.277.0.min.js Show response js-agent.newrelic.com/	114 KB 33 KB	9ms 2ms	Script application/javascript	2602:816:5001::39 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-spa-1.277.0.min.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2602:816:5001::39 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 6dc071cf92a0ce3d98e1e19823a5a3d63ddf4238c69fe4bd0520d9c50dc7cb25 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://app.midtrans.com Referer Response headers strict-transport-security max-age=300 cache-control public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400 content-encoding br etag "3a8c6b03527d50cb8d8cefa42b1baf77" cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * x-cache HIT content-length 33644 date Fri, 27 Dec 2024 01:56:38 GMT last-modified Thu, 19 Dec 2024 20:09:24 GMT content-type application/javascript x-served-by cache-nrt-rjtf7700027-NRT x-cache-hits 566974 vary Accept-Encoding
GET H2	200	favicon.ico app.midtrans.com/payment-links/assets/	1 KB 916 B	23ms 23ms	Other image/x-icon	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.midtrans.com/payment-links/assets/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4f48527211029ac87ea64949c4a17e638501238cdcba42cf166e3eab5ec22bbb Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT age 81672 x-permitted-cross-domain-policies none report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rPJYmAAHkuivyUBn7SNyO8FDirIOimOyc03DqYkiYAzQ22w83X%2B8Q1MrSKNEE5sSvaqhQ%2FIg9q35Za1NpgX7KfmfnrrMFC9x1TYYdp0hpFy8CYJ%2Fic3d%2F2Njv%2FNN5CJgmeQ%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-ratelimit-remaining-minute 79 x-kong-proxy-latency 2 server-timing cfL4;desc="?proto=TCP&rtt=7382&min_rtt=970&rtt_var=10369&sent=593&recv=316&lost=0&retrans=0&sent_bytes=736938&recv_bytes=3200&delivery_rate=70986762&cwnd=287&unsent_bytes=0&cid=75b4cd55d114ff7e&ts=1422&x=0" date Fri, 27 Dec 2024 01:56:38 GMT content-type image/x-icon last-modified Wed, 20 Nov 2024 06:53:40 GMT vary Accept-Encoding x-frame-options SAMEORIGIN strict-transport-security max-age=63072000; includeSubDomains; preload cache-control public, max-age=86400 x-dns-prefetch-control off cross-origin-opener-policy same-origin nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-envoy-upstream-service-time 4 referrer-policy no-referrer x-download-options noopen via kong/0.14.1 x-envoy-decorator-operation nexus-app-gsh-stable.online-merchant-group.svc.cluster.local:5124/* x-kong-upstream-latency 5 x-ratelimit-limit-minute 80 cf-ray 8f85b1f9ec74ebff-NRT x-xss-protection 0 origin-agent-cluster ?1 server cloudflare
POST H/1.1	200	NRJS-609bfb9d259921642ae Show response bam.nr-data.net/1/	188 B 637 B	417ms 403ms	XHR text/plain	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/NRJS-609bfb9d259921642ae?a=1626569703&v=1.277.0&to=NVNWYRFYXRVRVUBaXgwZcU0TS1YVQ1xHHHYnYhsaWUlSH11TWkd9C1hffAc%3D&rst=1440&ck=0&s=811d47a85045c7e3&ref=https://app.midtrans.com/payment-links/1735208509378&ptid=73ad33e8cc9dd374&tt=230c8ce247f5ffd4&af=err,spa,xhr,stn,ins&ap=348.04726&be=848&fe=565&dc=420&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1735264596654,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:12,%22c%22:12,%22s%22:13,%22ce%22:21,%22rq%22:21,%22rp%22:848,%22rpe%22:1127,%22di%22:1268,%22ds%22:1268,%22de%22:1268,%22dc%22:1411,%22l%22:1411,%22le%22:1413%7D,%22navigation%22:%7B%7D%7D&fp=1161&fcp=1161 Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 5081c96a9fb59adf1b8bd9e7a4326efc1ed738888a21b2ae58e457cd8a4b5a1e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer Response headers access-control-expose-headers Date timing-allow-origin https://app.midtrans.com Connection keep-alive access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS cross-origin-resource-policy cross-origin access-control-allow-origin https://app.midtrans.com Content-Length 188 date Fri, 27 Dec 2024 01:56:38 GMT content-type text/plain x-served-by cache-nrt-rjtf7700082-NRT
GET H2	200	popup Show response app.midtrans.com/snap/v4/ Frame 12D3	998 B 1014 B	108ms 107ms	Document text/html	104.26.15.196 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.midtrans.com/snap/v4/popup?origin_host=https://app.midtrans.com&client_key=Mid-client-Ua7abZpTTDsM_oR0 Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.15.196 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4de8d866d2ba25de98d78a5de921dfe8e41dfd4ec14f6cf0662d1b5ebfbc10a6 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers cf-cache-status DYNAMIC cf-ray 8f85b1fa2ca2ebff-NRT content-encoding gzip content-type text/html date Fri, 27 Dec 2024 01:56:38 GMT etag W/"6763dafd-3e6" last-modified Thu, 19 Dec 2024 08:36:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=akSk321OpU1nIcwjqbJICK6YXuuQnQ%2BA3P09V22f8rjKN%2FzZeUi5G%2BECSzZBU%2Fit8mezy7gDYYyaxqRaZVCVEX%2FHv57EJmni6m6YeWAkga%2FUXbwOrDdicFm3YlvcwnJD10M%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=5279&min_rtt=970&rtt_var=7539&sent=597&recv=320&lost=0&retrans=0&sent_bytes=737920&recv_bytes=3324&delivery_rate=70986762&cwnd=287&unsent_bytes=0&cid=75b4cd55d114ff7e&ts=1539&x=0" strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding
GET H2	200	css2 fonts.googleapis.com/ Frame 12D3	48 KB 3 KB	58ms 56ms	Stylesheet text/css	2404:6800:400a:80e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600&family=Inter:wght@400;500;600&family=Nunito:wght@400;500;600&family=Open+Sans:wght@400;500;600&family=Playfair+Display:wght@400;500;600&family=Questrial:wght@400;500;600&family=Roboto:wght@400;500;600&family=Source+Sans+Pro:wght@400;500;600&display=swap Requested by Host: app.midtrans.com URL: https://app.midtrans.com/snap/v4/popup?origin_host=https://app.midtrans.com&client_key=Mid-client-Ua7abZpTTDsM_oR0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:400a:80e::200a Osaka, Japan, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 68eec9e31fe7489faf4876a709dd04f8fd6fd2cd7817609fa0feb01279ea7be4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://app.midtrans.com/ Response headers content-encoding gzip x-content-type-options nosniff expires Fri, 27 Dec 2024 01:56:38 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 27 Dec 2024 01:56:38 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Fri, 27 Dec 2024 01:56:38 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
GET H2	200	main.popup.production.6d94ac0bdd32b59bf952.css d2f3dnusg0rbp7.cloudfront.net/snap/v4/assets/ Frame 12D3	79 KB 16 KB	22ms 4ms	Stylesheet text/css	3.168.245.17
General Check archive.org Show headers Download Go to Full URL https://d2f3dnusg0rbp7.cloudfront.net/snap/v4/assets/main.popup.production.6d94ac0bdd32b59bf952.css Requested by Host: app.midtrans.com URL: https://app.midtrans.com/snap/v4/popup?origin_host=https://app.midtrans.com&client_key=Mid-client-Ua7abZpTTDsM_oR0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.168.245.17 , United States, ASN (), Reverse DNS server-3-168-245-17.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash 2b886a52e980d52b34feb67415f502653971303ca5c0ae8380ab5a223e45ccb0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://app.midtrans.com/ Response headers content-encoding gzip etag "ae379d310e43e57424653e83581e3cdf" age 13794 via 1.1 728558a42a3a5ffd0cca99a6b7d85f44.cloudfront.net (CloudFront) accept-ranges bytes x-cache Hit from cloudfront content-length 15511 x-amz-cf-id VNIvRY0ohNBQDIChEkM7UOeQstg4j8kS6Y0pxIihxllbR14nxK9zbg== date Thu, 26 Dec 2024 22:06:45 GMT content-type text/css last-modified Thu, 19 Dec 2024 08:37:16 GMT server AmazonS3 x-amz-cf-pop NRT57-P5 x-amz-server-side-encryption AES256
GET H2	200	snap-popup-app.production.4f82f1d0c06244d5148e.js Show response d2f3dnusg0rbp7.cloudfront.net/snap/v4/assets/ Frame 12D3	1 MB 401 KB	22ms 4ms	Script text/javascript	3.168.245.17
General Check archive.org Show headers Download Go to Full URL https://d2f3dnusg0rbp7.cloudfront.net/snap/v4/assets/snap-popup-app.production.4f82f1d0c06244d5148e.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/snap/v4/popup?origin_host=https://app.midtrans.com&client_key=Mid-client-Ua7abZpTTDsM_oR0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.168.245.17 , United States, ASN (), Reverse DNS server-3-168-245-17.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash 6c614dd6f5eeaa0b05019372f81c3796632433795a7e5200e6e7d046a572e024 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://app.midtrans.com/ Response headers content-encoding gzip etag "2c2bc84b8e03eb01d1747e7372bd4615" age 61986 via 1.1 728558a42a3a5ffd0cca99a6b7d85f44.cloudfront.net (CloudFront) accept-ranges bytes x-cache Hit from cloudfront content-length 409467 x-amz-cf-id cmk_k22ql8exr9retc51ZowPRSyOepiuZwXxw55uVQE45BwMY7-3gA== date Thu, 26 Dec 2024 08:43:35 GMT content-type text/javascript last-modified Thu, 19 Dec 2024 08:37:16 GMT server AmazonS3 x-amz-cf-pop NRT57-P5 x-amz-server-side-encryption AES256
GET H3	200	pxiEyp8kv8JHgFVrJJfecg.woff2 fonts.gstatic.com/s/poppins/v22/ Frame 12D3	8 KB 0	65ms 13ms	Font font/woff2	142.250.76.131 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v22/pxiEyp8kv8JHgFVrJJfecg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.76.131 Plainview, United States, ASN15169 (GOOGLE, US), Reverse DNS kix07s06-in-f3.1e100.net Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://app.midtrans.com Referer https://fonts.googleapis.com/ Response headers age 535583 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Sat, 20 Dec 2025 21:10:14 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 20 Dec 2024 21:10:14 GMT last-modified Wed, 04 Dec 2024 06:53:08 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 7884 x-xss-protection 0 server sffe
GET H3	200	pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v22/ Frame 12D3	8 KB 0	63ms 11ms	Font font/woff2	142.250.76.131 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.76.131 Plainview, United States, ASN15169 (GOOGLE, US), Reverse DNS kix07s06-in-f3.1e100.net Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://app.midtrans.com Referer https://fonts.googleapis.com/ Response headers age 536261 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Sat, 20 Dec 2025 20:58:56 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 20 Dec 2024 20:58:56 GMT last-modified Wed, 04 Dec 2024 06:54:05 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 7748 x-xss-protection 0 server sffe
GET H3	200	pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 fonts.gstatic.com/s/poppins/v22/ Frame 12D3	8 KB 0	62ms 10ms	Font font/woff2	142.250.76.131 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/poppins/v22/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.76.131 Plainview, United States, ASN15169 (GOOGLE, US), Reverse DNS kix07s06-in-f3.1e100.net Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://app.midtrans.com Referer https://fonts.googleapis.com/ Response headers age 533699 report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Sat, 20 Dec 2025 21:41:38 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 20 Dec 2024 21:41:38 GMT last-modified Wed, 04 Dec 2024 06:53:31 GMT content-type font/woff2 cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 8000 x-xss-protection 0 server sffe
GET H2	200	nr-885.min.js Show response js-agent.newrelic.com/ Frame 12D3	22 KB 9 KB	8ms 4ms	Script application/javascript	2602:816:5001::39 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-885.min.js Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2602:816:5001::39 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash f2272ed432573b9cd73bad94fd7caf4c25bb93f83efa78036591e4c57df1d279 Security Headers Name Value Strict-Transport-Security max-age=300 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://app.midtrans.com/ Response headers strict-transport-security max-age=300 cache-control public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400 content-encoding br etag "b0aa0333dcb822deb4f54bcc5aad93d0" cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * x-cache HIT content-length 8477 date Fri, 27 Dec 2024 01:56:38 GMT last-modified Wed, 18 Oct 2023 21:02:09 GMT content-type application/javascript x-served-by cache-nrt-rjtf7700089-NRT x-cache-hits 0 vary Accept-Encoding
GET H/1.1	200	NRJS-609bfb9d259921642ae Show response bam.nr-data.net/1/ Frame 12D3	87 B 579 B	176ms 168ms	Script text/javascript	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/NRJS-609bfb9d259921642ae?a=1626450897&sa=1&v=885.a559836&t=Unnamed%20Transaction&rst=370&be=322&fe=31&dc=8&f=%5B%22err%22,%22xhr%22,%22stn%22%5D&perf=%7B%22timing%22:%7B%22of%22:1735264598099,%22n%22:0,%22dl%22:116,%22di%22:220,%22ds%22:330,%22de%22:330,%22dc%22:353,%22l%22:353,%22le%22:353,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22ce%22:0,%22rq%22:1,%22rp%22:108,%22rpe%22:110%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken Requested by Host: js-agent.newrelic.com URL: https://js-agent.newrelic.com/nr-885.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 300735ac477bb7e09ce2725f0031b085e5c86f09903d053ac8e44596731d8780 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://app.midtrans.com/ Response headers access-control-expose-headers Date timing-allow-origin * cross-origin-resource-policy cross-origin Connection keep-alive access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS access-control-allow-origin * Content-Length 87 date Fri, 27 Dec 2024 01:56:38 GMT content-type text/javascript x-served-by cache-nrt-rjtf7700072-NRT
POST H/1.1	200	blobs Show response bam.nr-data.net/browser/	24 B 343 B	312ms 311ms	XHR image/gif	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/browser/blobs?browser_monitoring_key=NRJS-609bfb9d259921642ae&type=BrowserSessionChunk&app_id=1626569703&protocol_version=0&timestamp=1735264596790&attributes=entityGuid%3DMzMyNjM0NnxCUk9XU0VSfEFQUExJQ0FUSU9OfDE4MzUwMDQ1OTM%26harvestId%3D811d47a85045c7e3_73ad33e8cc9dd374_1%26trace.firstTimestamp%3D1735264596790%26trace.lastTimestamp%3D1735264598203%26trace.nodes%3D26%26trace.originTimestamp%3D1735264596790%26agentVersion%3D1.277.0%26firstSessionHarvest%3Dtrue%26ptid%3D73ad33e8cc9dd374%26session%3D811d47a85045c7e3%26currentUrl%3Dhttps://app.midtrans.com/payment-links/1735208509378 Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer Response headers Connection keep-alive access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS access-control-allow-origin https://app.midtrans.com Content-Length 24 date Fri, 27 Dec 2024 01:56:38 GMT content-type image/gif x-served-by cache-nrt-rjtf7700082-NRT
POST H/1.1	200	NRJS-609bfb9d259921642ae Show response bam.nr-data.net/events/1/	24 B 343 B	168ms 163ms	XHR image/gif	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/events/1/NRJS-609bfb9d259921642ae?a=1626569703&v=1.277.0&to=NVNWYRFYXRVRVUBaXgwZcU0TS1YVQ1xHHHYnYhsaWUlSH11TWkd9C1hffAc%3D&rst=1866&ck=0&s=811d47a85045c7e3&ref=https://app.midtrans.com/payment-links/1735208509378&ptid=73ad33e8cc9dd374 Requested by Host: app.midtrans.com URL: https://app.midtrans.com/payment-links/1735208509378 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer Response headers Connection keep-alive access-control-allow-credentials true access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS access-control-allow-origin https://app.midtrans.com Content-Length 24 date Fri, 27 Dec 2024 01:56:38 GMT content-type image/gif x-served-by cache-nrt-rjtf7700086-NRT

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| snap function| ES6Promise object| wcagContrast object| colors function| RGBtoRGB function| HEXtoRGB function| HUEtoRGB function| HSLtoRGB object| keys string| c string| shex string| sval string| sop string| slist string| srgb string| shsl string| skeys object| xhex object| xrgb object| xhsl function| color object| regexp object| NREUM object| webpackChunk:NRBA-1.277.0.PROD object| newrelic function| ratio function| isAccessible function| getRgbTriplet function| isNotTransparent function| isColorIdentical function| getAccessibleFontColor function| lightenOrDarkenColor object| clickstream

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			app.midtrans.com/	1969-12-31 23:59:59	Name: _csrf Value: 5bPh0ztzMbzpeQiz2EjD_mgN

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.midtrans.com
bam.nr-data.net
cdn.jsdelivr.net
d2f3dnusg0rbp7.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
js-agent.newrelic.com
vtcheckout-production-assets.s3.amazonaws.com
104.26.15.196
142.250.76.131
162.247.243.29
2404:6800:400a:80e::200a
2602:816:5001::39
2a04:4e42::485
3.168.245.17
3.5.148.112
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
11f51b3e8b54c176bfa3a05916ed4ef9a17adf45cdfcb77d5a8b5b7ca5379c40
2a21242a6f1802459b4c1515fd4ae9abb4cd9f5f887f91d3549faa1ef1c9537c
2b886a52e980d52b34feb67415f502653971303ca5c0ae8380ab5a223e45ccb0
300735ac477bb7e09ce2725f0031b085e5c86f09903d053ac8e44596731d8780
4de8d866d2ba25de98d78a5de921dfe8e41dfd4ec14f6cf0662d1b5ebfbc10a6
4f48527211029ac87ea64949c4a17e638501238cdcba42cf166e3eab5ec22bbb
5081c96a9fb59adf1b8bd9e7a4326efc1ed738888a21b2ae58e457cd8a4b5a1e
5325379f79c74e499f0f8cba89e2a269ce58cb7fd0d175645e2fe3f731b46f64
5a3506d001aed8ab146a4212a965633cfdd4458bb138d09ae88d7d02924922e4
5f1addaf2e9f5922aed63d802f2b8afe01c543ed81a7be99ad1e9fdd05c8e3b6
68eec9e31fe7489faf4876a709dd04f8fd6fd2cd7817609fa0feb01279ea7be4
6c614dd6f5eeaa0b05019372f81c3796632433795a7e5200e6e7d046a572e024
6dc071cf92a0ce3d98e1e19823a5a3d63ddf4238c69fe4bd0520d9c50dc7cb25
6e5553463e33a2aa001596f81ac2140818a6018896431d3340599770b341972c
6fdd253620789e043fe1a1b34ec94656ebcc30fa1f2dd8a15eb0cf0990562014
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
9fc6b43d1f36e42ef58c36327ddae5692556358e65e85477a8a05741d8c8a245
aa9d80ffd864f9dedc88d080b631ae6114a3da3e9e4caf2f5aee4632233cb190
ae5972596aa84a6facd2155c5476cd50284290649e7f81fa9e396a1ffddb97bf
c978bdddbbd34229aba94d7b319fe7a9052a2d8f677543ee87d45d68e79c07c9
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
dd8c83c0cd2cd7b0b8dff110508ae258d4d2e4ad1740d61500f9b6742bc3d0e8
e01f6f82b3c3671a142ef906cd24d22d5583e1164fe6aa220d6107a51dfed94f
f2272ed432573b9cd73bad94fd7caf4c25bb93f83efa78036591e4c57df1d279
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149